[Pdns-users] DNSSEC rectify-zone setuid and setgid
leen at consolejunkie.net
Sun Aug 21 22:52:17 UTC 2011
On 08/05/2011 06:31 AM, kim Doff wrote:
> Could you help me?
Well, I can try and give you some information and pointers.
> DNSSEC Master/Slave are working faultlessly.
> I have PowerDNS v3, PowerAdmin 2.1.5 and MySQL Database Replication
> With SSL Encryption.
> Here is my question.
> When I modify zone domain.com <http://domain.com> through PowerAdmin
> by adding a subdomain like test.domain.com <http://test.domain.com>
> Master/Slave are updated (SOA serial is updated)
> but Master/Slave do not bind test.domain.com <http://test.domain.com>,
> I have to rectify zone domain.com <http://domain.com> in Master
> to bind test.domain.com <http://test.domain.com> in Master/Slave
> # pdnssec rectify-zone domain.com <http://domain.com>
> Is there a way to do it automatically through PowerDNS?
First you'll have to know where all the documentation is:
Next you should know that if you choose how PowerDNS should do the
live-signing for the domain.
If you choose one that does not need an ordered zone, like for example
NSEC3-narrow, you can just add the right auth=TRUE to the database and
it will 'just work'.
Because that is all that rectify-zone does for un-ordered zones.
(zone-transfers will not be signed by the way with NSEC3-narrow, if I
remember correctly, if you need them you might not what to choose that)
> When I enable setuid=pdns and setgid=pdns in pdns.conf,
> Master/Slave are down.
Have you tried running pdns_server with --daemon=no --guardian=no
--config=/your-config ? I think this should not detach from the console.
If you also add something like strace -f -F than you can also see what
There most be something that the pdns-user or -group does not have
rights to that it needs.
More information about the Pdns-users