[Pdns-users] 4.0.1 authoritative + bindbackend + presigned axfr'd zone

Theodore Baschak theodore at ciscodude.net
Fri Aug 12 06:52:52 UTC 2016

I've got a few zones I slave for a friend. He presigns some of those zones
on bind and I AXFR them as a slave.

Log entries don't indicate detecting presigned zones on AXFR. Dig with
+dnssec doesn't return anything either. dnsviz is showing me as being a
problem nameserver for him now.

I've got the bind-dnssec-db set, and created the dnssec-db with pdnsutil
(and chowned it to pdns:pdns even)

I've tried pdnsutil set-presigned <zone>

I've been googling this for about an hour and I can't find something wrong
with what I'm doing.
I did find the following command, which outputs many lines like the

pdnsutil check-all-zones
Aug 12 06:49:30 [bindbackend] Done parsing domains, 0 rejected, 19 new, 0
[Warning] Parsed and original record content are not equal: fudo.ca IN
RRSIG 'SOA 8 2 3600 20140614060342 20131216060342 17133 fudo.ca.
(Content parsed as 'SOA 8 2 3600 20140614060342 20131216060342 17133 fudo.ca
[Error] RRSIG found at 'fudo.ca' in non-presigned zone. These do not belong
in the database.

Theodore Baschak - AS395089 - Hextet Systems
https://ciscodude.net/ - https://hextet.systems/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20160812/72b4134b/attachment.html>

More information about the Pdns-users mailing list