[Pdns-users] MyDNS-Bind Migration and DNSSEC
Peter van Dijk
peter.van.dijk at netherlabs.nl
Fri Dec 13 17:11:05 UTC 2013
On Dec 13, 2013, at 17:42 , Eric Haskins wrote:
> I am in the middle of migration testing for 330K Domains and 1.8 Million records from a MyDNS with a Bind Mysql backend to PowerDNS with PDNSSEC with gmysql backend, We have had no issue migrating zones and records after creating the scripts. Our issue lies in serving the zones.
> I am finding unless I run pdnssec rectify-zone xyz.com I will see this in monitor and no answer will be provided
> Dec 13 09:58:35 Should not get here (xyz.com|1): please run pdnssec rectify-zone
> Upon running rectify-zone all behaves properly. I thought I could run Normal and Secured zones on one server? We are inserting NULL in ordername and auth could this be the cause?
You have a few options:
1) remove gmysql-dnssec from your configuration. This will fully disable DNSSEC, and also disable all features that use the domainmetadata table. It will also make PowerDNS ignore ordername and auth and this error will go away.
2) keep gmysql-dnssec, and "fake up" ordername and auth. For non-DNSSEC domains, put 1 in auth. ordername is ignored so NULL is a good value for it.
If you do want to support DNSSEC for (some) domains, please read http://doc.powerdns.com/html/dnssec-modes.html#dnssec-direct-database very carefully and/or use rectify-zone after zone data changes.
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Pdns-users