Hi Libor,
On 24.1.2022 08:11, libor.peltan wrote:
I wonder how it can happen that the SOA serial of the backup signer is
lower than of the default one. If the signers are equivalently
configured and they both run permanently in parallel, they should
usually have the same SOA serial, which depends on how many times has
the upstream (un-signed) zone been changed that day.
Both active and backup signers are doing automatic signing, but only the
active signer is doing automatic key rollovers. I guess what we've seen
is that the backup signer has refreshed it's signatures before the
active, thus it's serial going ahead of the active signer.
We've decided to migrate to unixtime serials.
We've tested signer failover and it's resulted in AXFR, since I guess
the backup signer didn't have history from the serial the primaries had.
I wonder what the worst case scenario could be? We're confident that the
backup signer will have the same keys as the active, so in the case of
failover, if the new active has history from the serial the primary has,
an IXFR will result in a valid IXFR and a valid zone?
The only difference in the zone on the active and backup should be
RRSIG, but replacing them all in the case of a failover should be alright.
.einar
--
