[Pdns-dev] implement GSQLBackend::getDirectNSECx

Aki Tuomi cmouse at youzen.ext.b2.fi
Sun Feb 21 08:10:03 UTC 2016

On Fri, Feb 19, 2016 at 05:38:00PM +0100, labs at hosting.de wrote:
> Dear PDNS-Devs,
> we use PowerDNS version 3.4 for our nameserver backend. Recently we
> have added a signing server which signs zones with ldns. Ldns
> creates both NSEC(3) and NSEC3PARAM records. As PowerDNS synthesizes
> these records we have to throw them away and create record
> ordernames and domain metadata to add the zone to our nameservers.
> We couldn't find much documentation about how to add presigned zones
> to a PowerDNS database, so it took a while to get this to work. Now
> we have a signing server that is tightly coupled to our nameserver
> even though both systems work completely independently.
> While looking through the PowerDNS code we found the calls to
> UeberBackend::getDirectNSECx in PacketHandler::addNSEC and
> PacketHandler::addNSEC3 and noticed that
> UeberBackend::getDirectNSECx calls DNSBackend::getDirectNSECx for
> every backend. However, that method isn't implemented in the
> GSQLBackend, which we use.
> What we would like to do is implement GSQLBackend::getDirectNSECx to
> fetch NSEC(3) records from the database, if they are stored there,
> or else return false.
> Additionaly we would like to expand the PacketHandler::addNSEC3Param
> method to try to fetch the NSEC3PARAM record from the database
> before synthesizing one as well.
> What we would like to know is if you would be interested in those
> changes and would be willing to accept a corresponding pull request?
> Best regards,
> Sebastian Melinat
> hosting.de GmbH


Can you please open an issue at https://github.com/PowerDNS/pdns about this?

It is not very difficult feature to implement, but it's best remembered if
you open one.


More information about the Pdns-dev mailing list