[Pdns-users] Some questions regarding Postgres Replication / Native operation

Wed Oct 25 07:35:35 UTC 2017

I never used nsupdate with PDNS yet. But I think the most easy approach
would be to solve this issue at application level - hence nsupdate
should send the update not to any PDNS server, but to the single PDNS
Server which has write permissions to the DB. All other PDNS servers
should have read-only access to there slave-DB.

regards
Klaus

Am 17.10.2017 um 22:26 schrieb Fabian:
> Hi Klaus,
> 
> Thanks for clarification.
> 
> I wasn’t aware that every PDNS-Server instance is doing the DNSSEC singing inline and on the fly. 
> 
> I guess you’re right, there are minimal writes to PDNS only via nsupdate. 
> Is there any way to forward those requests to the writable instance or do I have to specify the right one in the nsupdate dialog?
> 
> Best regards,
> Fabian
> 
>> On 15. Oct 2017, at 21:00, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>>
>> Am 07.10.2017 um 22:59 schrieb Fabian:
>>> Hi,
>>>
>>> I have some questions regarding the integration of PostgreSQL replication and PowerDNS operating in native mode.
>>> As the replication of Postgres is a master - slave replication the transactions on the slaves are read-only.
>>>
>>> - Is there a way to delegate all write operations the the PowerDNS “master” (the one using the PostgreSQL master instance), like "forward-dnsupdate=yes” does for dnsupdates?
>>
>> Are there any write operations? In native mode I guess there shouldn'T be any write queries - maybe only for DNSSEC key management.
>>
>> Maybe if you do some fancy stuff only against the PowerDNS which uses the Postgres-Master then it should work.
>>> - How does the DNSSEC inception works with the native mode? Will the “master” try to re-sign the zone or are all PowerDNS servers trying to re-sign the zone (with failures on the read-only databases)?
>> AFAIK PowerDNS does online-signing - hence the signatures are not in the DB. Hence, every node does signing on its own (A PowerDNS server does not know if the Postgresql DB is a replication slave or master).
>>
>> What exactly is your problem?
>>
>> regards
>> Klaus
> 