[Pdns-users] PowerDNS Authoritative Server 3.1-rc3 (FINAL!) released
Peter van Dijk
peter.van.dijk at netherlabs.nl
Thu May 3 07:07:42 UTC 2012
Hello Christof,
On May 2, 2012, at 22:58 , Christof Meerwald wrote:
> On Wed, 2 May 2012 21:23:21 +0200, Christof Meerwald wrote:
>> BTW, I can't remove the gsqlite3 backend as I am using that for slave
>> zones - only the primary zones are using the bind backend.
>>
>> I am currently using:
>>
>> launch=gsqlite3,bind
>>
>> Swapping the order to bind,gsqlite3 would make DNSSEC work in the bind
>> backend, but DNSSEC would then stop working for the gsqlite3 backend.
>
> Argh - I now see what is happening. Essentially, you can only have one
> DNSSEC enabled backend - otherwise PowerDNS gets confused with which
> database to use for the domain metadata.
Indeed it does. As it turns out, PowerDNS will indeed only talk about keys with the
first DNSSEC-capable backend in the launch list. This in itself is not new in 3.1;
but indeed, it breaks your use case now that bindbackend does its own key management.
Fixing this involves touching all DNSSEC-supporting modules and changing some interfaces.
Therefor, we cannot do this for the 3.1 release.
3.1 will be released with a big warning about this specific setup; we intend to do a
3.1.1 (or similar) release sometime after that with a fix for this issue.
Our sincere apologies for the inconvenience.
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
More information about the Pdns-users
mailing list