Hi, We have a simple setup with a PowerDNS master and two PowerDNS slaves (AXFR). Our zones are generally signed with DNSSEC and everything has been working fine. Recently, I started experimenting with LUA records, and for those, we're seeing problems (SERVFAIL) when we query them through 3rd party resolvers.
At first, I seem to have missed this tiny paragraph in the documentation for LUA records: "LUA records can be DNSSEC signed, but because they are dynamic, it is not possible to combine pre-signed DNSSEC zone and LUA records. In other words, the signing key must be available on the server creating answers based on LUA records." It makes sense, and indeed, when I query the slaves for the LUA records, I don't get any RRSIGs, so I suspect that this must be the problem. My question is: /how/ do I make the signing key availabe on the slaves? Does this imply that I have to switch to a form of native replication, or is there a way to make this work with AXFR? I spent a few hours Googling for this, but I haven't found any clues. Met vriendelijke groet, Best regards, Martijn Grendelman
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
