[Pdns-users] knowing the DNSKEY

Peter van Dijk peter.van.dijk at netherlabs.nl
Tue Aug 20 08:02:43 UTC 2013

Hello Gilles,

On Aug 20, 2013, at 9:31 , Gilles Massen wrote:

> For our provisioning system I need to know the DNSKEY of a zone quickly
> after the zone has been created (ideally the DS...). When assigning a
> key to a domain (in the DB backend), it takes a few seconds before
> PowerDNS actually serves the DNSKEY. What is the maximum delay for the
> DNSKEY to show up?

Unless you queried the DNSKEY before you created the zone, I don't really
see a reason for there to be any delay. Can you describe your exact steps?
Specifically, how are you creating the keys?

> Having the cryptokey entry, would it be easy to compute the DNSKEY,
> without help from PowerDNS? I must confess that I couldn't figure it out
> from the sources...

It's an algorithm-dependent crypto operation - I would recommend against doing
it yourself. However, be aware that 'pdnssec show-zone' will give you both DNSKEY
and DS, and will work immediately after creating the keys.

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130820/97d17818/attachment-0001.sig>

More information about the Pdns-users mailing list