[Pdns-users] Running PowerDNS with live signing in master mode

Peter van Dijk peter.van.dijk at netherlabs.nl
Mon Dec 19 13:49:57 UTC 2011


Hello Rickard,

On Dec 18, 2011, at 19:47 , Rickard Dahlstrand wrote:

> I use gmysql as my backend without support for automatically updating the SOA serial.
> 
> How will the server behave if I just leave it in live signing mode for a couple of weeks without updating the serial? Will it update it for me and send notifies to my slaves? Or will it leave the SOA and update the slaves anyway? How does it make sure the slaves are running updated signatures?
> 
> Also, I just used the pdnssec secure-zone-command, so I assume I'm in live signing mode, right?
> 
> I'm using pdns-3.1-pre.20111215.2319.

Putting the right SOA-EDIT row in your domainmetadata table should take care of this. It is (very summarily) documented at http://doc.powerdns.com/domainmetadata.html

The documentation in SVN head is slightly more verbose, and it says:
                Available modes are: INCEPTION (which sets the SOA Serial to
                the current two-week signing period start in seconds since
                the UNIX epoch), INCEPTION-WEEK (number of weeks since the
                epoch), INCREMENT-WEEKS (which increments the serial with
                the number of weeks since the epoch), EPOCH (number of
                seconds since the epoch).  Finally, INCEPTION-EPOCH
                (available since 3.1) is special and sets the new SOA serial
                number to the maximum of the old SOA serial number, and age
                in seconds of the start of the current signing period.

INCEPTION-EPOCH is quite recent and does not work in 3.0

Kind regards,
Peter van Dijk


More information about the Pdns-users mailing list