[Pdns-users] New PowerDNS Authoritative Server snapshot with DNSSEC + Release Notes
bert.hubert at netherlabs.nl
Fri Jan 28 20:42:24 UTC 2011
Thanks for testing the prerelease!
On Fri, Jan 28, 2011 at 11:14:43AM +0100, Leen Besselink wrote:
> First problem: what do I need to specify at the launch parameter ?:
> sqlite or sqlite3 ?
I updated the documentation to this efffect:
"To benefit from this mode, include at least one database-based backend in
the 'launch' statement. The Generic SQLite backend version 3 (gsqlite3)
probably complements BIND mode best, since it does not require a database
> I checked pdns_server --list-modules
> gsqlite or gsqlite3
> I guess if I use the 'sqlite3' command to create the database I'll use
> As I understand it, it is possible to use bind-zones and sqlite3 to
> store the keys.
> So I ran the commands:
> $pdnssec secure-zone test.net
> This should not happen, still no key!
I've updated this error message so it now says:
"Failed to secure zone - if you run with the BIND backend, make sure to also
launch another backend which supports storage of DNSSEC settings.
In addition, add 'blah.nl' to this backend, possibly like this:
insert into domains (name, type) values ('blah.nl', 'NATIVE');
And then rerun secure-zone"
> Now it worked:
> ;; ANSWER SECTION:
> www.test.net. 3600 IN CNAME web.test.net.
> web.test.net. 3600 IN A 10.0.0.238
This is pretty weird though. I don't see why this would require a zone to be
rectified. Even though zones should always be rectified when running with
> So I have 2 suggestions:
> 1. add the insert into domain line to zone2sql
zone2sql is a bit confusing and may need to be revamped. It does add the
'inert' if you operate from a named.conf.
> 2. the documentation should be changed from:
> $ echo 'insert into domains (name, type) values ('powerdnssec.org', 'NATIVE') | sqlite3 ./powerdns.sqlite3
> $ echo "insert into domains (name, type) values ('powerdnssec.org', 'NATIVE')" | sqlite3 ./powerdns.sqlite3
> After ordering and singing and ordering the DNSSEC the CNAME problems
> all went away and when I run dig with +trusted-key= and everything worked.
> It also worked with or without the bind backend.
Thanks Leen, the changes you inspired are in
More information about the Pdns-users