This page is under construction......
Some operators choose to deploy OpenDNSSEC in a high availability configuration. This page describes some general concepts to take into consideration when designing such a setup.
The entire state of a running instance of OpenDNSSEC does not need to be replicated. It is perfectly safe to re-sign the zone as long as you use the same key set.
For greater consistency consider manually running the enforcer immediately before copying data.
Before taking copies of the required data you should:
And that should be all you need to do.
Careful consideration should be given to which, if any, process are run on a slave (or on each master in a Master-Master) configuration. Some operators don't run either the enforcer or the signer on a slave instance but merely duplicate the data between the two instances in a timely fashion. Others run two master servers, both enforcing and signing but only publishing from an 'active' master.
When choosing signature lifetimes some consideration should be given for how long it may take to detect a failure and then fail over to a backup instance of OpenDNSSEC. Signatures should be valid for at least as long as this process is likely to take.
Many operators configure a set of sanity checks to ensure the output from 2 instances of OpenDNSSEC produce consistent results. These are often done via custom scripts.
Note that the signed zones from two different instances will never be identical for several reasons e.g. the inception/expiration times of the signatures will be different.
Consideration also needs to be given to managing the zone SOA over a failure.
Examples of user deployments can be found in the User Reference Material