[Pdns-users] Disabling DNSSEC on a Domain
Craig Whitmore
lennon at orcon.net.nz
Tue Jun 14 08:56:41 UTC 2011
A have been trying to automate this all and have a number of questions
1. http://doc.powerdns.com/dnssec-operational-doctrine.html say to use
"pdnssec disable-dnssec" but there is no command so what the "proper" way of
making a domain insecure (the opposite of secure-zone basically.
remove-zone-key on all the keys will work? And then update SOA serial and
remove anything in the domainmetadata table?
2) pdnssec [options] [show-zone] [secure-zone] [rectify-zone] [add-zone-key]
[deactivate-zone-key] [remove-zone-key] [activate-zone-key]
[import-zone-key] [export-zone-key] [set-nsec3] [set-presigned]
[unset-nsec3] [unset-presigned] [export-zone-dnskey]
secure-zone Add KSK and two ZSKs
Should be
secure-zone ZONE Add KSK and two ZSKs
3) do I have to run rectify-zone every time I add/change an entry. I add an
entry into the database and then read the SOA and increase it and update it
to be bigger.
insert into records (domain_id,name,content,type,ttl,prio) values
("1","test44.spam.co.nz","114.23.33.130","A",86400,NULL);
update records set content = "ns1.spam.co.nz support at spam.co.nz 4000 28800
7200 604800 86400" where id = "1";
mysql> select * from records where id = "38";
+----+-----------+-------------------+------+---------------+-------+------+
-------------+-----------+------+
| id | domain_id | name | type | content | ttl | prio |
change_date | ordername | auth |
+----+-----------+-------------------+------+---------------+-------+------+
-------------+-----------+------+
| 38 | 1 | test44.spam.co.nz | A | 114.23.33.130 | 86400 | NULL |
NULL | NULL | NULL |
+----+-----------+-------------------+------+---------------+-------+------+
-------------+-----------+------+
1 row in set (0.00 sec)
Update not showing at all until I run pdnssec rectify-zone spam.co.nz
And the data now looks like
select * from records where id = "38";
+----+-----------+-------------------+------+---------------+-------+------+
-------------+----------------------------------+------+
| id | domain_id | name | type | content | ttl | prio |
change_date | ordername | auth |
+----+-----------+-------------------+------+---------------+-------+------+
-------------+----------------------------------+------+
| 38 | 1 | test44.spam.co.nz | A | 114.23.33.130 | 86400 | NULL |
NULL | qi3g5evlihaplneaqgjgnncntd9ms95b | 1 |
+----+-----------+-------------------+------+---------------+-------+------+
-------------+----------------------------------+------+
1 row in set (0.00 sec)
And I can dig the new entry..
Thanks
Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20110614/b6cbe7d5/attachment.html>
More information about the Pdns-users
mailing list