[Pdns-dev] implement GSQLBackend::getDirectNSECx
labs at hosting.de
labs at hosting.de
Fri Feb 19 16:38:00 UTC 2016
Dear PDNS-Devs,
we use PowerDNS version 3.4 for our nameserver backend. Recently we have
added a signing server which signs zones with ldns. Ldns creates both
NSEC(3) and NSEC3PARAM records. As PowerDNS synthesizes these records we
have to throw them away and create record ordernames and domain metadata
to add the zone to our nameservers. We couldn't find much documentation
about how to add presigned zones to a PowerDNS database, so it took a
while to get this to work. Now we have a signing server that is tightly
coupled to our nameserver even though both systems work completely
independently.
While looking through the PowerDNS code we found the calls to
UeberBackend::getDirectNSECx in PacketHandler::addNSEC and
PacketHandler::addNSEC3 and noticed that UeberBackend::getDirectNSECx
calls DNSBackend::getDirectNSECx for every backend. However, that method
isn't implemented in the GSQLBackend, which we use.
What we would like to do is implement GSQLBackend::getDirectNSECx to
fetch NSEC(3) records from the database, if they are stored there, or
else return false.
Additionaly we would like to expand the PacketHandler::addNSEC3Param
method to try to fetch the NSEC3PARAM record from the database before
synthesizing one as well.
What we would like to know is if you would be interested in those
changes and would be willing to accept a corresponding pull request?
Best regards,
Sebastian Melinat
hosting.de GmbH
More information about the Pdns-dev
mailing list