On 8/28/20 10:40 AM, Einar B. Halldórsson via Opendnssec-user wrote: > Hi, > > We are finally planning a migration from 1.4 to 2.1 and at the same time > looking > at having a proper backup signer setup. We're using SoftHSM, my question is > whether we have to pre-generate keys, copy them to the backup and trust that > ODS rollovers are in close enough sync? Is it feasible to instead constantly > sync keys from master to slave, with the backup set to manual rollover, so if > and > when the master goes offline we can switch the backup "on" and have it be the > new > signer with automatic rollovers? > > All ideas and information welcome. >
Hello Einar, This is more a operational and policy requirement question than a technical one. From a policy perspective you might want to require pregenerated keys that can be validated months in advance, approved by superiours/externals. Technically there isn't much of a difference from both scenarios apart from the time when keys are generated. There is ample time which can be made longer is which you can transfer the backed-up state from the keys from master to slave. If you just need to be able to switch over to a secondary system as a manual, relatively quick, step. And you're using SoftHSM, then restoring a back-up to the secondary system of the key database is the easiest operational method. DO however keep a history of back-ups. Even though with SoftHSMv2 I've never heart of any corruption nor lost keys, having a history of backups is just common sense. And you have a validation process in place to ensure the secondary system is properly working. With kind regard, \Berry _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
