[Pdns-users] Running PowerDNS with live signing in master mode

Mon Dec 19 14:56:05 UTC 2011

19 dec 2011 kl. 14:49 skrev Peter van Dijk <peter.van.dijk at netherlabs.nl>:

> Hello Rickard,
> 
> On Dec 18, 2011, at 19:47 , Rickard Dahlstrand wrote:
> 
>> I use gmysql as my backend without support for automatically updating the SOA serial.
>> 
>> How will the server behave if I just leave it in live signing mode for a couple of weeks without updating the serial? Will it update it for me and send notifies to my slaves? Or will it leave the SOA and update the slaves anyway? How does it make sure the slaves are running updated signatures?
>> 
>> Also, I just used the pdnssec secure-zone-command, so I assume I'm in live signing mode, right?
>> 
>> I'm using pdns-3.1-pre.20111215.2319.
> 
> Putting the right SOA-EDIT row in your domainmetadata table should take care of this. It is (very summarily) documented at http://doc.powerdns.com/domainmetadata.html
> 
> The documentation in SVN head is slightly more verbose, and it says:
>                Available modes are: INCEPTION (which sets the SOA Serial to
>                the current two-week signing period start in seconds since
>                the UNIX epoch), INCEPTION-WEEK (number of weeks since the
>                epoch), INCREMENT-WEEKS (which increments the serial with
>                the number of weeks since the epoch), EPOCH (number of
>                seconds since the epoch).  Finally, INCEPTION-EPOCH
>                (available since 3.1) is special and sets the new SOA serial
>                number to the maximum of the old SOA serial number, and age
>                in seconds of the start of the current signing period.
> 
> INCEPTION-EPOCH is quite recent and does not work in 3.0

Hi Peter,

Yes, after digging around in the SVN-rep I found this as well. Seems to work well. Thanks!

Kind Regard, Rickard.