I'm in the process of migrating a modest number of zones from one signer 
(OpenDNSSEC) to another (Knot-DNS). (The KSKs are identical so that should not 
be an issue for this question.)

Each of the signers have a catalog (manually maintained for ODS, automatically 
for Knot) which is transferred and consumed by BIND 9.18 secondaries; each of 
these have two catalog{} stanzas on each server.

The trouble I'm going to be running into is when a zone should move from catz-A 
to catz-B: in this case the zone must be removed from catz-A (whereupon it'll 
be deleted when the catalog is notified/transferred) and added to catz-B 
(whereupon it will be populated when the catalog is notified/transferred). 
During this (possibly quite short) time, the zone will not be available on the 
secondaries (REFUSED).

Is there a clever/elegant solution to this problem?

My first idea was to use the same zones-directory for each of the catalogs, but 
a) I don't know whether that's actually a supported configuration and b) it 
would likely not solve the issue because the catalog name is embedded in the 
__catz__...*.db zone filename.

Adding the zone to both catalogs won't work either (obviously) because the zone would 
"exist twice"; BIND catches that error and correctly logs it.

Any ideas? Bonus points if the solution can be automated. :)

Thank you,

Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list

Reply via email to