[Pdns-users] ADV: Supermaster/superslave
Alan Batie
alan at batie.org
Fri Apr 3 00:12:58 UTC 2020
On 4/2/20 12:49 PM, Alan Batie via Pdns-users wrote:
> I'm in the process of migrating to powerdns to take advantage of the
> supermaster/superslave feature in particular (as well as better dnssec
> management), with a hidden master architecture to provide additional
> security for administration and dnssec private keys. It seems, however,
> that for the automatic propagation of domains to work, the hidden master
> has to be included with an NS record in the domain, which is
> unfortunate, as that means clients everywhere will occasionally try to
> use it and have to timeout.
>
> Is there a way I'm missing to avoid this problem and is there a
> particular reason for this requirement?
After putting some logging in the code and playing with things, I
figured out that the supermaster table wants the ip address to be that
of the supermaster, and the nameserver to be the name of the secondary.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4038 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200402/60278d62/attachment-0001.bin>
More information about the Pdns-users
mailing list