[Pdns-users] use DNSSEC with multiple backends

Christof Meerwald cmeerw at cmeerw.org
Sat Jul 14 09:20:38 UTC 2012


On Sun, 8 Jul 2012 21:21:59 +0300, Aki Tuomi wrote:
> On Sun, Jul 08, 2012 at 09:08:45PM +0300, Aki Tuomi wrote:
>> On Sun, Jul 08, 2012 at 07:03:08PM +0200, Peter van Dijk wrote:
>> > Aki Tuomi recently submitted a patch that presumably removes that limit=
> ation - at least for any combination of gsql backends with the bindbackend =
> (as long as bind is the last in the launch line, as far as I can judge. I'm=
>  sure he will correct me if I'm wrong). The ticket and patch are at http://=
> wiki.powerdns.com/trac/ticket/513
>> It should work either way, even if you launch bind first or last. It just=
> And sadly, now that I look at the bind backend, I see it has the very same
> bug as gsql. Luckily there is a patch for this as well.
> http://wiki.powerdns.com/trac/ticket/523

It seems to work if I apply only the patch from
http://wiki.powerdns.com/trac/ticket/513 and launch the bind backend
last.

The patch in http://wiki.powerdns.com/trac/ticket/523 actually breaks
DNSSEC for bind completely (mainly because it tries to check for
NSEC3PARAMS when loading the zones - but getDomainMetadata returns
false at that point because the zone hasn't been loaded yet). And
pdnssec is also broken for bind zones with that patch (as it doesn't
load all zones upfront).


Christof

-- 

http://cmeerw.org                              sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org                   xmpp:cmeerw at cmeerw.org



More information about the Pdns-users mailing list