[Pdns-users] bind backend and dnssec database

frank+pdns at tembo.be frank+pdns at tembo.be
Fri Jul 12 06:25:15 UTC 2019

> On 11 Jul 2019, at 16:57, Philip Vanmontfort <philip at smartbit.be <mailto:philip at smartbit.be>> wrote:
> goodday,
> we change the zone's regularly, but the zone's are generated with puppet.
> If we use a predefined key on all servers wouldn't we get into trouble with key rollovers? for example rollover differences between name servers that are reinstalled?  Or is the only important factor the DS key (wich would be the same on all servers)?


There’s a difference between key rollovers, which don’t happen automatically and you should first figure out why you want to rollover, and signature refreshes, which happen automatically in PowerDNS if you use online signing (the default mode).

Also note that the DS records don’t contain the key, they contain a hash of the key.

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190712/03ae8f27/attachment.html>

More information about the Pdns-users mailing list