[Pdns-users] DNSSEC slave servers

Stefan Schmidt zaphodb at zaphods.net
Thu Jul 21 08:25:48 UTC 2011


On Thu, Jul 21, 2011 at 4:19 AM, kim Doff <kimdoff at gmail.com> wrote:
> Hello,

Hello Kim,

> I set up my Slave Server and use mysql database replication with ssl
> encryption
> as shown here:
> http://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-debian-squeeze
> Could somebody please point me in the right direction  how to set up DNSSEC
> slave servers?

Please have a look at the documentation for the gmysql backend at
http://doc.powerdns.com/generic-mypgsql-backends.html#id479879
In addition to the block after "The default setup conforms to the
following schema:"
for DNSSEC you also need to alter that schema with the block after
"To support or migrate to DNSSEC, the following SQL statements must be
executed:"

Basically you will end up with the additional tables domainmetadata,
cryptokeys and tsgikeys
being used for DNSSEC plus two more columns in the records table.

To put your domains under DNSSEC protection you then need to choose a
mode of operation for them as described in
http://doc.powerdns.com/dnssec-migration.html
and switch them over using the pdnssec utility as it says.

kind regards,

 Stefan



More information about the Pdns-users mailing list