[Pdns-users] Disabling DNSSEC on a Domain

Craig Whitmore lennon at orcon.net.nz
Tue Jun 14 08:56:41 UTC 2011


A have been trying to automate this all and have a number of questionsŠ

1. http://doc.powerdns.com/dnssec-operational-doctrine.html say to use
"pdnssec disable-dnssec" but there is no command so what the "proper" way of
making a domain insecure (the opposite of secure-zone basically.
remove-zone-key on all the keys will work? And then update SOA serial and
remove anything in the domainmetadata table?


2) pdnssec [options] [show-zone] [secure-zone] [rectify-zone] [add-zone-key]
[deactivate-zone-key] [remove-zone-key] [activate-zone-key]
         [import-zone-key] [export-zone-key] [set-nsec3] [set-presigned]
[unset-nsec3] [unset-presigned] [export-zone-dnskey]

Š
secure-zone                     Add KSK and two ZSKs
Š

Should be

secure-zone  ZONE       Add KSK and two ZSKs

3) do I have to run rectify-zone every time I add/change an entry. I add an
entry into the database and then read the SOA and increase it and update it
to be bigger.

insert into records (domain_id,name,content,type,ttl,prio) values
("1","test44.spam.co.nz","114.23.33.130","A",86400,NULL);
update records set content = "ns1.spam.co.nz support at spam.co.nz 4000 28800
7200 604800 86400" where id = "1";


mysql> select * from records where id = "38";
+----+-----------+-------------------+------+---------------+-------+------+
-------------+-----------+------+
| id | domain_id | name              | type | content       | ttl   | prio |
change_date | ordername | auth |
+----+-----------+-------------------+------+---------------+-------+------+
-------------+-----------+------+
| 38 |         1 | test44.spam.co.nz | A    | 114.23.33.130 | 86400 | NULL |
NULL | NULL      | NULL |
+----+-----------+-------------------+------+---------------+-------+------+
-------------+-----------+------+
1 row in set (0.00 sec)

Update not showing at all until I run pdnssec rectify-zone spam.co.nz
And the data now looks like


select * from records where id = "38";
+----+-----------+-------------------+------+---------------+-------+------+
-------------+----------------------------------+------+
| id | domain_id | name              | type | content       | ttl   | prio |
change_date | ordername                        | auth |
+----+-----------+-------------------+------+---------------+-------+------+
-------------+----------------------------------+------+
| 38 |         1 | test44.spam.co.nz | A    | 114.23.33.130 | 86400 | NULL |
NULL | qi3g5evlihaplneaqgjgnncntd9ms95b |    1 |
+----+-----------+-------------------+------+---------------+-------+------+
-------------+----------------------------------+------+
1 row in set (0.00 sec)

And I can dig the new entry..

Thanks
Craig














-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20110614/b6cbe7d5/attachment.html>


More information about the Pdns-users mailing list