[Pdns-users] 4.0.1 authoritative + bindbackend + presigned axfr'd zone
Peter van Dijk
peter.van.dijk at powerdns.com
Fri Aug 12 09:26:33 UTC 2016
do you have multiple backends launched? In general DNSSEC only works on
the first backend I believe.
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
On 12 Aug 2016, at 9:37, Theodore Baschak wrote:
> I've tried using the sqlite3 backend as well now for this zone, with
> same non-dnssec-serving/recognizing result.
> (This does work in the mysql backend however, but thats shared between
> multiple servers, and this configuration is unique to this particular
> Theodore Baschak - AS395089 - Hextet Systems
> https://ciscodude.net/ - https://hextet.systems/
> On Fri, Aug 12, 2016 at 1:52 AM, Theodore Baschak
> <theodore at ciscodude.net>
>> I've got a few zones I slave for a friend. He presigns some of those
>> on bind and I AXFR them as a slave.
>> Log entries don't indicate detecting presigned zones on AXFR. Dig
>> +dnssec doesn't return anything either. dnsviz is showing me as being
>> problem nameserver for him now.
>> I've got the bind-dnssec-db set, and created the dnssec-db with
>> (and chowned it to pdns:pdns even)
>> I've tried pdnsutil set-presigned <zone>
>> I've been googling this for about an hour and I can't find something
>> with what I'm doing.
>> I did find the following command, which outputs many lines like the
>> pdnsutil check-all-zones
>> Aug 12 06:49:30 [bindbackend] Done parsing domains, 0 rejected, 19
>> new, 0
>> [Warning] Parsed and original record content are not equal: fudo.ca
>> RRSIG 'SOA 8 2 3600 20140614060342 20131216060342 17133 fudo.ca.
>> (Content parsed as 'SOA 8 2 3600 20140614060342 20131216060342 17133
>> fudo.ca gXArdDSbIIFjFn7fjj4h8MnT2ZQYwKuCWOKDXTn+da5MnmCkp7KXM+
>> [Error] RRSIG found at 'fudo.ca' in non-presigned zone. These do not
>> belong in the database.
>> Theodore Baschak - AS395089 - Hextet Systems
>> https://ciscodude.net/ - https://hextet.systems/
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
More information about the Pdns-users