[Pdns-dev] implement GSQLBackend::getDirectNSECx

labs at hosting.de labs at hosting.de
Fri Feb 19 16:38:00 UTC 2016

Dear PDNS-Devs,

we use PowerDNS version 3.4 for our nameserver backend. Recently we have 
added a signing server which signs zones with ldns. Ldns creates both 
NSEC(3) and NSEC3PARAM records. As PowerDNS synthesizes these records we 
have to throw them away and create record ordernames and domain metadata 
to add the zone to our nameservers. We couldn't find much documentation 
about how to add presigned zones to a PowerDNS database, so it took a 
while to get this to work. Now we have a signing server that is tightly 
coupled to our nameserver even though both systems work completely 

While looking through the PowerDNS code we found the calls to 
UeberBackend::getDirectNSECx in PacketHandler::addNSEC and 
PacketHandler::addNSEC3 and noticed that UeberBackend::getDirectNSECx 
calls DNSBackend::getDirectNSECx for every backend. However, that method 
isn't implemented in the GSQLBackend, which we use.

What we would like to do is implement GSQLBackend::getDirectNSECx to 
fetch NSEC(3) records from the database, if they are stored there, or 
else return false.

Additionaly we would like to expand the PacketHandler::addNSEC3Param 
method to try to fetch the NSEC3PARAM record from the database before 
synthesizing one as well.

What we would like to know is if you would be interested in those 
changes and would be willing to accept a corresponding pull request?

Best regards,

Sebastian Melinat
hosting.de GmbH

More information about the Pdns-dev mailing list