Is it possible to move a zone between catalogs on the same secondary?
Jan-Piet Mens
list at mens.de
Wed Apr 19 17:17:24 UTC 2023
I'm in the process of migrating a modest number of zones from one signer (OpenDNSSEC) to another (Knot-DNS). (The KSKs are identical so that should not be an issue for this question.)
Each of the signers have a catalog (manually maintained for ODS, automatically for Knot) which is transferred and consumed by BIND 9.18 secondaries; each of these have two catalog{} stanzas on each server.
The trouble I'm going to be running into is when a zone should move from catz-A to catz-B: in this case the zone must be removed from catz-A (whereupon it'll be deleted when the catalog is notified/transferred) and added to catz-B (whereupon it will be populated when the catalog is notified/transferred). During this (possibly quite short) time, the zone will not be available on the secondaries (REFUSED).
Is there a clever/elegant solution to this problem?
My first idea was to use the same zones-directory for each of the catalogs, but a) I don't know whether that's actually a supported configuration and b) it would likely not solve the issue because the catalog name is embedded in the __catz__...*.db zone filename.
Adding the zone to both catalogs won't work either (obviously) because the zone would "exist twice"; BIND catches that error and correctly logs it.
Any ideas? Bonus points if the solution can be automated. :)
Thank you,
-JP
More information about the bind-users
mailing list