[Pdns-users] DNSSEC issue in bind to pdns migration
Pieter Lexis
pieter.lexis at powerdns.com
Mon Aug 14 10:45:41 UTC 2017
Hello Thibaud,
On Mon, 14 Aug 2017 12:28:03 +0200
Thib D <thibmac0241 at gmail.com> wrote:
> I am currently trying to transfer my zones running on bind9 to PowerDNS
> with a bind-backend.
> I want my AXFR dig queries to answer the same between pdns and bind9. The
> configuration on pdns and bind is the same.
>
> AXFR queries are all fine except for the zones that have RRSIG and NSEC3
> records.
> AXFR answers from PDNS are not returning any of these records but BIND
> returns all of them.
Have you migrated the DNSSEC key material *or* have imported the RRSIGs and set the PRESIGNED[1] metadata?
> I read that there was the possibility to create database but I'm not sure
> why I would need to do this, because I just want the queries to return
> whats acutally written in the zonefiles.
Please see our DNSSEC migration guide for more information[2].
If you need more help, please provide the steps you took to migrate the zones.
Best regards,
Pieter
1 - https://doc.powerdns.com/authoritative/domainmetadata.html#presigned
2 - https://doc.powerdns.com/authoritative/dnssec/migration.html
--
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com
More information about the Pdns-users
mailing list