[Pdns-users] MyDNS-Bind Migration and DNSSEC

Peter van Dijk peter.van.dijk at netherlabs.nl
Fri Dec 13 17:11:05 UTC 2013

Hello Eric,

On Dec 13, 2013, at 17:42 , Eric Haskins wrote:

>       I am in the middle of migration testing for 330K Domains and 1.8 Million records from a MyDNS with a Bind Mysql backend   to PowerDNS with PDNSSEC with gmysql backend,   We have had no issue migrating zones and records after creating the scripts. Our issue lies in serving the zones.
> I am finding unless I run pdnssec rectify-zone xyz.com  I will see this in monitor and no answer will be provided
> Dec 13 09:58:35 Should not get here (xyz.com|1): please run pdnssec rectify-zone
> Upon running rectify-zone all behaves properly.  I thought I could run Normal and Secured zones on one server?   We are inserting NULL in  ordername and auth could this be the cause?  

You have a few options:
1) remove gmysql-dnssec from your configuration. This will fully disable DNSSEC, and also disable all features that use the domainmetadata table. It will also make PowerDNS ignore ordername and auth and this error will go away.
2) keep gmysql-dnssec, and "fake up" ordername and auth. For non-DNSSEC domains, put 1 in auth. ordername is ignored so NULL is a good value for it.

If you do want to support DNSSEC for (some) domains, please read http://doc.powerdns.com/html/dnssec-modes.html#dnssec-direct-database very carefully and/or use rectify-zone after zone data changes.

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20131213/9d34c7d4/attachment-0001.sig>

More information about the Pdns-users mailing list