Thanxs for all the reply's Im running pdns.x86_64 4.1.8-1pdns.el7 @powerdns-auth-41 on a mysql replication backend.
Thanxs for he pointer to pdnsutil rectify-zone looks like i hae there a problem. My script should execute that. But when running it manualy i eet he nxdomain go away. Met vriendelijke groet, Steffan Noord -----Oorspronkelijk bericht----- Van: Pdns-users <pdns-users-boun...@mailman.powerdns.com> Namens Peter van Dijk Verzonden: maandag 15 april 2019 13:49 Aan: pdns-users@mailman.powerdns.com Onderwerp: Re: [Pdns-users] DKIM NXDOMAIN On 15 Apr 2019, at 13:40, Gert van Dijk wrote: > On Mon, Apr 15, 2019 at 1:17 PM Bart Mortelmans <power...@bart.bim.be> > wrote: > >> It seems like this doesn't cause any problems in the real world, only >> in a test like the one on internet.nl. But as far as I can tell, it's >> not okay with RFC8020. It will break DNSSEC for any names under the NXDOMAIN. > Very interesting read, thanks. I was looking for such a rule in other > RFCs while writing a reply to Steffan, but it appears to be in a > separate RFC on its own. :-) 8020 makes explicit what was implicit already - if there is something below a name, the name itself should exist as well. > FWIW, PowerDNS is not stating to be compliant with that RFC. [1] :-( The auth is compliant with the behaviour required by the RFC. The recursor does not implement 8020. I’ll update the page. > I'm running PowerDNS Authoritative 4.2.0-rc1 with the BIND Backend and > it responds as it should, without having any RR on name '_domainkey' > for the zone! The domain passes the test just fine. > Perhaps this is specific to the backend? Yes. In the bindbackend, this is automatic. With database backends, a NULL record needs to be inserted. pdnsutil rectify-zone will do this for you. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
