[Pdns-users] bind backend and dnssec database
philip at smartbit.be
Wed Jul 10 09:53:38 UTC 2019
We want to put everything in one place (puppet), so that we don't have to make a backup of the database. And we want a minimum of moving parts, that is why there is no database backend.
The setup uses native zones, so we don't do zone transfers with masters and slaves. So i figured, with everything in puppet saves me on replication/backup of the database.
Do i understand correctly that I need to replicate the bind-dnssec-db.sqlite3 from one server (soa server?) to the others? or do i need to build a master-slave setup with zone transfers to enable a correct working of dnsssec?
Van: Pdns-users <pdns-users-bounces at mailman.powerdns.com> namens Bjoern Franke <bjo at nord-west.org>
Verzonden: woensdag 10 juli 2019 11:12
Aan: pdns-users at mailman.powerdns.com
Onderwerp: Re: [Pdns-users] bind backend and dnssec database
> my company is planning the migration of our authoritative name servers
> to powerdns 4.1.x with a bind backend (managed with puppet). this part
> is working as intended.
> The question is:
> can I put the |bind-dnssec-db.sqlite3| inside puppet after I secured the
> zone. (can it be readonly from powerdns's viewpoint)
> or does powerdns need read-write acces to the |bind-dnssec-db.sqlite3|?
> (maybe for key roll over?)
we are running also powerdns in a puppetized way, but with MySQL as
hybrid-backend. As data is changed during key rollover, a read/write
access is needed. Why do you want to put the sqlite itself into puppet?
For the slaves?
Pdns-users mailing list
Pdns-users at mailman.powerdns.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pdns-users