[Pdns-users] Question concerning multible database backends

Florian Obser florian at narrans.de
Wed Oct 26 21:19:16 UTC 2011


Hi,

On 10/26/2011 04:26 PM, Posner, Sebastian wrote:
> With the possibility to say "use this database backend for private
> key material only", I could use another databse backend to store
> the signed zones, replicate this database and nonetheless neither

powerdns doesn't store signatures in the database backend when running
in live signing mode. (If you're running pre-signed you wouldn't store
the keys in the database in the first place.)

| 4.2. Signatures
|
| In PowerDNS live signing mode, signatures, as served through RRSIG
| records, are calculated on the fly, and heavily cached.
( http://doc.powerdns.com/powerdnssec.html )

Presumably the database replication slaves duplicate the calculation of
RRSIGs and therefore need the (private) keys. I haven't tried
replication with 3.0 yet but I looked in my database and there are no
RRSIG (or DNSKEY etc) records.

Best regards,
Florian

-- 
I remember yesterday, but the memory is in my head now.
Was yesterday real? Or is it only the memory that is real?



More information about the Pdns-users mailing list