[Pdns-users] Issue with DNSSEC on subdomains (only)
Peter van Dijk
peter.van.dijk at powerdns.com
Mon Jul 15 07:00:17 UTC 2024
On Sun, 2024-07-14 at 16:02 +0200, Support SimpleRezo via Pdns-users
wrote:
> Hi
>
> I have trouble rolling over DNSSEC keys on subdomains (no issue for
> domains but for all subdomains): DS digest returned by PowerDNS
> queries are incorrects. Calculation from my side but also from
> pdnsutil differs from DNS responses.
>
> $ drill ds @ns1.simplerezo.com help.simplerezo.com
> help.simplerezo.com. 7200 IN DS 52911 10 2
> 058728e3151830ce369137e0f50d6d5181b4885a853abb52076f441bcc586f8b
> help.simplerezo.com. 7200 IN DS 46522 13 2
> 6504f604d391e1b40e860f3b2d2bff08f672239f4516471659383ca9d287f8fb
This comes from your database. PowerDNS does not calculate DS results for
you during query handling. You may need to update these DSes yourself by
taking the output from `pdnsutil show-zone help.simplezero.com` and
putting the DSes in the database inside the `simplezero.com` zone.
Kind regards,
--
Peter van Dijk
PowerDNS.com B.V. - https://www.powerdns.com/
More information about the Pdns-users
mailing list