[Pdns-users] Avoiding "pdnssec rectify-zone"
Peter van Dijk
peter.van.dijk at netherlabs.nl
Sat Jan 14 16:42:28 UTC 2012
Hello Ask,
On Jan 14, 2012, at 10:20 , Ask Bjørn Hansen wrote:
> Are there any tips or documentation for how to edit the backend data in a way so running rectify-zone isn't necessary.
>
> Is it enough to just insert/update the 'ordername' column when updating records? (Insert the hostname if domainmetadata doesn't have a kind=NSEC3PARAM row and the output of `pdnssec hash-zone-record example.com new-host` otherwise?)
rectify-zone fixes ordername and auth. If you do that too, you're golden.
Note that for NSEC (so non-NSEC3), ordername gets a reversed version of the hostname. If you have 'a.b.c.example.com' in the example.com zone, the order name is 'c b a'.
'auth' should be 1 for all records, except those that are NS records delegating some subdomain.
As some extra inspiration, the example schema for oraclebackend actually does database-side NSEC3 calculations: http://wiki.powerdns.com/trac/browser/trunk/pdns/modules/oraclebackend/schema.sql
Kind regards,
Peter van Dijk
More information about the Pdns-users
mailing list