[Pdns-users] Glue-Records in PowerDNS 3.x

Peter van Dijk peter.van.dijk at netherlabs.nl
Fri Dec 21 14:40:36 UTC 2012


Hello Marten,

On Dec 13, 2012, at 12:39 , Marten Lehmann wrote:

>>> domain.com and www.domain.com resolve as expected in both releases. When queried for www.sub.domain.com, in release 2.9.21 PowerDNS responds with 3.4.5.6 . In version 3.1 it doesn't find a A record.
>> 
>> Yes, this is correct. 2.9.21 would return the A, but 3.1 should return the delegation instead (at least, if -dnssec is set).
> 
> well, we haven't started PowerDNS with DNSSEC yet. We explicitly started it without, because otherwise we would have had to create keys and sign the zones. The behaviour is still the same. So having NS-records at subdomains of a zone definetely means, that subdomains of this subdomain in the same zone are ignored? I guess then it wouldn't help us if it can be corrected somehow without DNSSEC; because sooner or later we'll be providing DNSSEC as well and then we're going to have the same issue again.


Putting gmysql-dnssec in your configuration does not require you to secure every zone immediately.

The -dnssec flag really means "I upgraded my database schema" which means DNSSEC, domainmetadata etc. are possible. Perhaps we should have called it '-v3schema' or '-newschema'.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/




More information about the Pdns-users mailing list