> As a solution, the CRON job responsible for the DNS failover also checks for the current week number of the year so that:
> In an odd week number, the first server is the default master
> In an even week number, the second server is the default master.
This is nice. Fixes the difficulty with cert issuance in a pretty low effort manner, and ensures the failover is exercised. I've dealt with failover systems that were very rarely exercised, which usually means a lot of excitement when it does happen.
It's hard to criticize low cost solutions like this; if they work, they work! If there was slightly more control over the network infrastructure, I'd choose to go with CARP as my failover mechanism. It is probably one of the best OpenBSD features.
> As a solution, the CRON job responsible for the DNS failover also checks for the current week number of the year so that:
> In an odd week number, the first server is the default master
> In an even week number, the second server is the default master.
This is nice. Fixes the difficulty with cert issuance in a pretty low effort manner, and ensures the failover is exercised. I've dealt with failover systems that were very rarely exercised, which usually means a lot of excitement when it does happen.