Back in time we had a setup of chained pdns-auth Servers where one pdns signed the zone and another did a full axfr which was replicated using db replication to readonly pdnses with public ips.
This way we worked around the need for private keys in databases in colo datacenters. With your opendnssec setup I guess you are trying to work around the same problem. That worked ok for zones with up to 50k records. Nowadays we've written an incremental signer which we've integrated in our DNS/DHCP and IP Management. You can find it at github.com/1and1/dim. This incremental signer performs well for zones with upto 500k records (Didn't test more). Cheers Thomas On 11/24/20 8:12 AM, Sebastian Sandberg via Pdns-users wrote:
I have missed that statement in the docs, that's probably why I see this error. I have a problem when sending zone updates from pdns to Opendnssec for zone signing. After sending a notification from pdns to opendnssec, opendnssec request ixfr over udp and gets back rcode REFUSED. Have not yet found a solution for this. If anyone has more input that could help me in the right direction please let me know, I'm going to dig deeper. Thanks Brian for your update. Best regards, Sebastian On Mon, Nov 23, 2020 at 3:54 PM Brian Candler <b.cand...@pobox.com <mailto:b.cand...@pobox.com>> wrote: On 23/11/2020 13:33, Sebastian Sandberg via Pdns-users wrote:I have questions regarding IXFR. I have a problem in my lab where pdns is refusing IXFR requests to check current serial of a master zone in pdns. This seems to appear when IXFR is requested over UDP.Aside: I see in ./docs/modes-of-operation.rst and here <https://doc.powerdns.com/authoritative/modes-of-operation.html#ixfr-incremental-zone-transfers>: "PowerDNS itself is currently only able to retrieve updates via IXFR. It can not serve IXFR updates." Is that sentence still true, or now obsolete? _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
