[Pdns-users] Removing Dnssec records from slave PDNS servers

mvdgeijn marc at bhosted.nl
Wed Feb 17 15:23:42 UTC 2016 

Hi Bert,

Hierbij de gegevens.

On the master:
~# pdnssec show-zone salzvideo.nl
Zone is not actively secured
Zone is not presigned
No keys for zone 'salzvideo.nl'.

On one of the slaves:
$ pdnssec show-zone salzvideo.nl
Zone is not presigned
Zone has hashed NSEC3 semantics, configuration: 1 0 1 ab
keys:
ID = 1534 (KSK), tag = 19711, algo = 8, bits = 2048     Active: 1 ( RSASHA256 )
KSK DNSKEY = salzvideo.nl IN DNSKEY 257 3 8 AwEAAY1J6kjWaCIDffTnxLkkJKjmDgy/ulsIbQNuxGvfqjSw9DA5WvCzZFFZPa0SqEoTrO3Mj+/GQ971SsIIWKX/nfTxS1dnT2voFPj9l5GLzdeKq6JK32nbxg9ftaYLzO2Rr10RpgHNjBLztd4ATwYo5lXvWplO/gG4ZmQCBUIE9seTqOLpqiDmH/nUsuWGISj/pBfp6Kz2vTPpDvHifsltNoE+NWbfDe41jIuezoo2pTuhpRag4yqFdpbdcqVlVkn9fzxqIfzlrvaQlTSKBue7r7osAlg2BTmOrLmT2OcDcUX9W+8p2ORputROwYFPzurzqheqWUd2bskanscwj530Dyk= ; ( RSASHA256 )
DS = salzvideo.nl IN DS 19711 8 1 cc126ecef7a0d02393ad706698693fe5edf8f128 ; ( SHA1 digest )
DS = salzvideo.nl IN DS 19711 8 2 2b9b348598238195ad4ee11ab289ed682ebe194197a563b57a955f85e5edc3ad ; ( SHA256 digest )

ID = 1535 (ZSK), tag = 29826, algo = 8, bits = 1024     Active: 1 ( RSASHA256 )
ID = 1536 (ZSK), tag = 20593, algo = 8, bits = 1024     Active: 0 ( RSASHA256 )


Met vriendelijke groet,

Marc van de Geijn
bHosted.nl

Mail: marc at bhosted.nl
Tel: 020 3118211
Facebook: https://www.facebook.com/bHosted.nl.Webhosting
Twitter: https://twitter.com/bhostednl

Van: bert hubert-3 [via PowerDNS] [mailto:ml-node+s13854n12134h36 at n7.nabble.com]
Verzonden: woensdag 17 februari 2016 16:22
Aan: Marc van de Geijn <marc at bhosted.nl>
Onderwerp: Re: Removing Dnssec records from slave PDNS servers

On Wed, Feb 17, 2016 at 03:47:57PM +0000, Marc van de Geijn wrote:
> Unfortunatly, the serial is updated on the master and synced to the slaves, but the slaves keep reporting the NSEC3 & RRSIG records. The master does not report these records when doing a AXFR from the slaves.

Can you show the actual output of 'pdnssec show-zone' on both master and
slave please?

        Bert

>
> Met vriendelijke groet,
>
> Marc van de Geijn
> bHosted.nl
>
> Mail: [hidden email]</user/SendEmail.jtp?type=node&node=12134&i=0>
> Tel: 020 3118211
> Facebook: https://www.facebook.com/bHosted.nl.Webhosting
> Twitter: https://twitter.com/bhostednl
>
> -----Oorspronkelijk bericht-----
> Van: bert hubert [mailto:[hidden email]</user/SendEmail.jtp?type=node&node=12134&i=1>]
> Verzonden: woensdag 17 februari 2016 16:41
> Aan: Marc van de Geijn <[hidden email]</user/SendEmail.jtp?type=node&node=12134&i=2>>
> CC: [hidden email]</user/SendEmail.jtp?type=node&node=12134&i=3>
> Onderwerp: Re: [Pdns-users] Removing Dnssec records from slave PDNS servers
>
> On Wed, Feb 17, 2016 at 06:27:59AM -0700, mvdgeijn wrote:
> > Hi,
> >
> > I was wondering what the best way is to remove Dnssec records from the
> > slave PDNS servers? Our master and slave DNS servers are all PowerDNS servers.
> > They are kept in sync using AXFR and are all on different locations.
> >
> > At this moment it seems that when I disable Dnssec on the master for a
> > domain, this information is not transferred to the slave DNS servers.
>
> Increase the serial (pdnssec increase-serial is an easy way, or pdnsutil on 4.x).
>
> That should trigger the slave to refetch without the DNSSEC.
>
> Bert
_______________________________________________
Pdns-users mailing list
[hidden email]</user/SendEmail.jtp?type=node&node=12134&i=4>
http://mailman.powerdns.com/mailman/listinfo/pdns-users

________________________________
If you reply to this email, your message will be added to the discussion below:
http://powerdns.13854.n7.nabble.com/Removing-Dnssec-records-from-slave-PDNS-servers-tp12132p12134.html
To unsubscribe from Removing Dnssec records from slave PDNS servers, click here<http://powerdns.13854.n7.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=12132&code=bWFyY0BiaG9zdGVkLm5sfDEyMTMyfC0xNjc1MDYzODEw>.
NAML<http://powerdns.13854.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>




--
View this message in context: http://powerdns.13854.n7.nabble.com/Removing-Dnssec-records-from-slave-PDNS-servers-tp12132p12135.html
Sent from the PowerDNS mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20160217/e016aa7c/attachment-0001.html>

More information about the Pdns-users mailing list