I'm in the process of migrating a modest number of zones from one signer (OpenDNSSEC) to another (Knot-DNS). (The KSKs are identical so that should not be an issue for this question.)
Each of the signers have a catalog (manually maintained for ODS, automatically for Knot) which is transferred and consumed by BIND 9.18 secondaries; each of these have two catalog{} stanzas on each server. The trouble I'm going to be running into is when a zone should move from catz-A to catz-B: in this case the zone must be removed from catz-A (whereupon it'll be deleted when the catalog is notified/transferred) and added to catz-B (whereupon it will be populated when the catalog is notified/transferred). During this (possibly quite short) time, the zone will not be available on the secondaries (REFUSED). Is there a clever/elegant solution to this problem? My first idea was to use the same zones-directory for each of the catalogs, but a) I don't know whether that's actually a supported configuration and b) it would likely not solve the issue because the catalog name is embedded in the __catz__...*.db zone filename. Adding the zone to both catalogs won't work either (obviously) because the zone would "exist twice"; BIND catches that error and correctly logs it. Any ideas? Bonus points if the solution can be automated. :) Thank you, -JP -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users