Multi Master/Primary Authoritative DNSSEC DNS Nameserver With Synced/Replicated COMMON Dir/Vol For BIND
Petr Špaček
pspacek at isc.org
Wed Oct 2 08:01:25 UTC 2024
On 01. 10. 24 8:15, Terik Erik Ashfolk wrote:
> Please scratch the below line previous post.
> Upon detail look, they have Multi-Master support, but not with DNSSEC
> support.
If you really wanted multi-master with DNSSEC you can have a look at
FreeIPA.org, their DNS integration has that.
It supports disconnected operation with eventual consistency, but it is
very very _very_ complex beast which combines:
- BIND
- bind-dyndn-ldap LDAP backend for DNS data and zone config
- OpenDNSSEC to manage keys
- SoftHSM to store keys
- extra magic scripts to synchronize keys via LDAP
That way lies madness! (Please note I'm saying that as a person who
designed and implemented it!)
--
Petr Špaček
Internet Systems Consortium
More information about the bind-users
mailing list