[Pdns-users] Zone to Cache: url method support in powerdns repo package
Otto Moerbeek
otto at drijf.net
Thu Nov 11 06:07:58 UTC 2021
On Wed, Nov 10, 2021 at 11:31:53PM +0100, Christoph via Pdns-users wrote:
> > > > > msg="Unable to load zone into cache, will retry" subsystem="ztc" level=0
> > > > > ts="1636499834.251" exception="url method configured but libcurl not
> > > > > compiled in" refresh="60" zone="."
> > > > >
> > > > > installed from your debian repo, version: 4.6.0~beta1-1pdns.bullseye
> > > >
> > > > Thanks for the report, will fix soon.
> > >
> > > Can you try http instead of https? I think the libcurl used for the
> > > build is libcurl-dev, while only libcurl4-openssl-dev has https support.
> >
> > Never mind, it was a configure thing. Next beta will have this fixed.
>
> I was thinking about creating a molecule scenario for it on your nice
> recursor ansible repo so I don't have to use our environment for testing,
> but you figured it already.
>
> two more questions about this new feature:
> Does it validate zone content just as it would validate all
> responses from a remote (root) server (without ztc)? (if validation is
> enabled)
DNSSEC valiation will be done, but in a "lazy" way, i.e. only when
needed by the dnssec setting or when client flags require it. So bulk
validatiuon, but if and when a record is requested by the client. The
validation status wil then be stord in the record cache.
We plan to suppport ZONEMD as described in
https://datatracker.ietf.org/doc/html/rfc8976 in the future.
>
> Since some tlds publicly document their axfr support
> we would like to use it to feed our caches for performance and privacy
> reasons.
> Therefore it would be nice to be able to specify the server by name and not
> by IP address. Is this also something you would consider?
> (currently the documentation only mentions IP address as a possible source)
I'm hesitant to allow names instead of IPs in the recursor config, as
it can easily lead to bootstrapping issues.
> thanks for your responsiveness!
Thank *you* for testing the beta. It's much better to have these
issues reported now than after final release :-)
-Otto
More information about the Pdns-users
mailing list