Hello James, On Feb 20, 2013, at 1:45 , James Cloos wrote:
>>>>>> "PvD" == Peter van Dijk <peter.van.d...@netherlabs.nl> writes: > > PvD> Rectify is 'pretty' cheap when you don't use NSEC3. However, it's not > PvD> the kind of thing you'd want to run after every update to a big, busy > PvD> zone. > > And yet, when using automatic serials and axfr replication, every change > creates notifies which trigger axfrs which fail until rectify is done. I did not mean to suggest running rectify is optional; I just meant to say that the current full-zone rectify is heavy, and thus 'no fun' to run after every edit. Apologies for the confusion. > I've spent some time looking into a set of functions (I use pgsql) for > making changes, which can do all of the necessary logic when adding, > removing or changing an RR, but I haven't yet compiled a full list of > what exactly is required for every case when dnssec is in use. Has > anyone else? To Ruben's excellent response, I just want to add that http://doc.powerdns.com/dnssec-modes.html#dnssec-direct-database has a high-level overview. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
