Hi all,
From KNET , I notice there is a topic about opendnssec High Availablity at
https://wiki.opendnssec.org/display/DOCS/High+availability
But I was a little puzzled by this page.
It mentioned about master/slave like this:
Master/Slave
Careful consideration should be given to which, if any, process are run on a
slave (or on each master in a Master-Master) configuration. Some operators
don't run either the enforcer or the signer on a slave instance but merely
duplicate the data between the two instances in a timely fashion. Others run
two master servers, both enforcing and signing but only publishing from an
'active' master.
I'm wondering what will happen to the rollover of keys if we make a
master-master deployment.
1.Mysql used to store keys data , and
2.HSM machine employed to generate keys , and
3.Two opendnssec instances running on seperate servers for the same zone
Will the two opendnssec instances generate different keys for the same zone? If
so , it seems as if it will bring troubles when the 'active' master is down ?
Can anyone give more suggestions on the High Availablity of opendnssec ?
Best Regards!
2014-08-24 18:05:37
gaolei
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
