[Pdns-users] Setting up intentionally invalid DNSSEC record in auto-secure environment

Nicholas Williams nicholas at nicholaswilliams.net
Wed Jan 6 19:42:50 UTC 2016


I'll look into that other script. Thanks, Bert.

> How about a creating a separate sub-zone with a broken presigned DNSSEC

> You can set presigned for just that single zone using the PRESIGNED domain
metadata[1] int your database.

I really like this idea in combination. That documentation that Pieter sent
me should help me get set up with presigning. But, Leen, how would I set up
a subzone delegated to the same authoritative server (or can I, even?)? Can
you point me to that documentation?

Google really hasn't indexed this documentation very well at all...

Thanks,

Nick

On Wed, Jan 6, 2016 at 1:34 PM, Pieter Lexis <pieter.lexis at powerdns.com>
wrote:

> Hi Nick,
>
> On Wed, 6 Jan 2016 13:26:59 -0600
> Nicholas Williams <nicholas at nicholaswilliams.net> wrote:
>
> > Yea, but that's the rub. I want to do this WITHOUT 'presigned zones.'
> > I want everything else to be live-signed (because it's SO much easier
> > than presigning), and only munge this one subdomain's RRSIGs.
>
> You can set presigned for just that single zone using the PRESIGNED
> domain metadata[1] int your database.
>
> 1 - https://doc.powerdns.com/md/authoritative/domainmetadata/#presigned
>
> --
> Pieter Lexis
> PowerDNS.COM BV -- https://www.powerdns.com
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20160106/78cb70d7/attachment-0001.html>


More information about the Pdns-users mailing list