[Pdns-dev] Explicit Notification
Markus Lauer
mlauer at key-systems.net
Thu Dec 9 08:59:01 CET 2010
Hi List!
I'm experimenting with a chain of hidden masters.
PDNS (hidden master) --NOTIFY--> OPENDNSSEC (hidden master) --NOTIFY-->
PUBLIC PRIMARY
(AXFRs the other way round)
Problem is: PDNS notifies only hosts it finds in the NS records of the changed
zone. I don't know how to loop-in a second hidden master. In BIND there's a
configuration option for this:
options {
also-notify { [opendnssecip]; }; // all zones
notify explicit;
};
(See http://www.zytrax.com/books/dns/ch7/xfer.html#notify)
You can achieve a similar behaviour with PDNS by calling "pdns_control notify-
host" (http://doc.powerdns.com/master.html). This ignores the NS records from
zone and only notifies the explicit IP.
Is there a way to get automatic explicit notifies?
I think this should not be a huge effort: pdns_control queues the explicit
notify in pdns. There's a method like notifydomain() which look's up the NS
entries first and queues a "explicit" notify to the specific NS. Instead of
automatically calling notifydomain() it should be possible to queue a notify
to a configured NS directly. This config option could be called something like
'explicit-notify-hosts' with a remark that these hosts will override NS
records from zone.
Please see also the blog entry from Jan-Piet Mens:
http://blog.fupps.com/2010/09/15/hints-on-getting-powerdns-to-use-opendnssec-
for-signing-zones/
Regards,
Markus Lauer.
More information about the Pdns-dev
mailing list