[Pdns-users] DNSSEC UDP problems

Pieter Lexis pieter.lexis at powerdns.com
Tue Mar 9 13:54:17 UTC 2021


On 3/9/21 2:44 PM, Steffan via Pdns-users wrote:
> Hm that was a one time error
> Upgraded to:
>   pdns-4.5.0-0.alpha0.master.826.gd1a09d600.1pdns

Running bleeding edge in production is not recommended. Although we
haven't had big issues in the master branch for quite a while. Just keep
that in mind :).

> Now no errors are found in the log 
> Still the message
> 	Found 1 RRSIGs over DNSKEY RRset
> 	RRSIG=51602 and DNSKEY=51602/SEP verifies the DNSKEY RRset
> 	crazyforprint.nl A RR has value
> 	No RRSIGs found

Are you actually using AXFR to transfer the zone to the nameservers? Or
are you using database replication? Because ALIAS live-signing is not
implemented, only signing on AXFR-out is implemented. This is in the
documentation I sent you earlier and there's an open ticket[1] (point 6)
as well.



1 - https://github.com/PowerDNS/pdns/issues/3838

Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com

More information about the Pdns-users mailing list