[Pdns-users] rectify-zone on non DNSSEC domains

Peter van Dijk peter.van.dijk at powerdns.com
Thu Jan 29 14:17:18 UTC 2015

Hello Martin,

On 29 Jan 2015, at 7:45 , Martin Chandler <mchandler at aventer.net> wrote:

> I am running a PowerDNS hidden master behind BIND dns servers serving to
> the public.
> We have a mix of DNSSEC secure zones, and non-secure zones.
> My question is do I have to 'rectify-zone' on the non-secure zones?
> (does Powerdns still need the auth and ordername for non-secure zones?)

On non-secure zones, ordername is ignored, but auth is not. However, if you just set auth=1 on all records, you get the ‘old’ behaviour, which has been demonstrated to work just fine in practice. If you use the 3.4.0+ SQL schema, you get auth=1 by default.

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

More information about the Pdns-users mailing list