[Pdns-users] DKIM NXDOMAIN

Steffan Noord steffannoord at gmail.com
Mon Apr 15 12:01:06 UTC 2019 

Thanxs for all the reply's

Im running
pdns.x86_64        4.1.8-1pdns.el7       @powerdns-auth-41
on a mysql replication backend.

Thanxs for he pointer to 
pdnsutil rectify-zone

looks like i hae there a problem.
My script should execute that.
But when running it manualy i eet he nxdomain go away.


Met vriendelijke groet,
Steffan Noord 

-----Oorspronkelijk bericht-----
Van: Pdns-users <pdns-users-bounces at mailman.powerdns.com> Namens Peter van Dijk
Verzonden: maandag 15 april 2019 13:49
Aan: pdns-users at mailman.powerdns.com
Onderwerp: Re: [Pdns-users] DKIM NXDOMAIN

On 15 Apr 2019, at 13:40, Gert van Dijk wrote:

> On Mon, Apr 15, 2019 at 1:17 PM Bart Mortelmans <powerdns at bart.bim.be>
> wrote:
>
>> It seems like this doesn't cause any problems in the real world, only 
>> in a test like the one on internet.nl. But as far as I can tell, it's 
>> not okay with RFC8020.

It will break DNSSEC for any names under the NXDOMAIN.

> Very interesting read, thanks. I was looking for such a rule in other 
> RFCs while writing a reply to Steffan, but it appears to be in a 
> separate RFC on its own. :-)

8020 makes explicit what was implicit already - if there is something below a name, the name itself should exist as well.

> FWIW, PowerDNS is not stating to be compliant with that RFC. [1] :-(

The auth is compliant with the behaviour required by the RFC. The recursor does not implement 8020. I’ll update the page.

> I'm running PowerDNS Authoritative 4.2.0-rc1 with the BIND Backend and 
> it responds as it should, without having any RR on name '_domainkey' 
> for the zone! The domain passes the test just fine.
> Perhaps this is specific to the backend?

Yes. In the bindbackend, this is automatic. With database backends, a NULL record needs to be inserted. pdnsutil rectify-zone will do this for you.

Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________
Pdns-users mailing list
Pdns-users at mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list