[Pdns-users] advice needed for update from 3.1 to 3.2
Klaus Darilion
klaus.mailinglists at pernau.at
Wed Apr 10 10:33:52 UTC 2013
Hi all!
We have the following setup:
-------\
zone provisioning --AXFR---> hidden master public name servers
(bind/pdns/...) -------/ (pdns) (pdns)
| |
| |
Postgresql ------------> Postgresql
Master Slaves
The PDNS hidden master receives the zones per AXFR, and stores them into
the DB. The DB is replicated to public name servers.
I wanted to upgrade the name servers step by step. The documentation
mentions: "If your frontend does not add empty non-terminal names to
records, you will get DNSSEC replies of 3.1-quality, which has served
many people well, but we suggest you update your code as soon as
possible!". So I started upgrading with the public name servers in the
hope that 3.2 with 3.1 style DB works at least as good as 3.1.
Unfortunately this was not the case - 3.2 gives wrong answers with a 3.1
database [1].
I want to avoid updating the hidden master and the public name server at
the same time. Is it save to update first the hidden master? Or asked in
other way: Does 3.1 answers correctly if the database already contains
3.2-style empty non-terminal names?
Further, to update the DB from 3.1 style to 3.2 style I have to trigger
AXFR for every zone. This may take some time (~800000 zones). I could
shorten this time by transferring only zones which are really affected
by the new schema. As far as I see these are zone with DNSSEC, wildcards
and zones with multi-layer subdomains - do I miss something here?
Or even better, is there a tool which converts 3.1 style DB to 3.2 style DB?
thanks
Klaus
[1] e.g. Zone example.com
www IN A 1.1.1.1
* IN A 1.1.1.1
When queried for a.b.example.com, 3.1 returns "1.1.1.1" whereas 3.2
returns NXDOMAIN if the empty non-terminal names are missing.
More information about the Pdns-users
mailing list