On 25 feb 2010, at 08.04, Antti Ristimäki wrote:
> In addition to the keystore, is it enough to replicate the KASP database
> (kasp.db) between the servers? It seems that the kasp.db contains all
> the information about the keys and their states, but please let me know
> if there are some other files that need to be synchronized.
I recommend that you run with manual key generate, pregenerate keys for some
time ahead and then replicate the keystore - this way you don't have to sync
the keystore between the machines during normal operations. other than that the
KASP database should be enough, but for now you should make sure that the
enforcer is shut down when backuping up and restoring the database (this might
change in the future).
a switch between the servers will most likely make all your signatures to be
re-generated, but there might be ways to preserve this by syncing some
additional state between the servers - Matthijs knows more about this.
jakob
--
Jakob Schlyter
Kirei AB - www.kirei.se
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
