On Tue, Apr 09, 2019 at 12:59:22PM +0000, Edward Lewis wrote: > My background - involved with DNS and DNSSEC over 20 years. Have a lot of > experience with ISC's BIND tools and some experience with NLnet Lab's tools. > Now I've been asked to conduct a training session with an organization that > uses PowerDNS. As much as I know of PowerDNS (people, concept), I've never > tried to download and run the code before. > > My problem - I haven't been able to find a clear "how to" for setting up > PowerDNS managed/automatic DNSSEC. I have found a lot of resources - some > old (2012) and others somewhat incomplete, but nothing giving me a simple > step by step "recipe" for DNSSEC signing. > > What I have done - gotten a simple BIND backend up and running. Simple, > static example.com stuff. > > Cutting to the chase, I stumbled across this: > https://computingforgeeks.com/how-to-install-mariadb-10-3-on-ubuntu-16-04-lts-xenial/ > > And I have MariaDB running on my test machine. (Ubuntu 16.4 and MariaDB > 10.3.) > > Then I read this: > https://doc.powerdns.com/authoritative/migration.html
Before loading zones, you need to make sure pdns.conf is set up to use the database, as desrcibed in https://docs.powerdns.com/authoritative/guides/basic-database.html Did you do that step? Including the validation by starting pdns in the foreground? > > I tried this command: > zone2sql --named-conf=/path/to/named.conf --gmysql | mysql -u pdns -p pdns-db > > adjusting the "/path/to" first. The pre--pipe command spit out what I'd > expect. The latter command complained about the -u (fixed that) and then the > -p, but I don't know how to fix that. Please show the commands issued and the error messages exactly. That helps us find the actual problem. Before we continue, please make sure the pdns -> mysql connection is set up correctly. -Otto > > I then tried: > pdnsutil load-zone example.com /tmp/example.com.zone > > adjusting the "/tmp" to my situation. The command had no response - I can't > figure out what was supposed to happen (given the documentation), so I don't > know what, if anything, was broken. > > Why am I down this path? > > My goal is to be able to use this command: > $ pdnsutil secure-zone powerdnssec.org > as found on https://doc.powerdns.com/authoritative/dnssec/index.html. > > But I can't figure out how to launch a backend that can be signed. > > What launched my journey into MariaDB was this. With the simple BIND backend: > > # pdnsutil secure-zone example.com > > Securing zone with default key size > Adding CSK with algorithm ecdsa256 > No backend was able to secure 'example.com.', most likely because no DNSSEC > capable backends are loaded, or because the backends have DNSSEC disabled. > For the Generic SQL backends, set the 'gsqlite3-dnssec', 'gmysql-dnssec' or > 'gpgsql-dnssec' flag. Also make sure the schema has been updated for DNSSEC! > > I bet there's something simple needed to load a schema into my MariaDB > instance, etc., and point PowerDNS at it, somehow, someway. (I'm no DB > expert, so my terms are off here...) > > If there's a prepared "how to" (that is current) - just point me to it. If > not, please fill me in...;) > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
