[Pdns-users] How do you rectify zones?
James Cloos
cloos at jhcloos.com
Wed Feb 20 00:28:35 UTC 2013
>>>>> "PvD" == Peter van Dijk <peter.van.dijk at netherlabs.nl> writes:
PvD> Rectify is 'pretty' cheap when you don't use NSEC3. However, it's not
PvD> the kind of thing you'd want to run after every update to a big, busy
PvD> zone.
And yet, when using automatic serials and axfr replication, every change
creates notifies which trigger axfrs which fail until rectify is done.
And not just completely fail, but die part way through.
(I get caught by that every so often, if I haven't made any changes in
long enough that I forget at first that I have to do the rectify. Not
every time, but every so often.)
I've spent some time looking into a set of functions (I use pgsql) for
making changes, which can do all of the necessary logic when adding,
removing or changing an RR, but I haven't yet compiled a full list of
what exactly is required for every case when dnssec is in use. Has
anyone else?
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
More information about the Pdns-users
mailing list