[Pdns-users] PDNS for a TLD...

Rob roblocke at gmail.com
Mon Oct 13 05:45:30 UTC 2014 

Hi,

> > * For domains which use *custom* nameservers, we only need to include the 
> > NS records for purposes of delegation.  For example, for “blah.foo": 
> 
> Yes this is correct, they are located in the foo zone (same domain_id as the SOA record mentioned earlier). 

Thanks for mentioning that explicitly.  It is an important point which I failed to mention in my email.


> > * But, for domains which use *our* name servers (with a web interface for 
> > managing records), we’ll need an SOA record in addition to NS records 
> > pointing to our name servers.  For example, for “something.foo”: 
> > ...
> 
> This is an option. However depending on the number off records and your needs it might be easier to: 
> A. include the records directly in the foo zone without adding a separate zone (with its own SOA records and NS records) 
> OR 
> B. put them on separate name servers 

Since we might have a number of customers managing their own records, I’m thinking it might be cleanest for each of them to have their own SOA/NS records.  Then look at option B in the future.


> Don't forget that you need to add NS records to the foo zone for the domain and in the domain zone. For this you can also check the domain_id field. 

Right now, for customers using *our* name servers, I only have SOA/NS records in the domain zone (along with whatever other records they create).  Do I really need to duplicate the NS records for the domain in the foo zone?

(For delegated domains, I have the NS records in the foo zone as you recommended.)


> Do you want to also support DNSsec? This is possible with PowerDNS, you need to add DS records for the domains. If you provide an EPP service to your customers/registrars this is easy as they can provide the DS records. It would be a nice service to verify the DS records at the time they are provided to see if they match and if not return an error or warning. 

This is in the cards.  I’m sure I’ll have more questions about DNSsec soon! =)

Thanks,
Rob



--
View this message in context: http://powerdns.13854.n7.nabble.com/PDNS-for-a-TLD-tp11022p11033.html
Sent from the PowerDNS mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20141012/371cfa25/attachment-0001.html>

More information about the Pdns-users mailing list