[Pdns-users] New PowerDNS Authoritative Server snapshot with DNSSEC + Release Notes
Leen Besselink
leen at consolejunkie.net
Sat Jan 29 00:22:25 UTC 2011
On 01/28/2011 09:42 PM, bert hubert wrote:
> Hi Leen,
>
> Thanks for testing the prerelease!
>
No problem, I've been wanting to try out DNSSEC for a while now.
>> Now it worked:
>> ;; ANSWER SECTION:
>> www.test.net. 3600 IN CNAME web.test.net.
>> web.test.net. 3600 IN A 10.0.0.238
> This is pretty weird though. I don't see why this would require a zone to be
> rectified. Even though zones should always be rectified when running with
> 'g*sql-dnssec'.
>
It's true though, if I take the original pdns.conf and only add:
launch=gsqlite3
gsqlite3-database=/etc/powerdns/sql/powerdns.sqlite3
And create a sqlite3 database:
PRAGMA foreign_keys=OFF;
BEGIN TRANSACTION;
CREATE TABLE domains (
id INTEGER PRIMARY KEY,
name VARCHAR(255) NOT NULL COLLATE NOCASE,
master VARCHAR(128) DEFAULT NULL,
last_check INTEGER DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INTEGER DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL
);
INSERT INTO "domains" VALUES(1,'test.net',NULL,NULL,'NATIVE',NULL,NULL);
CREATE TABLE records (
id INTEGER PRIMARY KEY,
domain_id INTEGER DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(6) DEFAULT NULL,
content VARCHAR(255) DEFAULT NULL,
ttl INTEGER DEFAULT NULL,
prio INTEGER DEFAULT NULL,
change_date INTEGER DEFAULT NULL
);
INSERT INTO "records" VALUES(1,0,'test.net','SOA','ns1.test.net
hostmaster.test.net 2011012731 10800 3600 604800 38400',14400,0,NULL);
INSERT INTO "records"
VALUES(2,0,'test.net','NS','ns2.test.net',14400,0,NULL);
INSERT INTO "records"
VALUES(3,0,'test.net','NS','ns1.test.net',14400,0,NULL);
INSERT INTO "records"
VALUES(4,0,'test.net','NS','ns3.test.net',14400,0,NULL);
INSERT INTO "records"
VALUES(5,0,'ns1.test.net','A','10.0.0.101',3600,0,NULL);
INSERT INTO "records"
VALUES(6,0,'ns2.test.net','A','10.0.0.102',3600,0,NULL);
INSERT INTO "records"
VALUES(7,0,'ns3.test.net','A','10.0.1.13',3600,0,NULL);
INSERT INTO "records"
VALUES(8,0,'web.test.net','A','10.0.0.238',3600,0,NULL);
INSERT INTO "records"
VALUES(9,0,'www.test.net','CNAME','web.test.net',3600,0,NULL);
INSERT INTO "records"
VALUES(10,0,'test.net','MX','mx1.test.net',14400,100,NULL);
INSERT INTO "records"
VALUES(11,0,'test.net','MX','mx2.test.net',14400,100,NULL);
INSERT INTO "records"
VALUES(12,0,'test.net','MX','mx3.test.net',14400,400,NULL);
INSERT INTO "records"
VALUES(13,0,'test.net','MX','mx4.test.net',14400,400,NULL);
INSERT INTO "records"
VALUES(14,0,'mx1.test.net','A','10.0.0.111',3600,0,NULL);
INSERT INTO "records"
VALUES(15,0,'mx2.test.net','A','10.0.0.112',3600,0,NULL);
INSERT INTO "records"
VALUES(16,0,'mx3.test.net','A','10.0.0.116',3600,0,NULL);
INSERT INTO "records"
VALUES(17,0,'mx4.test.net','A','10.0.0.117',3600,0,NULL);
CREATE TABLE supermasters (
ip VARCHAR(25) NOT NULL,
nameserver VARCHAR(255) NOT NULL COLLATE NOCASE,
account VARCHAR(40) DEFAULT NULL
);
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE INDEX rec_name_index ON records(name);
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
COMMIT;
And query it, all I get is:
$ dig +norec www.test.net @127.0.0.1 A
; <<>> DiG 9.7.1-P2 <<>> +norec www.test.net @127.0.0.1 A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7822
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.test.net. IN A
;; ANSWER SECTION:
www.test.net. 3600 IN CNAME web.test.net.
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jan 29 01:20:18 2011
;; MSG SIZE rcvd: 48
But it works with just bind and it works when I add the extra
DNSSEC-schema and enable the DNSSEC-part of the sqlite3 backend.
Sounds like a bug to me. :-/
More information about the Pdns-users
mailing list