[Pdns-users] advice needed for update from 3.1 to 3.2

Klaus Darilion klaus.mailinglists at pernau.at
Wed Apr 10 10:54:16 UTC 2013 

Sorry for the noise, the scenario describe in [1] works fine - there is 
a bug in the zone and 3.2 answered correctly.

Nevertheless I wonder if there is a best practice for subsequent 
upgrades - starting with the public nameservers causing PDNS 3.2 using a 
3.1-style DB or starting with the hidden nameserver causing PDNS 3.1 
using a 3.2-style DB.

thanks
Klaus

On 10.04.2013 12:33, Klaus Darilion wrote:
> Hi all!
>
> We have the following setup:
>
>                    -------\
> zone provisioning --AXFR---> hidden master        public name servers
> (bind/pdns/...)   -------/    (pdns)                   (pdns)
>                                  |                        |
>                                  |                        |
>                              Postgresql ------------> Postgresql
>                               Master                   Slaves
>
> The PDNS hidden master receives the zones per AXFR, and stores them into
> the DB. The DB is replicated to public name servers.
>
> I wanted to upgrade the name servers step by step. The documentation
> mentions: "If your frontend does not add empty non-terminal names to
> records, you will get DNSSEC replies of 3.1-quality, which has served
> many people well, but we suggest you update your code as soon as
> possible!". So I started upgrading with the public name servers in the
> hope that 3.2 with 3.1 style DB works at least as good as 3.1.
> Unfortunately this was not the case - 3.2 gives wrong answers with a 3.1
> database [1].
>
> I want to avoid updating the hidden master and the public name server at
> the same time. Is it save to update first the hidden master? Or asked in
> other way: Does 3.1 answers correctly if the database already contains
> 3.2-style empty non-terminal names?
>
> Further, to update the DB from 3.1 style to 3.2 style I have to trigger
> AXFR for every zone. This may take some time (~800000 zones). I could
> shorten this time by transferring only zones which are really affected
> by the new schema. As far as I see these are zone with DNSSEC, wildcards
> and zones with multi-layer subdomains - do I miss something here?
>
> Or even better, is there a tool which converts 3.1 style DB to 3.2 style
> DB?
>
> thanks
> Klaus
>
> [1] e.g. Zone example.com
> www    IN    A 1.1.1.1
> *    IN    A 1.1.1.1
>
> When queried for a.b.example.com, 3.1 returns "1.1.1.1" whereas 3.2
> returns NXDOMAIN if the empty non-terminal names are missing.
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list