Hello, We want to put everything in one place (puppet), so that we don't have to make a backup of the database. And we want a minimum of moving parts, that is why there is no database backend. The setup uses native zones, so we don't do zone transfers with masters and slaves. So i figured, with everything in puppet saves me on replication/backup of the database.
Do i understand correctly that I need to replicate the bind-dnssec-db.sqlite3 from one server (soa server?) to the others? or do i need to build a master-slave setup with zone transfers to enable a correct working of dnsssec? best greetings, Philip ________________________________ Van: Pdns-users <pdns-users-boun...@mailman.powerdns.com> namens Bjoern Franke <b...@nord-west.org> Verzonden: woensdag 10 juli 2019 11:12 Aan: pdns-users@mailman.powerdns.com Onderwerp: Re: [Pdns-users] bind backend and dnssec database Hi, > > my company is planning the migration of our authoritative name servers > to powerdns 4.1.x with a bind backend (managed with puppet). this part > is working as intended. [...] > The question is: > > can I put the |bind-dnssec-db.sqlite3| inside puppet after I secured the > zone. (can it be readonly from powerdns's viewpoint) > or does powerdns need read-write acces to the |bind-dnssec-db.sqlite3|? > (maybe for key roll over?) > we are running also powerdns in a puppetized way, but with MySQL as hybrid-backend. As data is changed during key rollover, a read/write access is needed. Why do you want to put the sqlite itself into puppet? For the slaves? Kind regards Bjoern _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
