[Pdns-announce] DNSSEC in PowerDNS Authoritative 3.0.x explicitly deprecated

bert hubert bert.hubert at netherlabs.nl
Sun Jul 8 20:31:02 UTC 2012

Dear PowerDNS Users,

We've alluded to this before, and the documentation already mentions this,
but based on a few incidents, we want to make it explicit now:

    * DNSSEC in PowerDNS Authoritative Server 3.0.x is officially
    * deprecated. Do not use 3.0.x for DNSSEC.

The 3.1 release notes mention a slew of fixed issues in the DNSSEC
logic, many have to do with CNAMEs, delegations, direct RRSIG queries and
NSEC3 ordering. Please see

The sum of this is that we urge that nobody uses our DNSSEC implementation
in 3.0.x anymore. Any question about a DNSSEC issue in 3.0.x will be
answered with the suggestion to upgrade to 3.1.

If you are currently using 3.0 for DNSSEC and are not observing any issues,
you probably don't have any delegations or CNAMEs within your own server. In
such rare cases, you might consider staying on 3.0.

If upgrading to 3.1 is an issue for you, please report your problems and
we'll work on fixing them.

Kind regards,

Bert Hubert

PowerDNS Website: http://www.powerdns.com/
PowerDNS Community Website: http://wiki.powerdns.com/
PowerDNS is supported and developed by Netherlabs: http://www.netherlabs.nl

More information about the Pdns-announce mailing list