[Pdns-users] Rectify QNAME issues
Jacob Bunk Nielsen
jacob at bunknielsen.dk
Tue Apr 22 18:17:15 UTC 2025
Jason Tremblett via Pdns-users <pdns-users at mailman.powerdns.com> writes:
> We are having issues with the way that QNAME minimization works and would like to know if there is a way to improve our process to resolve
> the issue.
>
> Backend: postgresql DB
> Frontend: authoritative server
> DNSSEC Enabled with NSEC3 Narrow (1 0 50 -)
>
> Zone file contains 60k TXT records in the form (zone replaced with the.domain.com):
>
> a.b.c.the.domain.com TXT "a.b.c text record"
> b.b.c.the.domain.com TXT "b.b.c text record"
> c.b.c.the.domain.com TXT "c.b.c text record"
> d.e.f.the.domain.com TXT "d.e.f text record"
> ...
>
> We use pdnsutil to upload the zone file, increase serial and rectify:
>
> pdnsutil load-zone the.domain.com the.domain.com.zone
After this step you have a broken zone loaded without the required empty
non-terminals.
> pdnsutil increase-serial the.domain.com
> pdnsutil rectify-zone the.domain.com
... and here the zone becomes good again, giving you the NOERROR
reponses that you expect.
I have 2 suggestions:
1. Make sure to generate the zone file including the empty
non-terminals.
2. Don't load the zone from scratch everytime you have a change, but
instead edit the zone through the pdnsutil command.
I would expect that option 2 would work best in most cases.
There's also a middle ground where you edit the database content and
then run rectify-zone afterwards, but then you have to make sure to keep
your update SQL statements in sync with the (slowly) evolving database
schema.
Best regards,
Jacob
More information about the Pdns-users
mailing list