[Pdns-users] PowerDNS Authoritative Server 3.1-rc3 (FINAL!) released

Peter van Dijk peter.van.dijk at netherlabs.nl
Thu May 3 07:07:42 UTC 2012


Hello Christof,

On May 2, 2012, at 22:58 , Christof Meerwald wrote:

> On Wed, 2 May 2012 21:23:21 +0200, Christof Meerwald wrote:
>> BTW, I can't remove the gsqlite3 backend as I am using that for slave
>> zones - only the primary zones are using the bind backend.
>> 
>> I am currently using:
>> 
>> launch=gsqlite3,bind
>> 
>> Swapping the order to bind,gsqlite3 would make DNSSEC work in the bind
>> backend, but DNSSEC would then stop working for the gsqlite3 backend.
> 
> Argh - I now see what is happening. Essentially, you can only have one
> DNSSEC enabled backend - otherwise PowerDNS gets confused with which
> database to use for the domain metadata.


Indeed it does. As it turns out, PowerDNS will indeed only talk about keys with the
first DNSSEC-capable backend in the launch list. This in itself is not new in 3.1;
but indeed, it breaks your use case now that bindbackend does its own key management.

Fixing this involves touching all DNSSEC-supporting modules and changing some interfaces.
Therefor, we cannot do this for the 3.1 release.

3.1 will be released with a big warning about this specific setup; we intend to do a
3.1.1 (or similar) release sometime after that with a fix for this issue.

Our sincere apologies for the inconvenience.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/




More information about the Pdns-users mailing list