[Pdns-users] bind backend and dnssec database

Philip Vanmontfort philip at smartbit.be
Wed Jul 10 09:53:38 UTC 2019


We want to put everything in one place (puppet), so that we don't have to make a backup of the database.  And we want a minimum of moving parts, that is why there is no database backend.
The setup uses native zones, so we don't do zone transfers with masters and slaves.  So i figured, with everything in puppet saves me on replication/backup of the database.

Do i understand correctly that I need to replicate the bind-dnssec-db.sqlite3 from one server (soa server?) to the others? or do i need to build a master-slave setup with zone transfers to enable a correct working of dnsssec?

best greetings,
Van: Pdns-users <pdns-users-bounces at mailman.powerdns.com> namens Bjoern Franke <bjo at nord-west.org>
Verzonden: woensdag 10 juli 2019 11:12
Aan: pdns-users at mailman.powerdns.com
Onderwerp: Re: [Pdns-users] bind backend and dnssec database


> my company is planning the migration of our authoritative name servers
> to powerdns 4.1.x  with a bind backend (managed with puppet).  this part
> is working as intended.
> The question is:
> can I put the |bind-dnssec-db.sqlite3| inside puppet after I secured the
> zone.  (can it be readonly from powerdns's viewpoint)
> or does powerdns need read-write acces to the |bind-dnssec-db.sqlite3|?
> (maybe for key roll over?)

we are running also powerdns in a puppetized way, but with MySQL as
hybrid-backend. As data is changed during key rollover, a read/write
access is needed. Why do you want to put the sqlite itself into puppet?
For the slaves?

Kind regards
Pdns-users mailing list
Pdns-users at mailman.powerdns.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190710/082bb5ce/attachment.html>

More information about the Pdns-users mailing list