Frank,
I so appreciate your help. It sounds like my intended configuration
should be fine, then. I might suggest to the powers that be that the
documentation address this question.
The reason I have two servers is for redundancy, so I'll probably give
both instances write access, but as yo
Hi Xan,
The weekly changes are not key rollovers, they are RRSIG updates/resignings.
These are done on the fly (in online mode), and not stored in the database.
The backend only contains the ZSK/KSK/CSK, which will only change if you issue
a command to roll them. Even if you would issue the ch
Thank you, Frank.
I am aiming to do online signing, but my concern is the weekly key
rollover. Wouldn't both PowerDNS instances attempt to perform key
rollover on the same database at the same time? Do they not step on
each other's toes?
-Xan
On 8/22/23 07:03, Frank Louwers via Pdns-use
Hi Xan,
It depends which DNSSEC you choose. If you would pick "Online Signing" for
instance (great unless you have very busy servers with lots of domains), the
"keying data" is stored in the database as well, so both servers would use the
same data to sign the zone, resulting in consistent sign
