[KASP] setup KASP in master / slave architecture
Niall O'Reilly
niall.oreilly at ucd.ie
Fri Dec 16 19:52:12 UTC 2022
On 16 Dec 2022, at 15:59, adrien sipasseuth wrote:
> - on the slaves: files <zone>.db
>
> I don't understand why there is no <zone>.db.signed file on my slave
> knowing that a dig from a slave does return RRSIG.
The secondary (slave) only needs one file to hold whatever zone
data the primary provides when transferring the zone.
It doesn't actually matter what you call this file, but something
based on the name of the zone will likely make it easier to
understand months later.
The primary uses additional files to contain the keys and to
hold both DNSSEC and NSUPDATE state. These files aren't needed
on the secondaries.
On a secondary, I actually prefer to use a suffix distinct from
any used on the primary (eg. ".bk"), so that I don't have to worry
about filename collisions in case, in an emergency, I might need
to import the primary files from backup and reconfigure what is
normally a secondary as a primary instead.
I hope this helps.
Niall
More information about the bind-users
mailing list