09-30-2019 08:58 AM - edited 09-30-2019 09:40 AM
(NIOS 8.2.9) I am replacing our old grid master with new hardware. The old grid master has an RPZ license installed and the new one does not. All grid members have RPZ licenses installed. Our clients only use the grid member anycast address as resolvers, the grid master is hidden/stealth. If I don't change any configuration settings, will the RPZ functionality break when I swap the equipment?
UPDATE: Under the RPZ configuration there is a tab for Name Servers. I can see the External Primary is set to the IP of the external RPZ service provider. I also see all our grid members listed as Grid Secondaries. Our grid master is also listed as a Grid Secondary. I'm thinking I need to remove our grid master from that list but I'm not sure.
Solved! Go to Solution.
09-30-2019 10:06 AM
Performing this swap will not break the RPZ functionality but there is a corner case where this could break your updates. If your Grid Master is configured to be the "lead secondary" then it is the node fetching the RPZ feed and redistributing the data to other secondaries in your grid. If you are not using a lead secondary then each secondary will transfer the feed from the remote server. (And will keep doing so even if the GM does not have an RPZ license)
09-30-2019 10:11 AM - edited 10-07-2019 12:20 PM
Our grid master is configured as a lead secondary. Does that mean we need to purchase more RPZ licenses? We can't change the lead secondary option. If we need to purchase more RPZ licenses this will be a problem.
There are four possible solutions:
1) Stop using RPZ
2) Make a different grid member the lead secondary
3) Buy more RPZ licenses
4) Stop using a lead secondary
10-09-2019 01:55 PM
I just noticed that under the RPZ settings, under Name Servers, the grid secondaries can be set up as a "Lead Secondary." If I change the "Lead Secondary" status for any grid secondary will this only affect this RPZ zone? If this is the case my problem is solved. Seems to me the "Lead Secondary" option applies to a zone and it should not affect any other zone that has a Lead Secondary configured. Just want to verify this.