On 18/02/2013 6:04 PM, Jan-Piet Mens wrote:
PowerDNS needs zones to be 'rectified' for DNSSEC.
Have you considered using NSEC3 narrow?
Funnily enough I have been playing around with DNSSEC and PowerDNS the
last few days. I use the MySQL backend with it. The schema I use is the
one from the manual with a change on the auth column in the records
table - it defaults to 1.
The process I follow is:
1. pdnssec secure-zone whatever.com
2. pdnssec set-nsec3 gbe0.net '1 1 interations salt' narrow
eg.
pdnssec set-nsec3 gbe0.net '1 1 1 ffffff' narrow
The salt needs to be hex.
DNS changes made after that seem to be fine.
If you are using zone transfers (AXFR) I believe that will break. I use
MySQL replication instead due to having 6 figures of domains on there,
much quicker than notifies.
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
