[Pdns-users] Running PowerDNS with live signing in master mode
Peter van Dijk
peter.van.dijk at netherlabs.nl
Mon Dec 19 13:49:57 UTC 2011
On Dec 18, 2011, at 19:47 , Rickard Dahlstrand wrote:
> I use gmysql as my backend without support for automatically updating the SOA serial.
> How will the server behave if I just leave it in live signing mode for a couple of weeks without updating the serial? Will it update it for me and send notifies to my slaves? Or will it leave the SOA and update the slaves anyway? How does it make sure the slaves are running updated signatures?
> Also, I just used the pdnssec secure-zone-command, so I assume I'm in live signing mode, right?
> I'm using pdns-3.1-pre.20111215.2319.
Putting the right SOA-EDIT row in your domainmetadata table should take care of this. It is (very summarily) documented at http://doc.powerdns.com/domainmetadata.html
The documentation in SVN head is slightly more verbose, and it says:
Available modes are: INCEPTION (which sets the SOA Serial to
the current two-week signing period start in seconds since
the UNIX epoch), INCEPTION-WEEK (number of weeks since the
epoch), INCREMENT-WEEKS (which increments the serial with
the number of weeks since the epoch), EPOCH (number of
seconds since the epoch). Finally, INCEPTION-EPOCH
(available since 3.1) is special and sets the new SOA serial
number to the maximum of the old SOA serial number, and age
in seconds of the start of the current signing period.
INCEPTION-EPOCH is quite recent and does not work in 3.0
Peter van Dijk
More information about the Pdns-users