moving DNSSEC to a hidden master
Alan Clegg
alan at clegg.com
Wed Oct 2 00:47:37 UTC 2013
On Oct 1, 2013, at 8:27 PM, David Newman <dnewman at networktest.com> wrote:
> On 10/1/13 2:16 PM, David Newman wrote:
>> Is there a recommended order of operations when moving DNSSEC-enabled
>> nameservers to a hidden-master setup?
>
> Actually, this is really a more general question: Is there a recommended
> order of operations when migrating zones between any two DNSSEC-enabled
> nameservers, assuming the same version of bind on each?
Eh... I'm not sure what the complexity here is.
Set the "new" machine up as a slave, use the standard axfr mechanism to replicate the zones, move the keying material and then convert the new system form slave to master while taking the existing master off-line.
What am I missing?
AlanC
--
Alan Clegg | +1-919-355-8851 | alan at clegg.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131001/6b6d1cb6/attachment.bin>
More information about the bind-users
mailing list