[Pdns-users] Avoiding "pdnssec rectify-zone"

Peter van Dijk peter.van.dijk at netherlabs.nl
Sat Jan 14 16:42:28 UTC 2012


Hello Ask,

On Jan 14, 2012, at 10:20 , Ask Bjørn Hansen wrote:

> Are there any tips or documentation for how to edit the backend data in a way so running rectify-zone isn't necessary.
> 
> Is it enough to just insert/update the 'ordername' column when updating records?  (Insert the hostname if domainmetadata doesn't have a kind=NSEC3PARAM row and the output of `pdnssec hash-zone-record example.com new-host` otherwise?)

rectify-zone fixes ordername and auth. If you do that too, you're golden.

Note that for NSEC (so non-NSEC3), ordername gets a reversed version of the hostname. If you have 'a.b.c.example.com' in the example.com zone, the order name is 'c b a'.

'auth' should be 1 for all records, except those that are NS records delegating some subdomain.

As some extra inspiration, the example schema for oraclebackend actually does database-side NSEC3 calculations: http://wiki.powerdns.com/trac/browser/trunk/pdns/modules/oraclebackend/schema.sql

Kind regards,
Peter van Dijk


More information about the Pdns-users mailing list