PowerDNS needs zones to be 'rectified' for DNSSEC. It comes with the
`pdnssec' utility which has a `rectify-zone' or `rectify-all-zones'
switch.
Thinking along the lines of lots of zones for which a lot of updates
occur, how do you perform minimal (i.e. as little as necessary)
rectification? I haven't investigated what it does to performance, but I
can't imagine that a periodic `rectify-all-zones' would do a machine any
good... Further, when acting as a master server, if rectify does modify
something, the SOA serial number isn't increased, which renders the
procedure a bit useless. :)
I've been thinking about database triggers to rectify, but a) it's a lot
of work and b) would have to be implemented (differently) for all
possible back-ends.
Would it be possible to have a "rectification" daemon or thread within
PowerDNS proper which monitors a column in the `domains' table?
Something along the lines of
ALTER TABLE domains ADD COLUMN needs_rectify BOOL NOT NULL DEFAULT 0;
A small database trigger could then set needs_rectify = 1 when something
relevant happens on the `records' table, and the rectifier would then
'fix' whatever needs fixing, and reset the boolean.
(With PostgreSQL, it could be implemented externally using NOTIFY/LISTEN.)
Regards,
-JP
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
