[Pdns-users] Wondering if this will work.

Hoy Henry hoy at datacruz.com
Wed Nov 6 19:05:19 UTC 2013

Thank you for this response, I learned something new.  I do have one other question in regards to DNSSEC.  If I enable dnssec in the pdns.conf file for later use will all zones that are not "secured"  be broken?

The reason that I am asking this is that I had enabled it and had some significant problems with my domains until I ran a 'pdnssec secure-zone xyz.com' command on some of the domains that were giving me a problem (with no authoritative name server errors)  after I realized that this was the case, I removed the  gmysql-dnssec from the .conf file and restarted pdns.   This seemed to clear everything up.   I am not using dnssec now but  I intend to implement it once I know more about it.

Any Ideas?


From: pdns-users-bounces at mailman.powerdns.com [mailto:pdns-users-bounces at mailman.powerdns.com] On Behalf Of Hoy Henry
Sent: Wednesday, October 30, 2013 9:35 AM
To: pdns-users at mailman.powerdns.com
Subject: [Pdns-users] Wondering if this will work.

Good Day.

I am working with CentOS 6.4, PowerDNS 3.12.e16. on a mysql backend all on one box.  No DNSSEC.  Binary was provided through yum and epel. Installed myself yesterday.

It is my intent that this server will serve as a Primary Authoritative Name Server for some 200-300 domains already running on an old failing BIND server.   I Intend to bring up a slave PDNS server today and hook-up mysql replication. The original Primary BIND server died a few weeks ago and everything was failed over to the secondary (NS2) leaving a vacancy of what I will call NS1.

The person that was maintaining this setup left shortly after the problem occurred and I am the new guy trying to get things up and running as stable as possible.  I was able to export all of the zones from the remaining BIND server (NS2) and import those into the new MySQL backend.  I have PowerDNS Webinterface Version 1.5.3 installed and everything looks pretty good.  I am able to dig and query the servers records  I think, just fine.

My intent with this is to shut down my current NS2 BIND server and  cutover to the new environment with the fresh NS1 and NS2 PDNS installs.  With this, I would LIKE to re IP NS1 and NS2 to different addresses when the cutover happens.   If I do this, will this be a problem?  Do I need to change the IP addresses on the Current NS2 (And NS1 Entry in DNS) and let those records propagate before making the cutover?  Am I over thinking this?  I just don't want to cause a catastrophe by making this change.....I'm kind "unseasoned" at a lot of this sort of thing.  Anything I missed that I should be worried about?

As a secondary question, what would be the proper IPTABLE rules to allow the communication of DNS to happen?  I will not be using recursion with these servers for dns lookups.

Any help would be greatly appreciated.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20131106/ef77a1ad/attachment.html>

More information about the Pdns-users mailing list