[Pdns-users] 4.0.1 authoritative + bindbackend + presigned axfr'd zone
theodore at ciscodude.net
Fri Aug 12 07:37:37 UTC 2016
I've tried using the sqlite3 backend as well now for this zone, with the
same non-dnssec-serving/recognizing result.
(This does work in the mysql backend however, but thats shared between
multiple servers, and this configuration is unique to this particular
Theodore Baschak - AS395089 - Hextet Systems
https://ciscodude.net/ - https://hextet.systems/
On Fri, Aug 12, 2016 at 1:52 AM, Theodore Baschak <theodore at ciscodude.net>
> I've got a few zones I slave for a friend. He presigns some of those zones
> on bind and I AXFR them as a slave.
> Log entries don't indicate detecting presigned zones on AXFR. Dig with
> +dnssec doesn't return anything either. dnsviz is showing me as being a
> problem nameserver for him now.
> I've got the bind-dnssec-db set, and created the dnssec-db with pdnsutil
> (and chowned it to pdns:pdns even)
> I've tried pdnsutil set-presigned <zone>
> I've been googling this for about an hour and I can't find something wrong
> with what I'm doing.
> I did find the following command, which outputs many lines like the
> pdnsutil check-all-zones
> Aug 12 06:49:30 [bindbackend] Done parsing domains, 0 rejected, 19 new, 0
> [Warning] Parsed and original record content are not equal: fudo.ca IN
> RRSIG 'SOA 8 2 3600 20140614060342 20131216060342 17133 fudo.ca.
> (Content parsed as 'SOA 8 2 3600 20140614060342 20131216060342 17133
> fudo.ca gXArdDSbIIFjFn7fjj4h8MnT2ZQYwKuCWOKDXTn+da5MnmCkp7KXM+
> [Error] RRSIG found at 'fudo.ca' in non-presigned zone. These do not
> belong in the database.
> Theodore Baschak - AS395089 - Hextet Systems
> https://ciscodude.net/ - https://hextet.systems/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pdns-users