Running systems for years without restart (was: I am provoked ...)
* Tim Daneliuk via bind-users: > But it did "provoke" a question. Does anyone think not restarting > *anything* for 10 years is a good idea? This isn't really BIND-related, so a different mailing list might be better suited for discussing the issue of ultra high availability. If you are interested, I can recommend looking into the amazing stuff Erlang based system can do (see https://www.erlang.org/). It includes software updates without taking down or blocking the system. I find the subject quite fascinating. -Ralph -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Recommendations for replacing a master server without breaking DNSSEC
* Tony Finch: > I think a procedure like this is a good way to migrate a primary > server if the old and new servers are run by the same people [...] After reading your message I think that we used pretty much the same approach, although I am fortunate for not having to work under time pressure. I have since started from scratch, once again, with a more relaxed mindset, and this time the migration was successful. I don't know what I did differently compared to my initial tests. Maybe there was some oversight on my end. Also, instead of copying files once beforehand, I used "rsync" between Alpha and Beta whenever I made a change. In any case, I guess all is well that ends well. ;-) -Ralph ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Recommendations for replacing a master server without breaking DNSSEC
Hello list members. Imagine a BIND9 master-and-slave pair (let's call them Alpha and Omega, respectively) with automatic synchronisation in place. Imagine further that Alpha needs to be replaced by a brand new server Beta hosted in a different data center, which implies new hardware and IP-adresses. How would you go about moving all functionality from Alpha to Beta, ideally with minimal downtime, and with the hard requirement of not breaking DNSSEC? How would one need to handle key material, zone signatures, journals, etc.? I conducted tests with a non-production domain, but I seem to be doing something wrong re DNSSEC. I'd appreciate you sharing any experiences and recommendations you may have in this matter. Thanks! -Ralph ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users