[Pdns-users] How do you rectify zones?
lists at shthead.com
Mon Feb 18 11:18:34 UTC 2013
On 18/02/2013 6:04 PM, Jan-Piet Mens wrote:
> PowerDNS needs zones to be 'rectified' for DNSSEC.
Have you considered using NSEC3 narrow?
Funnily enough I have been playing around with DNSSEC and PowerDNS the
last few days. I use the MySQL backend with it. The schema I use is the
one from the manual with a change on the auth column in the records
table - it defaults to 1.
The process I follow is:
1. pdnssec secure-zone whatever.com
2. pdnssec set-nsec3 gbe0.net '1 1 interations salt' narrow
pdnssec set-nsec3 gbe0.net '1 1 1 ffffff' narrow
The salt needs to be hex.
DNS changes made after that seem to be fine.
If you are using zone transfers (AXFR) I believe that will break. I use
MySQL replication instead due to having 6 figures of domains on there,
much quicker than notifies.
More information about the Pdns-users