[Pdns-users] Some initial large scale DNSSEC signing best practices

[Peter van Dijk]

Hello Christof,

On Jul 8, 2012, at 17:57 , Christof Meerwald wrote:

> On Sat, 7 Jul 2012 19:36:10 +0200, bert hubert wrote:
>> On Fri, Jul 06, 2012 at 11:21:26AM +0200, Peter Gervai wrote:
>>> I welcome this message but reminds me of mentioning that if there's a
>>> gathered wisdom about common pitfalls and usual possible improvements
>>> it may be useful to share these as most of us are not dutch root
>>> registrars. ;-)
>> Yes - we will share our conclusions. We discovered a few things already:
> 
> BTW, are there any plans yet when the limitation that only one backend
> can be used for DNSSEC will be removed?


Aki Tuomi recently submitted a patch that presumably removes that limitation - at least for any combination of gsql backends with the bindbackend (as long as bind is the last in the launch line, as far as I can judge. I'm sure he will correct me if I'm wrong). The ticket and patch are at http://wiki.powerdns.com/trac/ticket/513

I have not tried it yet, but it looks good. If you give it a spin, please let us know how it works for you :)

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/