-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jakob Schlyter wrote: > On 25 feb 2010, at 08.04, Antti Ristimäki wrote: > >> In addition to the keystore, is it enough to replicate the KASP database >> (kasp.db) between the servers? It seems that the kasp.db contains all >> the information about the keys and their states, but please let me know >> if there are some other files that need to be synchronized. > > I recommend that you run with manual key generate, pregenerate keys for some > time ahead and then replicate the keystore - this way you don't have to sync > the keystore between the machines during normal operations. other than that > the KASP database should be enough, but for now you should make sure that the > enforcer is shut down when backuping up and restoring the database (this > might change in the future). > > a switch between the servers will most likely make all your signatures to be > re-generated, but there might be ways to preserve this by syncing some > additional state between the servers - Matthijs knows more about this.
The current signatures are stored in the internal files (in the /var/opendnssec/tmp/ directory). If you keep the .signed files, signatures can be preserved and don't need to be re-generated. Best regards, Matthijs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJLhjtEAAoJEA8yVCPsQCW57cUIAMQikkacIkd4gtRCXSyl/PlN 6vQE3SjJpdUYymL7c9WcbtoSCHwrjCNQ2gd91hQAsd0WQBpGoovEgWIhzW08mf/g 7LwVXMwG6lOivbuRuySPx2deBiV+OmFmJwdcfXXyM4LDaunlNB/9KBvkrU+o2Nxa Dfxl/i2edqNFAzLP/dWZSbmBJgDUv/Kt3hGAX0rwp7i92qMJZh2HY5SnNSUcDhza 7LJhclk4JM1qSmoM6Igv5taTZik+DM0OEszSKZus9jqxO2wrCWwDLHuqKZy31aUL B0DEArsHfeE6CvVJV8kNfM9M6rUFlKv8tJD+hBY8Pxc+zhPWp+C/IzwUi5AZc6Q= =coIM -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
