6 Lis
2019
6 Lis
'19
12:44
Hi Bastien,
firstly, please be aware that not only signing keys are stored in the
KASP db: if you use on-slave-signing or offline-KSK feature, this would
effectively lead to mess.
Otherwise, it should work for basic scenarios. However, Knot is not
anyhow informed about a external change to KASP db, made by either
keymgr or your second instance. So if for example set up automatic ZSK
rollover on one of your Knots, the other will not discover the changed
key set and timers...
I don't see, however, any problems if you share KASP db between two
Knots with completely different set of zones configured. Just be careful
if you use shared-KSK feature on any of them.
To your second question, we have observed such a bug in 2.9.0, that will
be fixed in 2.9.1. If you use this version, please be patient or
downgrade for now. We are able to confirm, that it's indeed the same
bug, if you sent us more detailed info.
BR,
Libor
Dne 06.11.19 v 12:00 Bastien Durel napsal(a):
Hello,
Is KASP directory sharing possible between different knot instances ?
(I have a "public" instance and a "private" one, with internal
addresses, using different storage: directories, but the same kasp-db:)
The internal one sometimes returns invalid DNSSEC data for non-existant
names until I restart it. Is it to be expected in this setup ?
Thanks,