[Pdns-users] About SOA-EDIT AND SOA-EDI-API

Diego Bellini Diego.Bellini at Exponential-e.com
Tue Jan 23 11:36:10 UTC 2018


Thanks Aki
I read it but it was a bit confused

So these are two different ways to increment the serial number

SOA-EDIT_API follow the logic of SOA-EDIT-DNSUPDATE
SOA-EDIT is for DNSSEC

In case of DNSSEC enabled
For a domain, I could use both in the domainmeatdata table

The big difference of the 2 would be that
- With SOA-EDIT-API the SOA serial of the datastore is changed according to the logic of SOA-EDIT-DNSUPDATE (when I add/delete/modify a RR)
- With SOA-EDIT, no change of the serial happens in the datastore, but the change is applied to DNS answers with the SOA record.
In this last case the increment is one of those listed in the section "Possible SOA-EDIT values" (https://doc.powerdns.com/md/authoritative/dnssec/#soa-edit-ensure-signature-freshness-on-slaves)


Is this correct?


Kind regards,

Diego Bellini
NMS System Administrator
________________________________
Exponential-e Limited
t: 020 7096 4084
e: Diego.Bellini at Exponential-e.com<mailto:Diego.Bellini at Exponential-e.com>
From: Aki Tuomi [mailto:cmouse at cmouse.fi]
Sent: 23 January 2018 07:38
To: Diego Bellini <Diego.Bellini at Exponential-e.com>; pdns-users at mailman.powerdns.com
Subject: Re: [Pdns-users] About SOA-EDIT AND SOA-EDI-API

"soa_edit_api MAY be set. If it is set, on changes to the contents of a zone made through the API, the SOA record will be edited according to the SOA-EDIT-API rules." (https://doc.powerdns.com/md/httpapi/api_spec/<https://doc.powerdns.com/md/httpapi/api_spec/>)

SOA-EDIT: When serving this zone, modify the SOA serial number in one of several ways. Mostly useful to get slaves to re-transfer a zone regularly to get fresh RRSIGs. (https://doc.powerdns.com/md/authoritative/domainmetadata/#soa-edit<https://doc.powerdns.com/md/authoritative/domainmetadata/#soa-edit>)

Aki
On 22.01.2018 16:29, Diego Bellini wrote:
Good afternoon to all,
we migrated from a very old version of powerdns to the 4.0
In the current configuration dnssec is disabled , for the time being

And I am starting to use the api to insert/modiy/delete records

I am reading the api specifications but I don't get what is the difference between SOA-EDIT AND SOA-EDI-API specified in the doaminmetadata table for a domain

Can anyone give me a quick insight about it?

Thanks very much

Diego





_______________________________________________

Pdns-users mailing list

Pdns-users at mailman.powerdns.com<mailto:Pdns-users at mailman.powerdns.com>

https://mailman.powerdns.com/mailman/listinfo/pdns-users<https://mailman.powerdns.com/mailman/listinfo/pdns-users>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20180123/12e91207/attachment.html>


More information about the Pdns-users mailing list