[Pdns-users] rectify-zone on non DNSSEC domains
Martin Chandler
mchandler at aventer.net
Fri Jan 30 03:56:48 UTC 2015
Hi Peter,
Thanks for your reply
On 2015年01月29日 23:17, Peter van Dijk wrote:
> Hello Martin,
>
> On 29 Jan 2015, at 7:45 , Martin Chandler <mchandler at aventer.net> wrote:
>
>> I am running a PowerDNS hidden master behind BIND dns servers serving to
>> the public.
>>
>> We have a mix of DNSSEC secure zones, and non-secure zones.
>>
>> My question is do I have to 'rectify-zone' on the non-secure zones?
>> (does Powerdns still need the auth and ordername for non-secure zones?)
>
> On non-secure zones, ordername is ignored, but auth is not. However, if you just set auth=1 on all records, you get the ‘old’ behaviour, which has been demonstrated to work just fine in practice. If you use the 3.4.0+ SQL schema, you get auth=1 by default.
Just curious, as a hidden master that only sends zone transfers to the
front end BIND servers, what will I lose with the 'old' behaviour?
Thanks,
Martin
--
Cellular phone : 090-7849-6808
e-mail:mchandler at aventer.net
URL :http://www.aventer.net/
More information about the Pdns-users
mailing list