[Pdns-users] Different RRSIG's on master and slaves
mvdgeijn
marc at bhosted.nl
Thu Sep 26 08:27:42 UTC 2013
I find it a little confusing: the pdnssec show-zone shows on all servers
(master and slaves) that the domain is not presigned.
My knowledge on DnsSec isn't that great, but what I tested is that when the
keys on the slaves (stored in the cryptokeys table) are out of sync with the
master, I have to remove them on both slave servers from the cryptokeys
table. After that I update the serial and the zone is synced using AXFR from
the master to both slaves and the keys are fixed.
Maybe there is indeed some code in PowerDNS that sets the presigned flag
automaticly, but why isn't that adjusted in the show-zone on the master
and/or the slaves? And why aren't the keys synced when not in sync with the
master, even when the serial is updated?
Regards,
Marc
--
View this message in context: http://powerdns.13854.n7.nabble.com/Different-RRSIG-s-on-master-and-slaves-tp10349p10369.html
Sent from the PowerDNS mailing list archive at Nabble.com.
More information about the Pdns-users
mailing list