[Pdns-users] MyDNS-Bind Migration and DNSSEC

Eric Haskins ehask71 at gmail.com
Fri Dec 13 17:30:26 UTC 2013


Peter,

    Thank You we did manage to get it to work via auth = 1.  I have one
other question in regards to the DS and DNSKEY records from a registry
perspective ICANN requires registrars to provide a mechanism allowing a
domain owner to secure a zone.  The registrar has to submit the DS and
DNSKEY values to the registrar via API is there a way to get these records
since it appears PowerDNS is building on the fly when requested?? This and
Rollover are our last hurdles

Thx again Peter

Eric Haskins
*High Octane Brands LLC*
PHP/MySQL Developers ~ E-Commerce Specialists
Magento, OpenCart, WorpPress Optimized Hosting
HighOctaneBrands.com
978-905-9603 Cell


On Fri, Dec 13, 2013 at 12:11 PM, Peter van Dijk <
peter.van.dijk at netherlabs.nl> wrote:

> Hello Eric,
>
> On Dec 13, 2013, at 17:42 , Eric Haskins wrote:
>
> >       I am in the middle of migration testing for 330K Domains and 1.8
> Million records from a MyDNS with a Bind Mysql backend   to PowerDNS with
> PDNSSEC with gmysql backend,   We have had no issue migrating zones and
> records after creating the scripts. Our issue lies in serving the zones.
> >
> > I am finding unless I run pdnssec rectify-zone xyz.com  I will see this
> in monitor and no answer will be provided
> >
> > Dec 13 09:58:35 Should not get here (xyz.com|1): please run pdnssec
> rectify-zone
> >
> > Upon running rectify-zone all behaves properly.  I thought I could run
> Normal and Secured zones on one server?   We are inserting NULL in
>  ordername and auth could this be the cause?
>
> You have a few options:
> 1) remove gmysql-dnssec from your configuration. This will fully disable
> DNSSEC, and also disable all features that use the domainmetadata table. It
> will also make PowerDNS ignore ordername and auth and this error will go
> away.
> 2) keep gmysql-dnssec, and "fake up" ordername and auth. For non-DNSSEC
> domains, put 1 in auth. ordername is ignored so NULL is a good value for it.
>
> If you do want to support DNSSEC for (some) domains, please read
> http://doc.powerdns.com/html/dnssec-modes.html#dnssec-direct-databasevery carefully and/or use rectify-zone after zone data changes.
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20131213/a2452006/attachment-0001.html>


More information about the Pdns-users mailing list