redundant bump-in-the-wire signers using BIND

2018-06-25 Thread Michael Sinatra
To close the loop a bit on this... On 05/22/18 03:22, Tony Finch wrote: > Michael Sinatra wrote: >> >> My only concern is that serial numbers might get out of sync between the >> two signers at some point. > > You can avoid this problem with `serial-update-method unixtime`. > > HOWEVER! I think

RE: redundant bump-in-the-wire signers using BIND

2018-05-22 Thread Browne, Stuart via bind-users
BIND could to a true multi-master-signer. Oh, the pipe dreams! Stuart > -Original Message- > From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of > Tony Finch > Sent: Tuesday, 22 May 2018 8:23 PM > To: Michael Sinatra > Cc: bind-users@lists.isc.org >

Re: redundant bump-in-the-wire signers using BIND

2018-05-22 Thread Tony Finch
Michael Sinatra wrote: > > My only concern is that serial numbers might get out of sync between the > two signers at some point. You can avoid this problem with `serial-update-method unixtime`. HOWEVER! I think you are going to have problems with inconsistent IXFRs depending on which signer the

redundant bump-in-the-wire signers using BIND

2018-05-21 Thread Michael Sinatra
Hi all: First, let me explain the trade-off I am trying to manage (as succinctly as possible): My current setup has an DNS/IPAM system that backs up to a redundant one in a different location, a bump-in-the-wire hardware signing appliance (different from the IPAM), and a bunch of authoritative sl