[Pdns-users] Generating ZSK/KSK not using pdnssec.

Mark Scholten mark at streamservice.nl
Thu Jan 3 01:40:57 UTC 2013

> From: pdns-users-bounces at mailman.powerdns.com [mailto:pdns-users-
> bounces at mailman.powerdns.com] On Behalf Of Tino Donderwinkel
> Sent: 28 December, 2012 22:40
> Hi all,
> I am starting to learn PowerDNS and use the gmysql backend, with DNSSEC
> enabled.
> Yet, I 'manage' DNS through a web interface that is running on a separate
> server. (e.g. Your typical write-to-a-mysql-database scenario, but the web
> server part is separated from the PowerDNS server part.)
> In order to get the proper ZSK/KSK one could normally use pdnssec secure-
> zone <myzone>, and the keys would be added to the cryptokeys table.
> Since this is not possible for me, I would like to create the proper key
> information 'manually' and place it in the MySQL cryptokeys table.
> Does anyone have a good how-to or tips what's the best way to accomplish
> this?
> Thanks, (and best wishes!)

Hello Tino,

Did you think about the option to install PowerDNS on the web frontend and
to use pdnssec from there (and let it do the MySQL changes required)? It
would probably keep it easy to maintain (at least as easy as possible).

Scripting is also easy to do against pdnssec for most commands.

Kind regards,

Mark Scholten

More information about the Pdns-users mailing list