[Pdns-users] PowerDNSSEC

[Leen Besselink]

On 06/24/2010 03:08 PM, Michael Braunoeder wrote:
> Hi,
>
Hi,

> I'm currently evaluating the PowerDNSSEC implementation and found 2 
> issues:
>

As no person which is more knowledgable answered your question, I 
thought I would answer with what I know.

> -) Is it possible to disable the signing-on-demand feature? I want the 
> powerdns to act as slave to a hidden-master which does the signing of 
> the domain, and the powerdns should just serve the signed zone 
> (without any resigning and without access to the Keys).
>

The disable the 'signing-on-demand'-feature has been discussed on this 
mailinglist before, the answer was: it will be optional in a future version.

> -) I tried the PostgreSQL-Backend, but I allways received the 
> following error message: " TCP server is unable to launch backends - 
> will try again when questions come in: Undefined but needed argument: 
> 'gpgsql-dnssec'". What is the format of the missing 
> "gpgsql-dnssec'-Parameter I've to add?
>

I like your choose of database, but I don't have any information on the 
current state of this or any other bankend in combination with DNSSEC, 
other than I've used the 'bind-backend' (text-file). I do know that 
every database backend needs to implement some basic extra functions 
before it can work with DNSSEC.

That information can be found here:

http://wiki.powerdns.com/trac/wiki/PDNSSEC/backends

As linked from: http://wiki.powerdns.com/trac/wiki/PDNSSEC

But I did see on that page it says:

"Things to be aware of.... Only BIND and Generic MySQL (gmysql) backend 
right now"

It's also the same page that mentions:

"Next

The completely live & auto-signing nature of PowerDNSSEC is not what 
everyone wants. Other DNSSEC modes will be added soon."

> Best,
> Michael
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>