[Pdns-users] DNSSEC with MySQL backend and replication
Alun James
AJames at tibus.com
Thu May 16 10:00:57 UTC 2019
Hi,
Just a few queries on implementing DNSSec with a MySQL backend, if I could trouble someone for their thoughts an recommendations?
Currently our PowerDNS Auth infra looks like below:
+-----------------+ +-----------------+
| PowerDNS Auth B | | PowerDNS Auth C |
+-----------------+ +-----------------+
| MYSQL SLAVE | | MYSQL SLAVE |
+-------^---------+ +-------^---------+
| |
| |
| +--------------+ |
| | PowerAdmin | |
MASTER/SLAVE| +------+-------+ |MASTER/SLAVE
REPLICATION | | |REPLICATION
| +------v-------+ |
+--------------+ MYSQL MASTER +--------------+
+------^-------+
|
|
+------+----------+
| PowerDNS Auth A |
+-----------------+
We currently edit records by way of PowerAdmin, which updates the master database directly and so "PowerDNS Auth A" instance is not actually used or interacted with, normally. Zone/record updates are replicated to the "edge" Auth servers (B and C) via MySQL replication. We would like to enable DNSSec on a few of our domains, at least as a proof of concept. A few questions...
I assume I need to enable gmysql-dnssec on ALL PowerDNS Auth instances (A,B and C)?
Will PowerDNS commands to enable DNSSec signing of a zone need executed on "PowerDNS Auth A" ONLY (which will add the relevant records to the database and replicate them to B and C)?
Given that PowerAdmin talks directly to the database, any record changes here likely to cause a problem with these signed domains?
Should I look at a newer GUI that implements the DNSSec commands and interacts with PowerDNS API instead?
Thanks in advance...
Regards,
Alun.
[Tibus Logo]<http://www.tibus.com/?utm_source=signature&utm_medium=email>[Separator]Alun James
Senior Systems Engineer
T: +44 (0) 28 9033 1122
E: ajames at tibus.com<mailto:ajames at tibus.com>
W: www.tibus.com<http://www.tibus.com/?utm_source=signature&utm_medium=email>
[http://frontend.open.ms-dev.web.tibus.net/zesty/tibus-sig-new/assets/icon-fb.png]<https://www.facebook.com/tibusDigital> [http://frontend.open.ms-dev.web.tibus.net/zesty/tibus-sig-new/assets/icon-tw.png] <https://twitter.com/tibus> [http://frontend.open.ms-dev.web.tibus.net/zesty/tibus-sig-new/assets/icon-li.png] <https://www.linkedin.com/company/tibus>
Tibus is a wholly-owned division of Wireless.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190516/ba68e3f8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4073 bytes
Desc: image001.png
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190516/ba68e3f8/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 234 bytes
Desc: image002.png
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190516/ba68e3f8/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 553 bytes
Desc: image003.png
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190516/ba68e3f8/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 591 bytes
Desc: image004.png
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190516/ba68e3f8/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 529 bytes
Desc: image005.png
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190516/ba68e3f8/attachment-0009.png>
More information about the Pdns-users
mailing list