[Pdns-users] Slave DNSKeys
Peter van Dijk
peter.van.dijk at powerdns.com
Mon Mar 2 09:57:58 UTC 2015
Hoi Maurice,
On 27 Feb 2015, at 9:44 , Maurice Sienema <msienema at unet.nl> wrote:
> We are testing with DNSSEC on our PowerDNS setup, everything seems to be working except the slave server isn't using the DNSKEY set from the master, am I missing the concept and should I register both keys at the parrent zone, or is the slave capable of using the key set from the master?
>
> see here what is going wrong:
> http://dnsviz.net/d/uned.nl/dnssec/
>
> Some details about the setup:
> Both servers running PowerDNS version 3.1 ( standard Debian wheezy package )
> Both servers are running gmysql back-end connected to a local database
> NS1 is a supermaster for NS2, zones updates are done by NOTIFY/AXFR
(1) when using DNSSEC, we strongly recommend upgrading PowerDNS to a 3.4.x release. Packages are available at https://www.powerdns.com/downloads.html
(2) it looks like your RRSIGs and KSK DNSKEY on the slave are truncated; we recommend increasing the size of the ‘content’ column in the records table (see our upgrade notes https://doc.powerdns.com/md/authoritative/upgrading/ )
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
More information about the Pdns-users
mailing list