[Pdns-users] How do you rectify zones?
Ruben d'Arco
cyclops at prof-x.net
Wed Feb 20 07:55:38 UTC 2013
Hi,
On Tue, Feb 19, 2013 at 07:28:35PM -0500, James Cloos wrote:
> I've spent some time looking into a set of functions (I use pgsql) for
> making changes, which can do all of the necessary logic when adding,
> removing or changing an RR, but I haven't yet compiled a full list of
> what exactly is required for every case when dnssec is in use. Has
> anyone else?
For the rfc2136 implementation, the code "rectifies" the zone. What i found was:
- Special case when inserting/removing NS records as you're creating/removing a delegate.
The auth flag below the inserted/removed NS record needs to change.
- For inserting, we might need to insert empty-non-terminal (the type=NULL) records
If your zone has a.test.com and you insert d.c.b.a.test.com, you'll have to create some other records.
- For removing, we must check if we need to remove empty-non-termninal records
The reverse of the previous point, but keep in mind that you might have d.b.a.test.com in there somewhere as well.
- We basically use the same logic as rectify-zone to find what the auth flag should be, but do it for a single record that is inserted
- Afterwords, we need to flush the cache as pdns will cache NSEC(3) records as well. This is something i think you cannot do from a sql-function.
Regards,
Ruben
More information about the Pdns-users
mailing list