[Pdns-users] PDNS for a TLD...

Mark Scholten mark at streamservice.nl
Sat Oct 11 12:50:52 UTC 2014

Hello Rob,

> From: pdns-users-bounces at mailman.powerdns.com [mailto:pdns-users-
> bounces at mailman.powerdns.com] On Behalf Of Rob
> Sent: 08 October, 2014 6:03
> Hi guys,
> (I'm not sure if my email reply made it out, since it's not appearing in the
> archive.  My apologies if you're receiving this twice.)
> I really appreciate the responses from everyone so far.  One thing I forgot to
> mention is that I’m using the MySQL backend.  So, if I understand
> correctly:
> * We’ll need an SOA record for “foo”.  For example:
> 	(name, type, content, ttl) =
> 	(‘foo', ‘SOA', 'ns01.dns.foo admin.dns.foo 1 10800 3600 694800
> 3600',
> 86400)

Yes, this is what you need.

> * For domains which use *custom* nameservers, we only need to include the
> NS records for purposes of delegation.  For example, for “blah.foo":
> 	(name, type, content, ttl) =
> 	(‘blah.foo’, ’NS’, ‘dns01.customdns.com’, 3600)
> 	(name, type, content, ttl) =
> 	(‘blah.foo’, ’NS’, ‘dns02.customdns.com’, 3600)
> We’ll also need glue records if the nameservers are within “blah.foo”.

Yes this is correct, they are located in the foo zone (same domain_id as the SOA record mentioned earlier).

> * But, for domains which use *our* name servers (with a web interface for
> managing records), we’ll need an SOA record in addition to NS records
> pointing to our name servers.  For example, for “something.foo”:
> 	(name, type, content, ttl) =
> 	(’something.foo', ‘SOA', 'ns01.dns.foo admin.dns.foo 1 10800 3600
> 694800 3600', 86400)
> 	(name, type, content, ttl) =
> 	(’something.foo', ’NS', 'ns01.dns.foo', 3600)
> 	(name, type, content, ttl) =
> 	(’something.foo', ’NS', 'ns02.dns.foo', 3600)
> 	And a sample record for good measure:
> 	(name, type, content, ttl) =
> 	(’www.something.foo', ’A', ‘', 3600)
> Did I get that right?  Or am I more confused than ever?

This is an option. However depending on the number off records and your needs it might be easier to:
A. include the records directly in the foo zone without adding a separate zone (with its own SOA records and NS records)
B. put them on separate name servers

Don't forget that you need to add NS records to the foo zone for the domain and in the domain zone. For this you can also check the domain_id field.

Do you want to also support DNSsec? This is possible with PowerDNS, you need to add DS records for the domains. If you provide an EPP service to your customers/registrars this is easy as they can provide the DS records. It would be a nice service to verify the DS records at the time they are provided to see if they match and if not return an error or warning.

Let us know if you have other questions.

Kind regards,

Mark Scholten

More information about the Pdns-users mailing list