[Pdns-users] ADV: Supermaster/superslave

Alan Batie alan at batie.org
Fri Apr 3 00:12:58 UTC 2020


On 4/2/20 12:49 PM, Alan Batie via Pdns-users wrote:
> I'm in the process of migrating to powerdns to take advantage of the 
> supermaster/superslave feature in particular (as well as better dnssec 
> management), with a hidden master architecture to provide additional 
> security for administration and dnssec private keys.  It seems, however, 
> that for the automatic propagation of domains to work, the hidden master 
> has to be included with an NS record in the domain, which is 
> unfortunate, as that means clients everywhere will occasionally try to 
> use it and have to timeout.
> 
> Is there a way I'm missing to avoid this problem and is there a 
> particular reason for this requirement?

After putting some logging in the code and playing with things, I 
figured out that the supermaster table wants the ip address to be that 
of the supermaster, and the nameserver to be the name of the secondary.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4038 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200402/60278d62/attachment-0001.bin>


More information about the Pdns-users mailing list