[Pdns-users] PDNS Inline-Signing with pre-signed zones: defined behavior

Klaus Darilion klaus.mailinglists at pernau.at
Tue Aug 20 08:43:26 UTC 2013


I wonder how PDNS behaves when it should sign a zone which is already 
pre-signed (e.g. my customer sends me a pre-signed zone although it 
should send me an unsigned zone).

Of course I could just test the behavior, but I want to know if there is 
a strict policy in PDNS for this scenario on which I can rely.

I think having already DNSKEY records in the DB should be fine (there 
are uses cases, e.g. for a DNS provider change) - but what about 
existing RRSIGs and NSEC3PARAM


More information about the Pdns-users mailing list