[Pdns-users] DNSSEC issue in bind to pdns migration

Pieter Lexis pieter.lexis at powerdns.com
Mon Aug 14 10:45:41 UTC 2017

Hello Thibaud,

On Mon, 14 Aug 2017 12:28:03 +0200
Thib D <thibmac0241 at gmail.com> wrote:

> I am currently trying to transfer my zones running on bind9 to PowerDNS
> with a bind-backend.
> I want my AXFR dig queries to answer the same between pdns and bind9. The
> configuration on pdns and bind is the same.
> AXFR queries are all fine except for the zones that have RRSIG and NSEC3
> records.
> AXFR answers from PDNS are not returning any of these records but BIND
> returns all of them.

Have you migrated the DNSSEC key material *or* have imported the RRSIGs and set the PRESIGNED[1] metadata?

> I read that there was the possibility to create database but I'm not sure
> why I would need to do this, because I just want the queries to return
> whats acutally written in the zonefiles.

Please see our DNSSEC migration guide for more information[2].

If you need more help, please provide the steps you took to migrate the zones.

Best regards,


1 - https://doc.powerdns.com/authoritative/domainmetadata.html#presigned
2 - https://doc.powerdns.com/authoritative/dnssec/migration.html
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com

More information about the Pdns-users mailing list