[Pdns-users] Getting DNSSEC and autoserial going on my PowerDNS-installation.

Mon Dec 19 22:14:25 UTC 2011

Hi,

Just finished installing PowerDNS on my server, signed my zones and everything seems to work fine. Just wanted to give a short description of what I did to sort out the SOA-situation as it might help someone else getting everything into place. I'm running pdns-3.1-pre.20111215.2319 on OpenBSD as per instructions provided by Peter van Dijk here earlier. I had to compile a few more tools (pdnssec and zone2sql) but that was no problem getting to work.

Before I started my SOA looked like this:

ns.tilde.se. hostmaster.tilde.se. 2011121801 10800 3600 604800 600

After adding SOA-EDIT, INCREMENT-WEEKS for my domains into the domainmetadata-table, pdns started adding some extra numbers to my SOA-value. This worked and should update my slaves fine every week when PowerDNS updates the signatures. However I wanted the autoserial-feature as well and update the serial on the go as I changed things in the db. So I added these trigger to my mysql-server to update the change_date to unix_timestamp.

DROP TRIGGER pdns_trig_records_insert;
DROP TRIGGER pdns_trig_records_update;
CREATE TRIGGER pdns_trig_records_insert BEFORE INSERT ON records FOR EACH ROW SET NEW.change_date = UNIX_TIMESTAMP();
CREATE TRIGGER pdns_trig_records_update BEFORE UPDATE ON records FOR EACH ROW SET NEW.change_date = UNIX_TIMESTAMP();
SELECT * FROM INFORMATION_SCHEMA.TRIGGERS;

These worked great, but moving from data-format to unix timestamp format required me to wrap the serial. So I headed here http://www.microhowto.info/howto/reset_the_serial_number_of_a_dns_zone.html and after the wrap everything works great.

Now my SOA looks like this and it's updated (and notifies the slaves) every time I change a record in my mysql-database.

ns.tilde.se. hostmaster.tilde.se. 1324330252 10800 3600 604800 600

Hope this helps anyone in the same situation as me.

Kind Regards, Rickard.

PS. The triggers do not handle deleting of records, should be easy enough to just update the change_date of the SOA-record for the domain, but I'm to lazy.