[Pdns-users] New to PowerDNS

ktm at rice.edu ktm at rice.edu
Thu Jun 26 22:12:44 UTC 2014


On Thu, Jun 26, 2014 at 10:21:06PM +0100, Jorge Bastos wrote:
> > It takes very little time for powerdns to pick up the changes. Adding
> > records is backend specific, but assuming you are using mysql backend
> > (gmysql), you can use the schema at
> > 
> > http://doc.powerdns.com/html/generic-mypgsql-backends.html#idp62194400
> > 
> > This will also show you how to insert records.
> 
> > 
> > To enable DNSSEC, first set gmysql-dnssec=yes in configuration, then
> > run
> > 
> > pdnssec secure-zone your.zone
> > 
> > This will create the necessary DNSSEC information for live signing. You
> > can verify the changes with
> > 
> > pdnssec show-zone your.zone
> > 
> > this will also show you the DS and DNSKEY records you need for
> > upstream.
> 
> Hi Aki,
> 
> Confirm, its refreshed a few seconds after i insert the records.
> 
> For the DNSSEC part, is there a way to create the DNSSEC information just by SQL ?
> 
> If not, the solution is to run "pdnssec secure-zone ZONE" in a loop on a cron script, am I right?
> 

Hi Jorge,

I do not know about a SQL only solution for MySQL DNSSEC signing, but I
know that there is a sample schema for Oracle that includes the needed
triggers and functions and that I have a basically complete version of
the same for PostgreSQL that I will be submitting to the PDNS folks once
we have it vetted for production. Maybe you can cobble something together
for MySQL for those as examples. Otherwise 'pdnssec secure-zone your.zone'
is your friend.

Regards,
Ken




More information about the Pdns-users mailing list