On Thu, 26 Jul 2012, Yuri Schaeffer wrote:
In my opinion ODS is not a component that _must_ offer uninterrupted service so failover does not really make sense to me. If your ODS instance would crash and burn you would have plenty of time to recover from it using your backups. Your zones will be still up and signed during that time.
If a large TLD gets a new registration, it needs to go out in minutes. So a signer always needs to be ready to sign right now. Therefor, TLDs or other large/dynamic zones will always need to have the option to switch from one hardware setup to another (identical) one. There is no time to go jump in a car and drive to a data centre.
That being said, how about a feature where you can bootstrap a fresh ODS install with only a HSM (backup), config files and a signed zonefile/axfr? Sane states could then be derived for the rollovers. In this case loss of the db files is not fatal. Would something like that be helpful for your application?
I'm not sure what this will yield. What I'm looking for is that if I pre-generate 3 years of keys into different HSMs, and then backup the kasp.db, that I can bootstrap multiple signers that would perform rollovers within the same hour indepentantly - solely based on having identical keys on the HSM and an identical kasp.db. Paul
//yuri _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
