[Pdns-users] How do you rectify zones?

shthead lists at shthead.com
Mon Feb 18 11:18:34 UTC 2013

On 18/02/2013 6:04 PM, Jan-Piet Mens wrote:
> PowerDNS needs zones to be 'rectified' for DNSSEC.

Have you considered using NSEC3 narrow?

Funnily enough I have been playing around with DNSSEC and PowerDNS the 
last few days. I use the MySQL backend with it. The schema I use is the 
one from the manual with a change on the auth column in the records 
table - it defaults to 1.

The process I follow is:

1. pdnssec secure-zone whatever.com
2. pdnssec set-nsec3 gbe0.net '1 1 interations salt' narrow
pdnssec set-nsec3 gbe0.net '1 1 1 ffffff' narrow

The salt needs to be hex.

DNS changes made after that seem to be fine.

If you are using zone transfers (AXFR) I believe that will break. I use 
MySQL replication instead due to having 6 figures of domains on there, 
much quicker than notifies.

More information about the Pdns-users mailing list