[Pdns-users] PowerDNS 3.0: Can't deal with multi-part NSEC mappings yet
Aki Tuomi
cmouse at youzen.ext.b2.fi
Thu Sep 26 13:56:47 UTC 2013
On Thu, Sep 26, 2013 at 07:14:35AM +0200, Peter van Dijk wrote:
> Hello Fredrik,
>
> On Sep 26, 2013, at 2:46 , Fredrik Roubert wrote:
>
> > On Wed 25 Sep 11:00 CEST 2013, Peter van Dijk wrote:
> >
> >> If that's not it, check your zone file for any lines containing TYPE in
> >> uppercase, or any entry over 255 in
> >> http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4
> >
> > Ah, thank you, this is interesting. My zone file has TYPE65534 records,
> > which are part of BIND's "Fully automatic zone signing" process:
> >
> > ftp://ftp.isc.org/isc/bind9/9.9.4/doc/arm/Bv9ARM.ch04.html#id2563513
> >
> > Are you saying that PowerDNS 3.0 is failing on these TYPE65534 records? If
> > so, then that's case closed for it wouldn't be possible to get rid of them
> > without also saying good-bye to automatic zone signing.
>
>
> PowerDNS is failing on the NSECs related to these records. So, in short, yes.
>
> Again - please don't use 3.0 for DNSSEC.
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
And to be sure, this particular issue hss been addressed after 3.0, so
upgrade will help.
Aki Tuomi
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list