[Pdns-users] Configure DNSSec with LDAP backend

Eduard Ahmatgareev e.ahmatgareev at gmail.com
Sat Nov 30 16:48:21 UTC 2019 

Hi All,

I need your help with start using dnssec in our environment.
We already have a big installation dns servers which based on powerdns and
uses as backend - ldap module

launch=ldap
ldap-host=ldap://10.5.2.33:389
ldap-basedn=dc=ds,dc=basedomain
ldap-binddn=cn=ra,dc=basedomain
ldap-secret=oursecret
ldap-method=tree

#launch+=gmysql
#gmysql-dnssec=yes
#gmysql-host=10.1.0.24
#gmysql-user=pdns
#gmysql-password=muysqlpassword
#gmysql-dbname=pdns

I found that ldap backend doesn't support dns sec, that's why I create a
new installation of mysql server.
Also I added mysql backend as second backend and I would like to store dns
sec fields inside mysql storage

But, during running this configuration I got an errors:

Nov 30 11:37:48 /usr/sbin/pdns_server(+0x1b05e6) [0x55e165ff45e6]
Nov 30 11:37:48 /lib/x86_64-linux-gnu/libc.so.6(+0x33060) [0x7f5ac6f5c060]
Nov 30 11:37:48 /lib/x86_64-linux-gnu/libc.so.6(gsignal+0xcf)
[0x7f5ac6f5bfff]
Nov 30 11:37:48 /lib/x86_64-linux-gnu/libc.so.6(abort+0x16a)
[0x7f5ac6f5d42a]
Nov 30 11:37:48 /usr/sbin/pdns_server(+0xdf0bd) [0x55e165f230bd]
Nov 30 11:37:48
/usr/sbin/pdns_server(_ZN10DNSBackend22getBeforeAndAfterNamesEjRK7DNSNameS2_RS0_S3_+0x475)
[0x55e165f1b635]
Nov 30 11:37:48
/usr/sbin/pdns_server(_ZN13PacketHandler7addNSECEP9DNSPacketS1_RK7DNSNameS4_S4_i+0xa1)
[0x55e165fe43d1]
Nov 30 11:37:48
/usr/sbin/pdns_server(_ZN13PacketHandler8addNSECXEP9DNSPacketS1_RK7DNSNameS4_S4_i+0x14b)
[0x55e165fe569b]
Nov 30 11:37:48
/usr/sbin/pdns_server(_ZN13PacketHandler18completeANYRecordsEP9DNSPacketS1_R7SOADataRK7DNSName+0x9a)
[0x55e165fe5a6a]
Nov 30 11:37:48
/usr/sbin/pdns_server(_ZN13PacketHandler17questionOrRecurseEP9DNSPacketPb+0x2836)
[0x55e165fe8896]
Nov 30 18:37:48 vm01 pdns_server[24828]: Nov 30 11:37:48
/usr/sbin/pdns_server(_ZN13TCPNameserver12doConnectionEPv+0x461)
[0x55e166045471]
Nov 30 11:37:48 /lib/x86_64-linux-gnu/libpthread.so.0(+0x74a4)
[0x7f5ac72cf4a4]
Nov 30 11:37:48 /lib/x86_64-linux-gnu/libc.so.6(clone+0x3f) [0x7f5ac7011d0f]

Installed packages:
vm01:~# dpkg -l|grep pdns
ii  dnsdist                              1.3.3-1pdns.stretch
 amd64        DNS loadbalancer
ii  pdns-backend-bind                    4.0.3-1+deb9u5
amd64        BIND backend for PowerDNS
ii  pdns-backend-ldap                    4.0.3-1+deb9u5
amd64        LDAP backend for PowerDNS
ii  pdns-backend-mysql                   4.0.3-1+deb9u5
amd64        generic MySQL backend for PowerDNS
ii  pdns-server                          4.0.3-1+deb9u5
amd64        extremely powerful and versatile nameserver
#


Is there any way to get dnssec up and running with ldap backend?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20191130/d6a0c75b/attachment.htm>

More information about the Pdns-users mailing list