[Pdns-users] How do you rectify zones?
Peter van Dijk
peter.van.dijk at netherlabs.nl
Fri Feb 22 07:44:44 UTC 2013
Hello James,
On Feb 20, 2013, at 1:45 , James Cloos wrote:
>>>>>> "PvD" == Peter van Dijk <peter.van.dijk at netherlabs.nl> writes:
>
> PvD> Rectify is 'pretty' cheap when you don't use NSEC3. However, it's not
> PvD> the kind of thing you'd want to run after every update to a big, busy
> PvD> zone.
>
> And yet, when using automatic serials and axfr replication, every change
> creates notifies which trigger axfrs which fail until rectify is done.
I did not mean to suggest running rectify is optional; I just meant to say that the current full-zone rectify is heavy, and thus 'no fun' to run after every edit. Apologies for the confusion.
> I've spent some time looking into a set of functions (I use pgsql) for
> making changes, which can do all of the necessary logic when adding,
> removing or changing an RR, but I haven't yet compiled a full list of
> what exactly is required for every case when dnssec is in use. Has
> anyone else?
To Ruben's excellent response, I just want to add that http://doc.powerdns.com/dnssec-modes.html#dnssec-direct-database has a high-level overview.
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
More information about the Pdns-users
mailing list