[Pdns-users] PowerDNS 3.0: Can't deal with multi-part NSEC mappings yet

Peter van Dijk peter.van.dijk at netherlabs.nl
Thu Sep 26 05:14:35 UTC 2013

Hello Fredrik,

On Sep 26, 2013, at 2:46 , Fredrik Roubert wrote:

> On Wed 25 Sep 11:00 CEST 2013, Peter van Dijk wrote:
>> If that's not it, check your zone file for any lines containing TYPE in
>> uppercase, or any entry over 255 in
>> http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4
> Ah, thank you, this is interesting. My zone file has TYPE65534 records,
> which are part of BIND's "Fully automatic zone signing" process:
> ftp://ftp.isc.org/isc/bind9/9.9.4/doc/arm/Bv9ARM.ch04.html#id2563513
> Are you saying that PowerDNS 3.0 is failing on these TYPE65534 records? If
> so, then that's case closed for it wouldn't be possible to get rid of them
> without also saying good-bye to automatic zone signing.

PowerDNS is failing on the NSECs related to these records. So, in short, yes.

Again - please don't use 3.0 for DNSSEC.  

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130926/04e90508/attachment-0001.sig>

More information about the Pdns-users mailing list