redundant bump-in-the-wire signers using BIND
Browne, Stuart
Stuart.Browne at team.neustar
Wed May 23 04:03:18 UTC 2018
Tony,
Our environment has the secondary set up as a slave with 'raw' zones in the same paths, so upon primary failure, change the zone roles to 'master' and include the inline signing stanzas.
They keys are duplicated using an external process.
Happy days.
Now if only BIND could to a true multi-master-signer. Oh, the pipe dreams!
Stuart
> -----Original Message-----
> From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of
> Tony Finch
> Sent: Tuesday, 22 May 2018 8:23 PM
> To: Michael Sinatra
> Cc: bind-users at lists.isc.org
> Subject: Re: redundant bump-in-the-wire signers using BIND
>
<snip>
>
> (My recovery plan for a failed signer is to reprovision a replacement
> from scratch.)
More information about the bind-users
mailing list