[Pdns-users] Question concerning multible database backends
s.posner at telekom.de
Wed Oct 26 14:26:07 UTC 2011
is it possible to influence which kind of data is stored in which
Background of the question:
When doing database-level replication of DNS content, everything
that's in the database is replicated, right?
If you add DNSSEC, part of this is the DNSSEC private key material.
Definately *not* what I want to be accessible or even distributed to
all of my DNS platforms' servers, especially not if I want to have
signing done by a hidden master.
To me, this means I currently have the following choices:
- Use database replication, and have all private key material
distributed to all nameservers
- Use default AXFR instead of database replication to get zones
transferred from this machines to the rest of the world, to
prevent the key material to be spread
- Try to hack something on database level that filters out key
material and only distributes the "public parts" of the database
With the possibility to say "use this database backend for private
key material only", I could use another databse backend to store
the signed zones, replicate this database and nonetheless neither
spread my private keys nor need to hack something nor say byebye
to database replication simplicity.
Or am I greatly mistaken somehere?
More information about the Pdns-users