[Pdns-users] New PowerDNS Authoritative Server snapshot with DNSSEC + Release Notes

Leen Besselink leen at consolejunkie.net
Sat Jan 29 00:22:25 UTC 2011


On 01/28/2011 09:42 PM, bert hubert wrote:
> Hi Leen,
>
> Thanks for testing the prerelease!
>

No problem, I've been wanting to try out DNSSEC for a while now.

>> Now it worked:
>> ;; ANSWER SECTION:
>> www.test.net.           3600    IN      CNAME   web.test.net.
>> web.test.net.           3600    IN      A       10.0.0.238
> This is pretty weird though. I don't see why this would require a zone to be
> rectified. Even though zones should always be rectified when running with
> 'g*sql-dnssec'.
>
It's true though, if I take the original pdns.conf and only add:

launch=gsqlite3
gsqlite3-database=/etc/powerdns/sql/powerdns.sqlite3

And create a sqlite3 database:
PRAGMA foreign_keys=OFF;
BEGIN TRANSACTION;
CREATE TABLE domains (
              id                INTEGER PRIMARY KEY,
              name              VARCHAR(255) NOT NULL COLLATE NOCASE,
              master            VARCHAR(128) DEFAULT NULL,
              last_check        INTEGER DEFAULT NULL,
              type              VARCHAR(6) NOT NULL,
              notified_serial   INTEGER DEFAULT NULL,
              account           VARCHAR(40) DEFAULT NULL
            );
INSERT INTO "domains" VALUES(1,'test.net',NULL,NULL,'NATIVE',NULL,NULL);
CREATE TABLE records (
              id              INTEGER PRIMARY KEY,
              domain_id       INTEGER DEFAULT NULL,
              name            VARCHAR(255) DEFAULT NULL,
              type            VARCHAR(6) DEFAULT NULL,
              content         VARCHAR(255) DEFAULT NULL,
              ttl             INTEGER DEFAULT NULL,
              prio            INTEGER DEFAULT NULL,
              change_date     INTEGER DEFAULT NULL
            );
INSERT INTO "records" VALUES(1,0,'test.net','SOA','ns1.test.net
hostmaster.test.net 2011012731 10800 3600 604800 38400',14400,0,NULL);
INSERT INTO "records"
VALUES(2,0,'test.net','NS','ns2.test.net',14400,0,NULL);
INSERT INTO "records"
VALUES(3,0,'test.net','NS','ns1.test.net',14400,0,NULL);
INSERT INTO "records"
VALUES(4,0,'test.net','NS','ns3.test.net',14400,0,NULL);
INSERT INTO "records"
VALUES(5,0,'ns1.test.net','A','10.0.0.101',3600,0,NULL);
INSERT INTO "records"
VALUES(6,0,'ns2.test.net','A','10.0.0.102',3600,0,NULL);
INSERT INTO "records"
VALUES(7,0,'ns3.test.net','A','10.0.1.13',3600,0,NULL);
INSERT INTO "records"
VALUES(8,0,'web.test.net','A','10.0.0.238',3600,0,NULL);
INSERT INTO "records"
VALUES(9,0,'www.test.net','CNAME','web.test.net',3600,0,NULL);
INSERT INTO "records"
VALUES(10,0,'test.net','MX','mx1.test.net',14400,100,NULL);
INSERT INTO "records"
VALUES(11,0,'test.net','MX','mx2.test.net',14400,100,NULL);
INSERT INTO "records"
VALUES(12,0,'test.net','MX','mx3.test.net',14400,400,NULL);
INSERT INTO "records"
VALUES(13,0,'test.net','MX','mx4.test.net',14400,400,NULL);
INSERT INTO "records"
VALUES(14,0,'mx1.test.net','A','10.0.0.111',3600,0,NULL);
INSERT INTO "records"
VALUES(15,0,'mx2.test.net','A','10.0.0.112',3600,0,NULL);
INSERT INTO "records"
VALUES(16,0,'mx3.test.net','A','10.0.0.116',3600,0,NULL);
INSERT INTO "records"
VALUES(17,0,'mx4.test.net','A','10.0.0.117',3600,0,NULL);
CREATE TABLE supermasters (
              ip          VARCHAR(25) NOT NULL,
              nameserver  VARCHAR(255) NOT NULL COLLATE NOCASE,
              account     VARCHAR(40) DEFAULT NULL
            );
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE INDEX rec_name_index ON records(name);
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
COMMIT;


And query it, all I get is:

$ dig +norec www.test.net @127.0.0.1 A

; <<>> DiG 9.7.1-P2 <<>> +norec www.test.net @127.0.0.1 A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7822
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.test.net.                  IN      A

;; ANSWER SECTION:
www.test.net.           3600    IN      CNAME   web.test.net.

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jan 29 01:20:18 2011
;; MSG SIZE  rcvd: 48

But it works with just bind and it works when I add the extra
DNSSEC-schema and enable the DNSSEC-part of the sqlite3 backend.

Sounds like a bug to me. :-/





More information about the Pdns-users mailing list