[Pdns-users] DNSSEC UDP problems
Pieter Lexis
pieter.lexis at powerdns.com
Tue Mar 9 13:54:17 UTC 2021
Hi,
On 3/9/21 2:44 PM, Steffan via Pdns-users wrote:
> Hm that was a one time error
>
> Upgraded to:
> pdns-4.5.0-0.alpha0.master.826.gd1a09d600.1pdns
Running bleeding edge in production is not recommended. Although we
haven't had big issues in the master branch for quite a while. Just keep
that in mind :).
> Now no errors are found in the log
> Still the message
>
> Found 1 RRSIGs over DNSKEY RRset
> RRSIG=51602 and DNSKEY=51602/SEP verifies the DNSKEY RRset
> crazyforprint.nl A RR has value 199.59.242.153
> No RRSIGs found
Are you actually using AXFR to transfer the zone to the nameservers? Or
are you using database replication? Because ALIAS live-signing is not
implemented, only signing on AXFR-out is implemented. This is in the
documentation I sent you earlier and there's an open ticket[1] (point 6)
as well.
Cheers,
Pieter
1 - https://github.com/PowerDNS/pdns/issues/3838
--
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com
More information about the Pdns-users
mailing list