Re: Multi Master/Primary Authoritative DNSSEC DNS Nameserver With Synced/Replicated COMMON Dir/Vol For BIND

Please scratch the below line previous post. Upon detail look, they have Multi-Master support, but not with DNSSEC support. On 9/30/24 4:00 PM, Terik Erik Ashfolk wrote: I think i've seen another project Seen few other project also doing similar -- Visit https://lists.isc.org/ma

Re: Multi Master/Primary Authoritative DNSSEC DNS Nameserver With Synced/Replicated COMMON Dir/Vol For BIND

Hi Mark. THANK YOU. sorry for delayed response. I understood some of your response better after Matthijs also mentioned your mail-post. I need to look into DNSSEC activity flow again, i'm sure there are changes since my last works on these, 5 years back. Main domain is "example.com" ┌

Re: Multi Master/Primary Authoritative DNSSEC DNS Nameserver With Synced/Replicated COMMON Dir/Vol For BIND

e done outside the name server. You may consider MUSIC for this: https://github.com/DNSSEC- Provisioning/music Best regards, Matthijs On 9/28/24 03:50, Terik Erik Ashfolk wrote: Does the BIND have command/parameter for configuring+running BIND in Multi-Signer MODEL-2 mode as specified in RFC

Re: Multi Master/Primary Authoritative DNSSEC DNS Nameserver With Synced/Replicated COMMON Dir/Vol For BIND

this project, as another project was becoming better. I'm amazed, that Multi-Signer functionality still has not been solved in DNSSEC. It was+is essential, & can meet practical DNS configuration needs, low-cost HA need. Erik. Erik T Ashfolk. On 9/30/24 12:11 PM, Matthew Pounsett

Re: Multi Master/Primary Authoritative DNSSEC DNS Nameserver With Synced/Replicated COMMON Dir/Vol For BIND

, etc. I'm trying to remove item/solution that is/has single/one aka single point-of-failure (POF) (SPOF). Everything needs to be atleast double, for HA. Thanks in advance. Erik. Erik T Ashfolk. On 9/27/24 8:19 PM, Ondřej Surý wrote: On 28. 9. 2024, at 1:31, Terik Erik Ashfolk wro

Re: Multi Master/Primary Authoritative DNSSEC DNS Nameserver With Synced/Replicated COMMON Dir/Vol For BIND

RRsets and create/update RRSIGs accordingly with Multi-Signer MODEL-2 mode ? If it can what commands/parameters enable such mode ? What "update-policy" it needs ? Erik. Erik T Ashfolk. On 9/27/24 2:53 PM, Terik Erik Ashfolk wrote: According to the page https://blog.apnic.net/202

Re: Multi Master/Primary Authoritative DNSSEC DNS Nameserver With Synced/Replicated COMMON Dir/Vol For BIND

Hi Ondrej. THANK YOU. I understand what you have suggested. I considered that earlier : it would've increased 1 more server rent cost, and additional setup, maintenance/update, etc times, ... and during consideration i was using a dnssec-policy opPolicy2W with KSK changing every 20 days, & ZSK e

Re: Multi Master/Primary Authoritative DNSSEC DNS Nameserver With Synced/Replicated COMMON Dir/Vol For BIND

According to the page https://blog.apnic.net/2021/08/25/multi-signer-dnssec-models/ in MODEL 2. I added an improved image as attachment. MULTI-ZSK-SIGNING IS ONE OF THE SOLUTION, and appears to be suitable for my case. So, multi-signing with ZSKs from multiple nameservers would have worked,