[Pdns-users] LUA records + DNSSEC
Martijn Grendelman
martijn.grendelman at isaac.nl
Wed May 27 13:04:01 UTC 2020
Hi,
>
> Thank you, that seems to work: importing the key and setting the zone
> to 'not presigned' leads to RRSIG records being produced on the slaves.
>
> However, when I edit the zone on the master and trigger a transfer to
> the slaves, the 'PRESIGNED' flag returns on the zone, which is
> documented behaviour:
>
> /PowerDNS sets this flag automatically upon incoming zone
> transfers (AXFR) if it detects DNSSEC records in the zone. /
>
> So, I guess I have to either tell the slave to discard the incoming
> DNSSEC records or at least not set the PRESIGNED flag, or tell the
> master not to send them in the AXFR.
>
> Is there any way to do either?
To answer my own question: I haven't found anything in the PowerDNS docs
that could help me, but I may have found a workaround using a MySQL
trigger on the slaves:
CREATE TRIGGER notpresigned BEFORE INSERT ON domainmetadata FOR EACH
ROW BEGIN IF NEW.domain_id = 1 AND NEW.kind = 'PRESIGNED' THEN SET
NEW.content = '0'; END IF ; END; //
Any drawbacks?
Best regards,
Martijn Grendelman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200527/a3418f0e/attachment.htm>
More information about the Pdns-users
mailing list