Jason Tremblett via Pdns-users <pdns-users@mailman.powerdns.com> writes:
> We are having issues with the way that QNAME minimization works and would > like to know if there is a way to improve our process to resolve > the issue. > > Backend: postgresql DB > Frontend: authoritative server > DNSSEC Enabled with NSEC3 Narrow (1 0 50 -) > > Zone file contains 60k TXT records in the form (zone replaced with > the.domain.com): > > a.b.c.the.domain.com TXT "a.b.c text record" > b.b.c.the.domain.com TXT "b.b.c text record" > c.b.c.the.domain.com TXT "c.b.c text record" > d.e.f.the.domain.com TXT "d.e.f text record" > ... > > We use pdnsutil to upload the zone file, increase serial and rectify: > > pdnsutil load-zone the.domain.com the.domain.com.zone After this step you have a broken zone loaded without the required empty non-terminals. > pdnsutil increase-serial the.domain.com > pdnsutil rectify-zone the.domain.com ... and here the zone becomes good again, giving you the NOERROR reponses that you expect. I have 2 suggestions: 1. Make sure to generate the zone file including the empty non-terminals. 2. Don't load the zone from scratch everytime you have a change, but instead edit the zone through the pdnsutil command. I would expect that option 2 would work best in most cases. There's also a middle ground where you edit the database content and then run rectify-zone afterwards, but then you have to make sure to keep your update SQL statements in sync with the (slowly) evolving database schema. Best regards, Jacob _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
