[Pdns-users] rectify-zone on non DNSSEC domains

Martin Chandler mchandler at aventer.net
Fri Jan 30 03:56:48 UTC 2015

Hi Peter,

Thanks for your reply

On 2015年01月29日 23:17, Peter van Dijk wrote:
> Hello Martin,
> On 29 Jan 2015, at 7:45 , Martin Chandler <mchandler at aventer.net> wrote:
>> I am running a PowerDNS hidden master behind BIND dns servers serving to
>> the public.
>> We have a mix of DNSSEC secure zones, and non-secure zones.
>> My question is do I have to 'rectify-zone' on the non-secure zones?
>> (does Powerdns still need the auth and ordername for non-secure zones?)
> On non-secure zones, ordername is ignored, but auth is not. However, if you just set auth=1 on all records, you get the ‘old’ behaviour, which has been demonstrated to work just fine in practice. If you use the 3.4.0+ SQL schema, you get auth=1 by default.

Just curious, as a hidden master that only sends zone transfers to the
front end BIND servers, what will I lose with the 'old' behaviour?


Cellular phone : 090-7849-6808
e-mail:mchandler at aventer.net
URL   :http://www.aventer.net/

More information about the Pdns-users mailing list