moving DNSSEC to a hidden master
Sten Carlsen
stenc at s-carlsen.dk
Wed Oct 2 01:04:38 UTC 2013
On 02/10/13 02.47, Alan Clegg wrote:
> On Oct 1, 2013, at 8:27 PM, David Newman <dnewman at networktest.com> wrote:
>
>> On 10/1/13 2:16 PM, David Newman wrote:
>>> Is there a recommended order of operations when moving DNSSEC-enabled
>>> nameservers to a hidden-master setup?
>> Actually, this is really a more general question: Is there a recommended
>> order of operations when migrating zones between any two DNSSEC-enabled
>> nameservers, assuming the same version of bind on each?
> Eh... I'm not sure what the complexity here is.
>
> Set the "new" machine up as a slave, use the standard axfr mechanism to replicate the zones, move the keying material and then convert the new system form slave to master while taking the existing master off-line.
>
> What am I missing?
I believe that was the question, what is missing here - if anything.
Seems too easy, there has to be a catch.
Anything to do to catch up on internal states, How to be sure the new
master will continue exactly as the old one had done. Maybe it is that
simple, that would be great, but if you are not sure, it is a good
question to ask.
>
> AlanC
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131002/7d945960/attachment.html>
More information about the bind-users
mailing list