[Pdns-users] Record delegation to 3rd party NS
Stefan Schmidt
zaphodb at zaphods.net
Tue Jan 29 15:51:43 UTC 2013
On Tue, Jan 29, 2013 at 4:25 PM, ivan_i at vvpgroup.com
<ivan_i at vvpgroup.com> wrote:
> Hi,
Hi Ivan,
>> SELECT * FROM domains WHERE id = 31;
>
> +----+--------------+--------+------------+--------+-----------------+---------+
> | id | name | master | last_check | type | notified_serial |
> account |
> +----+--------------+--------+------------+--------+-----------------+---------+
> | 31 | mydomain.com | NULL | NULL | NATIVE | NULL | NULL
> |
> +----+--------------+--------+------------+--------+-----------------+---------+
>
>> dig @yourpdns jabber.mydomain.com any
>
> ; <<>> DiG 9.8.1-P1 <<>> @10.X.X.X jabber.mydomain.com any
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25446
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;jabber.mydomain.com. IN ANY
>
> ;; AUTHORITY SECTION:
> jabber.mydomain.com. 300 IN NS ns1.p27.dynect.net.
> jabber.mydomain.com. 300 IN NS ns2.p27.dynect.net.
> jabber.mydomain.com. 300 IN NS ns3.p27.dynect.net.
> jabber.mydomain.com. 300 IN NS ns4.p27.dynect.net.
>
> ;; Query time: 3 msec
> ;; SERVER: 10.X.X.X#53(10.X.X.X)
> ;; WHEN: Tue Jan 29 17:20:59 2013
> ;; MSG SIZE rcvd: 121
At this point i guess it would be best if you could give us the actual
domain name instead of 'mydomain.com' so we can verify that the dynect
nameservers are set up correctly too.
As for the PowerDNS part it seems that the only thing that is off is
that you should not set the 'auth' flag in gmysql backend for
delegation data i.e. the 'jabber.mydomain.com' NS records.
http://doc.powerdns.com/dnssec-modes.html#dnssec-direct-database 8.5.
»The 'auth' field should be set to '1' for data for which the zone
itself is authoritative, which includes the SOA record and its own NS
records.
The 'auth' field should be 0 however for NS records which are used for
delegation, and also for any glue (A, AAAA) records present for this
purpose. Do note that the DS record for a secure delegation should be
authoritative!«
Stefan
More information about the Pdns-users
mailing list