[Pdns-users] PowerDNSSEC Slaves
Craig Whitmore
lennon at orcon.net.nz
Wed Jun 8 12:32:13 UTC 2011
On 8/06/11 11:38 PM, "Christof Meerwald" <cmeerw at cmeerw.org> wrote:
>On Wed, 08 Jun 2011 18:21:14 +1200, Craig Whitmore wrote:
>[...]
>> Can someone help why the slave is failing=8A
>
>I think one of the DNSSEC records is being truncated on the slave as
>it exceeds 256 bytes - you might need to update the database schema on
>the slave to allow for longer records.
Thank you. It works now. I used the default database from all the
documentation set up so maybe (IMHO) the default needs to be increased to
some thing larger.
On the slave I did..
alter table records modify content varchar(512);
updated the master and it transferred and now..
dig +dnssec +sigchase +trusted-key=./trusted-keys -t A spam.co.nz
@114.23.33.130
;; Ok this DNSKEY is a Trusted Key, DNSSEC validation is ok: SUCCESS
dig +dnssec +sigchase +trusted-key=./trusted-keys -t A spam.co.nz
@114.23.33.131
;; Ok this DNSKEY is a Trusted Key, DNSSEC validation is ok: SUCCESS
I must write up a how to on getting this working as the documentation for
powerdnssec is a little lacking on this matter:-) There are a couple of
gotya's
>
>> I cannot find any documentation on slaves and powerdnssec and how it
>>should
>> be done properly..
>
>If you happen to have non-PowerDNS slaves, you might also want to set
>"SOA-EDIT" to "INCREMENT-WEEKS" in the domainmetadata table for that
>domain (this isn't needed if you only have PowerDNS slaves).
I am using PowerDNSSec only.
Thanks
>
More information about the Pdns-users
mailing list