Hi,
>
> Thank you, that seems to work: importing the key and setting the zone
> to 'not presigned' leads to RRSIG records being produced on the slaves.
>
> However, when I edit the zone on the master and trigger a transfer to
> the slaves, the 'PRESIGNED' flag returns on the zone, which is
> documented behaviour:
>
> /PowerDNS sets this flag automatically upon incoming zone
> transfers (AXFR) if it detects DNSSEC records in the zone. /
>
> So, I guess I have to either tell the slave to discard the incoming
> DNSSEC records or at least not set the PRESIGNED flag, or tell the
> master not to send them in the AXFR.
>
> Is there any way to do either?
To answer my own question: I haven't found anything in the PowerDNS docs
that could help me, but I may have found a workaround using a MySQL
trigger on the slaves:
CREATE TRIGGER notpresigned BEFORE INSERT ON domainmetadata FOR EACH
ROW BEGIN IF NEW.domain_id = 1 AND NEW.kind = 'PRESIGNED' THEN SET
NEW.content = '0'; END IF ; END; //
Any drawbacks?
Best regards,
Martijn Grendelman
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
