DNSSEC Signer Migration
• 7 min read
In this article we describe the evaluation and selection of a new DNSSEC signer solution, along with a plan of how we intend to perform the migration.
Hanieh Bagheri
Based in Amsterdam
0
Articles
0
Likes on articles
Based in Amsterdam
GII system engineer at RIPE NCC
Showing 1 article(s)
“Nice writeup! Could you please elaborate a little bit more on how are you going to keep those two signers in sync? As far as I know, there is not yet support for syncing KASP DB between instances.”
Thanks Ondřej. This will be an active-passive setup and it’s not crucial to keep the signers in sync. We store regular backups of the the keys and the database. Before switching over to the standby signer, we make sure the latest keys have been retrieved from the backup storage.
Showing 1 comment(s)