[Pdns-users] Record delegation to 3rd party NS

Stefan Schmidt zaphodb at zaphods.net
Tue Jan 29 15:51:43 UTC 2013 

On Tue, Jan 29, 2013 at 4:25 PM, ivan_i at vvpgroup.com
<ivan_i at vvpgroup.com> wrote:
> Hi,

Hi Ivan,

>> SELECT * FROM domains WHERE id = 31;
>
> +----+--------------+--------+------------+--------+-----------------+---------+
> | id | name         | master | last_check | type   | notified_serial |
> account |
> +----+--------------+--------+------------+--------+-----------------+---------+
> | 31 | mydomain.com | NULL   |       NULL | NATIVE |            NULL | NULL
> |
> +----+--------------+--------+------------+--------+-----------------+---------+
>
>> dig @yourpdns jabber.mydomain.com any
>
> ; <<>> DiG 9.8.1-P1 <<>> @10.X.X.X jabber.mydomain.com any
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25446
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;jabber.mydomain.com.           IN      ANY
>
> ;; AUTHORITY SECTION:
> jabber.mydomain.com.    300     IN      NS      ns1.p27.dynect.net.
> jabber.mydomain.com.    300     IN      NS      ns2.p27.dynect.net.
> jabber.mydomain.com.    300     IN      NS      ns3.p27.dynect.net.
> jabber.mydomain.com.    300     IN      NS      ns4.p27.dynect.net.
>
> ;; Query time: 3 msec
> ;; SERVER: 10.X.X.X#53(10.X.X.X)
> ;; WHEN: Tue Jan 29 17:20:59 2013
> ;; MSG SIZE  rcvd: 121

At this point i guess it would be best if you could give us the actual
domain name instead of 'mydomain.com' so we can verify that the dynect
nameservers are set up correctly too.
As for the PowerDNS part it seems that the only thing that is off is
that you should not set the 'auth' flag in gmysql backend for
delegation data i.e. the 'jabber.mydomain.com' NS records.
http://doc.powerdns.com/dnssec-modes.html#dnssec-direct-database  8.5.
»The 'auth' field should be set to '1' for data for which the zone
itself is authoritative, which includes the SOA record and its own NS
records.
The 'auth' field should be 0 however for NS records which are used for
delegation, and also for any glue (A, AAAA) records present for this
purpose. Do note that the DS record for a secure delegation should be
authoritative!«

 Stefan

More information about the Pdns-users mailing list