Hi Libor,
I strongly recommend that the two signers are
completely in-sync. Could
you imagine that the hidden master runs a zone from signer1, and
suddenly transfers an IXFR with a diff of the zone in signer2, and
applies it on the zone? In that case, it's better when the secondaries
don't transfer automatically, rather by forced AXFR (knotc
zone-retransfer).
That's not a problem, but some of our public secondaries are external
and getting them to force an AXFR is a manual process. I want to find a
way to make sure that after a failover to backup signer, that it uses a
serial that is higher than the public secondaries have. We can deal with
the hidden primaries.
Anyway, the setup of redundant signers is still an unexplored field in
DNS overall. You might lead the development here, and my opinion is that
SOA serials are of the smallest problems here.
Looking forward to discuss more next week :)
Me too! I'm going to do some more tests with signer failover next week,
will be interesting to see how it goes.
.einar