DNSSEC Key-Generation broken on mirrors
This is a TODO-Issue for me.
DNSSEC-Implementation does not work correctly in mirrored environments.
- block mirrors from generating keys
- store the keys in database (without need of new DB fields as 3.1-DB-structure is already locked)
- read keys from DB before creating new ones (this implements a DB-Backup as a side-effect)
- on Mirrors retry signing if the key was not available on soa_create
I pulled this out from #1491 (closed) as it went a bit offtopic.
To upload designs, you'll need to enable LFS. More information