[Pdns-users] Wondering if this will work.

Mark Scholten mark at streamservice.nl
Wed Nov 6 23:18:11 UTC 2013

Hello Hoy,


After enabling dnssec in pdns.conf (gmysql-dnssec=yes) you have to rectify
zones (in your code or after every update and at the start) for domains to
work. You can do this with pdnssec rectify-zone <name> and with pdnssec
rectify-all-zones (iirc).




Mark Scholten


From: pdns-users-bounces at mailman.powerdns.com
[mailto:pdns-users-bounces at mailman.powerdns.com] On Behalf Of Hoy Henry
Sent: Wednesday, November 06, 2013 20:05
To: pdns-users at mailman.powerdns.com
Subject: Re: [Pdns-users] Wondering if this will work.


Thank you for this response, I learned something new.  I do have one other
question in regards to DNSSEC.  If I enable dnssec in the pdns.conf file for
later use will all zones that are not "secured"  be broken?


The reason that I am asking this is that I had enabled it and had some
significant problems with my domains until I ran a 'pdnssec secure-zone
xyz.com' command on some of the domains that were giving me a problem (with
no authoritative name server errors)  after I realized that this was the
case, I removed the  gmysql-dnssec from the .conf file and restarted pdns.
This seemed to clear everything up.   I am not using dnssec now but  I
intend to implement it once I know more about it.  


Any Ideas?





From: pdns-users-bounces at mailman.powerdns.com
[mailto:pdns-users-bounces at mailman.powerdns.com] On Behalf Of Hoy Henry
Sent: Wednesday, October 30, 2013 9:35 AM
To: pdns-users at mailman.powerdns.com
Subject: [Pdns-users] Wondering if this will work.


Good Day.


I am working with CentOS 6.4, PowerDNS 3.12.e16. on a mysql backend all on
one box.  No DNSSEC.  Binary was provided through yum and epel. Installed
myself yesterday. 


It is my intent that this server will serve as a Primary Authoritative Name
Server for some 200-300 domains already running on an old failing BIND
server.   I Intend to bring up a slave PDNS server today and hook-up mysql
replication. The original Primary BIND server died a few weeks ago and
everything was failed over to the secondary (NS2) leaving a vacancy of what
I will call NS1.


The person that was maintaining this setup left shortly after the problem
occurred and I am the new guy trying to get things up and running as stable
as possible.  I was able to export all of the zones from the remaining BIND
server (NS2) and import those into the new MySQL backend.  I have PowerDNS
Webinterface Version 1.5.3 installed and everything looks pretty good.  I am
able to dig and query the servers records  I think, just fine.


My intent with this is to shut down my current NS2 BIND server and  cutover
to the new environment with the fresh NS1 and NS2 PDNS installs.  With this,
I would LIKE to re IP NS1 and NS2 to different addresses when the cutover
happens.   If I do this, will this be a problem?  Do I need to change the IP
addresses on the Current NS2 (And NS1 Entry in DNS) and let those records
propagate before making the cutover?  Am I over thinking this?  I just don't
want to cause a catastrophe by making this change...I'm kind "unseasoned" at
a lot of this sort of thing.  Anything I missed that I should be worried


As a secondary question, what would be the proper IPTABLE rules to allow the
communication of DNS to happen?  I will not be using recursion with these
servers for dns lookups.


Any help would be greatly appreciated.  








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20131107/233a4012/attachment-0001.html>

More information about the Pdns-users mailing list