PowerDNS driven with MySQL replication backend is rock solid.
My MySQL replication broke a few week ago due to expired TLS certificates.
I don’t updates zones often. All zones continued to resolve and had valid DNSSEC all the time.
Two replication slaves could just continue with the new certificate. One replication slave needed a few SQL dump, because of missing binlogs.

My main mistake on this setup: I expected to have this cluster replaced by another one three years after the initial setup.

Well, it was not necessary and I had to renew the certificates for another three years.

At least the certificate renew for the cluster is a process I described in the cluster documentation.

And the CA box still existed.

Melde dich an, um an der Konversation teilzuhaben

Mastodon ist ein soziales Netzwerk. Es basiert auf offenen Web-Protokollen und freier, quelloffener Software. Es ist dezentral (so wie E-Mail!).