rec_control add-nta domain.example botched keyroll
would set dnssec validations for domain.example. to "off"?
Correct, though the multple arguments as reason look a bit suspicious to me; I
cannot test now, but it might be you have to quote the "botched keyroll"
arguments.
-JP
_
I think the safest in this situation would be to add a Negative Trust Anchor
(NTA) [1] in order to temporarily disable DNSSEC validation in your Recursor
for that particular authoritative zone. While the NTA [2] is active you could
try contacting the operator of the (obviously) broken authoritativ
gmysql-host=127.0.1.1
dot 1 dot 1 ?
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
I found some internet stuff where someone claims that the AA flag is even
not set if the answer comes from a cache in some constellations (bind
cache).
It is correct that AA is *not* set when the response comes from a recursive's
cache: the cache is *not* authoritative -- only an authoritative
$ dig test.example1.mydomain.com @
; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu
...
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
As you can see above "AUTHORITY: 0" is a none authoritative answer
AUTHORITY has nothing to do with wether the answer is authoritative. You ne
DOMANIN.TLD IN A 185.99.65.
interesting IP address.
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
Has anyone ever tried inserting presigned Zones via the PowerDNS API?
Ouch, I'd not want to have to do that...
Is an incoming XFR not an option? I know that works.
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailma
I want to make DNS-DHCP-LDAP services to be tied together.
Is it able to be achieved with PowerDNS?
There's not much information contained in your question, and I am going to make
the mistake of assuming: if your DHCP leases are to be registered in a PowerDNS
LDAP backend, I don't think the latt
Packet for 'mydomain.com' denied: Signature with TSIG key 'dhcpupdate' does
not match the expected algorithm (hmac-sha256 / hmac-md5.sig-alg.reg.int)
It appears from very light research (old-fashioned word for 'googling') that
opensense/pfsense used to support HMAC-MD5 only [1], and the above me
So my questions are : where does the key-id (returned in DNSKEY
records) comes from and how I can get it from DB ?
The key tag (or key ID) of a DNSKEY record is not stored in the database; it is
a value which is calculated from the binary key; see RFC 4034, appendix B.
Using pdnsutil show the D
Any suggestions?
show whether sip. has other data and don't obfuscate names.
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
You aren't reading what you're repeatedly being told; this list cannot offer
the level of knowledge you require.
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
I have the same question
before asking very general and extremely easy to search for questions on a
dedicated server mailing-list, have you considered actually learning a bit
about what you are about to do?
You will require at least basic DNS knowhow on authoritative servers and
recursive serve
* [1]Structured Logging has been implemented for almost all
subsystems. This allows for improved (automated) analysis of
logging information.
Is there any further documentation about this other than the link you added and the
"Logging" [2] section in the documentation?
What exa
Can you please advise how to configure Pdns Authoritative 4.5.4
master/slave replication?
You have not told us what your configuration looks like, what you've done,
which documentation you've studied, and which tests you've conducted.
-JP
___
dig @200.7.160.10 umsa.bo soa +norec
That server is responding authoritatively (flags: AA), which is fine.
Please, tell me How can I to change or to config PDNS to get SOA request.
by querying for the SOA request as you did above.
Running the command dig doesn't show
AUTHORITY SECTION and
dig @127.0.0.1 zone-name.bo soa +norec
zone-name.bo is NXDOMAIN.
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
And don't forget that there is the ALIAS pseudo resource record for
this purpose.
Actually I purposesly forget ALIAS as it's nonstandard. :)
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/l
CNAME @ APEX questions:
There is no such thing. "No CNAME and other data" is the rule.
Fired off too quickly. RFC 1912 2.4 clarifies this [1]
-JP
[1] https://www.ietf.org/rfc/rfc1912.txt
___
Pdns-users mailing list
Pdns-users@mailman.powerd
Does PowerDNS load all of the zones into memory, and then start
serving (like BIND), or does it load each zone and start serving said
zone immediately upon load (like KNOT)?
Neither nor. It waits for a query and then goes to the backend to search
for an answer to that query, unless the answer i
I don't like to compare pDNS with Bind, but ZSK Rollover is built in since Bind
9.7.
BIND's key rollover "automation" was such that keys had to be created and a
rollover could then be kicked; alternatively timing information in the key
metadata ensured that.
Be that as it may, comparing BIND t
Indeed, PowerDNS produces RRSIGs on the fly
I forgot to mention: query your primary server with `dig .. +dnssec`,
and you should see the RRISGs.
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mai
My question is: Why RRSIG registers are missing on my primary server?
They aren't missing. :-)
If you look carefully at the zone as it was transferred to your
secondaries, you will see the RRSIGs, so they must have come from
somewhere, right, particularly as the zone is indicated as being
PR
For Letsencrypt protocol to generate certificate I have to enable zone
transfer in my powerdns.
I think you mean "DNS Updates" for Let's Encrypt dns-01, but I don't
believe these are possible in PowerDNS with the LDAP backend.
-JP
___
Pdns-use
Please, mr. troll, go somewhere else
Insulting Ruben is not going to get you very far in your quest for help.
-JP
[1] https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/
___
Pdns-users mailing list
Pdns-users@mailma
(summarizing from two of your messages)
I only want to pass what was explicitly requested to the backend and
nothing else because the server has to process many millions of
requests and any overhead is not desired.
I want PowerDNS to send exactly the records to the client that the pipe
backe
The problem is the backend bind is not notifying properly and we have
reset it, so that is why somehow pdns notify "*" does not work properly
even though pdns notify example.com works. Not too sure why it is like
this.
What do you mean by 'reset'? How did you 'reset' it? Do you mean
'restart'
29.0.10.in-addr.arpa 3600IN NS ns2.example.com.
29.0.10.in-addr.arpa 3600IN NS ns. example.com.
I stopped reading when I saw the space in the domain name. I cannot
imagine you'll get a lot of help for obfuscating data.
-JP
__
All fixed now.
You made the news, at least in this German IT "magazine" [1]. It
basically reports what you already said in your first message. :-)
-JP
[1]
https://www.heise.de/newsticker/meldung/24-Stunden-nach-dem-Start-Dramafreier-DNS-Schluesselwechsel-4190133.html
___
I am facing the problem of having to define a "@" TXT record value for
domain verification purposes.
Are you sure the '@' doesn't refer to just zone apex, i.e.
noa.gr TXT "MS=ms..."
-JP
___
Pdns-users mailing list
Pdns-users
Query server with pdns4.0.1 only some domains report back
You've been asked to "pdnsutil check-all-zones"; have you run that on
your new installation?
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.c
Their server is limited in resources so I'm looking for let the powerdns
configured using less resources as possible.
I would use either the Generic SQLite or the BIND backends. The former is
"database"-like with INSERT/UPDATE/DELETE etc, and the latter uses zone master
files. Neither require
can you please help me to understand why my pdns recursor doesn't resolv
the doains *.nhs.com
pi@raspberrypi:~$ dig @127.0.0.1 -p 5300 www.england.nhs.uk
You do not say which release you are using.
I cannot reproduce this with Recursor from current 4.0 master; it responds
correctly.
I’m using Poweradmin
(sigh)
[Error] No delegation for zone 'test1. mydomain.com' in parent ' mydomain.com'
You are obfuscating and pasting spaces in the obfuscated names. Do you really
expect to be helped?
But I have configured on the recursor the forward to the authoritative for
this zo
> Meh one more turned the dark side ...
Did you read the tl;dr?
> The tl;dr: PowerDNS will remain enthusiastically Open Source
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-use
> What I am doing wrong?
You are obfuscating data, and possibly copy/pasting it incorrectly:
> Nov 23 23:10:56 gw01 pdns[11003]: AXFR done for 'dp,aom.com', zone committed
> with serial number 2015112322
^^^
There is no way people are going
> Ironically the Ansible python module that I was using was your's! :)
Please report bugs on the Github issue-tracker for the module, if and
when you find them.
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powe
> I am unsuccessful in having all SRV records automatically added to
> PDNS.
Which back-ends are you using?
How did you add the records?
What does "automatic" mean?
> also stood up a new domain just to see if the issue persisted from a
> fresh domain setup and it does.
How did you set up this ne
> is PowerAdmin still to only Web GUI to go as of today?. Any comments
> on alternatives?
There are dozens of Web things for managing PowerDNS [1], one of which
is the one you mention. One that is actively being maintained and uses
the PowerDNS REST API is `nsedit' which makes a very good impress
(no need to take this off-list)
> the only problem is that I am doing MySQL master/slave database
> replication. upgrading the schema on the slave(s) will break the
> replication process unfortunately.
You spoke of PowerDNS master and slaves from which I gathered AXFR.
-JP
_
> I need to get another 'slave' working which is sitting on PowerDNS
> 3.x to work with my 2.9 master and database schema.
Upgrade the database schema of your 3.x slave; PowerDNS will do the
right thing when it transfers zones into that slave from your
(unmodified) 2.9 master server.
-JP
> Are there any hooks in PowerDNS to run scripts after certain API calls
> have been processed?
Not to my knowledge.
If you're using MySQL or PostgreSQL as a back-end data store, using a
few TRIGGERs would probably do the trick. I've done this in MySQL a few
times, and that works rather nicely. L
> What do you guys think would be the best approach for comparing two
> PowerDNS MYSQL databases that are supposed to hold the same domains
> and records?
Instead of mucking about with SQL what I would probably do is configure
both servers as masters; then, on each, AXFR each of the zones, and use
> The ‘master’ field in the domains table accepts a comma-separated list of
> masters.
Space-separated as well, at least that's what the REST API does. :)
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.
> (and here comes a ticket, I think )
Ignore that, please: I pasted a wrong mysql query which explains the
discrepancy in the SOA serial number; all else is ok, though. (It was a
long day, sorry.)
-JP
___
Pdns-users mailing list
Pdns-users@
> Here I'm particularly concerned with the part about SOA records. The
> instructions to never terminate the names in the SOA with a trailing
> dot (.) are counter to the instructions for every other DNS software
> and platform I can find, and counter to every "about" page/tutorial I
> can find for
> So, with that out of the way, what do I email them?
You email them what *they* expect from you, and if they don't know, I'd
really move to a competent joint. (Have fun finding one!)
Some registrars want DS records, others want DNSKEY records from which
they then create the DS from that.
In ca
Actually, why do you insist on not providing the information that is
asked of you. People here are doing their best to help; at the very
least it would be polite to respond with the information requested.
Christian wrote:
Start curl with -v and report back both the exact, unmodified
> curl --local-port 8081 -H 'X-API-Key: otto'
> http://178.62.251.135:8081/servers/localhost/zones
Why do you insist on using --local-port ?
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/li
> *Mar 05 06:04:28 Fatal error: Trying to set unexisting parameter
> 'webserver-allow-from'*
IIRC (I don't feel like going back to study all this) you've been
telling us all the time that all was fine...
Before bothering with the API, make sure your PowerDNS server starts
without errors. Check th
> This version of PowerDNS we use is PowerDNS Authoritative Server 3.4.2.
> This is the entire pdns.conf file in /etc/powerdns:
>
> http://pastebin.com/14LqMbLp
Line 623 has crud behind it; that better not be in the configuration.
Also show us the *exact* curl command you're using from the
comma
> Is there not a way to set NSEC3 parameters (pdnssec set-nsec3) for all zones?
No, because most people chose differing NSEC3PARAMs for their zones.
pdnssec list-all-zones | grep -v '^All zonecount:' | while read z
do
pdnssec set-nsec3 ...
done
Not terribl
> but why exactly is zone templates something which you guys politely
> call useless?
OK, maybe I ought to apologize for my tone, so I apologize.
If you're going to use an API, it seems natural (to me at least) that
you'll be creating an application of sorts to leverage that API to
create, popul
> template are not standard for everyone. so this useless.
Utterly useless, yes.
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
> Does anyone have an API call example on how to do this?
There is an example in the documentation [1].
-JP
[1] http://doc.powerdns.com/md/httpapi/README/
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/
> Is it possible to modify the structure of the records table, to add new
> fields?
You can add as many columns as you need; that will not interfere with
PowerDNS Auth operation. (You can also rename existing columns, but
you'd need to redefine the queries PowerDNS uses, so I don't recommend
you
> Would it be possible to setup a authorative PowerDNS server with DNSSEC
> support using the LDAP backend?
The LDAP back-end doesn't support DNSSEC.
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/ma
> The forward works perfectly if I delete the zone from PowerDNS
^^^ you have answered your own question. Everything else makes no sense.
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listin
> domain.tld IN CNAME someotherdomain.tld
> *.domain.tld IN CNAME someotherdomain.tld
> domain.tld IN MX 10 somemailserver.tld
CNAME and other data is not allowed (even if you can shove it into the
database ... *sighs*) Most servers break on that.
Remove the CNAME at the zone apex.
-JP
> I'm using the Mysql backend and administering using Poweradmin. Is
> there a way of "de-activating" a zone - other than simply deleting
> it from the database?
What some people do is to add a column to the domains table (`active
INTEGER DEFAULT 1`, or something like that) and alter the SQL quer
> Is it possible to point "allow-axfr-ips" at an external text file
> that lists allowed IP's ie one IP per line?
You can configure ALLOW-AXFR-FROM in the `domainmetadata' table [1] on a
per/zone basis.
-JP
[1] http://doc.powerdns.com/html/allow-axfr-from.html
__
Giles,
> For our provisioning system I need to know the DNSKEY of a zone quickly
> after the zone has been created (ideally the DS...).
what works very well, is to pre-create keys using, say, BIND's
dnssec-keygen or LDNS' ldns-keygen and store those yourself in PowerDNS'
database tables (cryptok
> I have access to a propietary DNS infeaestructure to migrate zones
> via the AXFR protocol. They will not send notifies to me, all i can
> run is the AXFR such as: dig axfr domain.com @1.2.3.4 .
>
> Question: Is there anyway I can feed this into the PDNS server and
> fill the zone?
PowerDNS sup
> Hello! I have a version of powerdns
> 3.0.1.It works like the master with mysql backend.
> Also I have a slave Bind servers. In my
> network, new clients grabs IP from dhcp server, then script triggered by dhcp
> server inserts a new record to the mysql database and increments SOA
> serial.E
Klaus,
> I did some basic testing and everything works fine, except that the
> SOA's serial stays constant also during ZSK and KSK roll-overs. Is
> this the expected behavior? E.g. Bind in inline-signing mode
> increases the serial on roll-overs and re-signing.
Have you looked at (and tweaked) th
n'Abend Michael,
> What's the simplest and hopefully efficient way to block domains from being
> resolved by pdns-recursor?
>
> I'd like to just NXDOMAIN being returned for all RRs in unwanted domains.
I think your best bet is using the Lua interface [1].
Regards,
-JP
[1] http://wiki
> I am trying to set up ddns server using powerdns and gui. Does any one have
> any good write up to refer to? Or suggestions...
If you mean DDNS a la dyn.com, check this list for a thread titled "DDNS
support or workaround?" which may give you a few hints.
If you mean DDNS as in RFC 2136 Dynamic
> What does "-DLDAP_DEPRECATED" signify?
It sets a define (LDAP_DEPRECATED) which in turn pulls in certain
function prototypes from the include files which have been deprecated
(e.g. ldap_sasl_bind() should be used i/o ldap_bind())
In other words, people shouldn't be using these routines in thei
> Is there a simple way for a secondary to force zone fetching for all
> provisioned zones? Eg. marking all entries as "obsolete" so that
> PDNS triggers zone transfer?
If you can afford to do so, you could try
DELETE FROM records;
which will wipe out the content of records. Restart Powe
> Is it possible to somehow disable auto notifications when running
> authoritative server (3.2) in master mode and use pdns_control to
> send notifications "manually" when required to whichever servers we
> want?
PowerDNS notifies the NS RRset in a zone, and this can be augmented by
specifying an
> >>>>> "JM" == Jan-Piet Mens writes:
"JP", by the way ;-)
> 'the blob' doesn't answer my question.
>
> Is it just random bits or the result of running hmac-md5 on something?
It's the rdata taken from the KEY RR after ru
> Should the tsigkeys.secret column have any structure?
It's just the Base64-encoded blob, e.g.:
INSERT INTO tsigkeys (name, algorithm, secret) VALUES ('k01',
'hmac-md5', '4imFLvMHKDmtc2oJldCaJg==');
Regards,
-JP
___
Pdns-users mailin
> I sm wondering if split horizon can be configured with powercns so that
> intetnal as well as external users can get a separate ips?
If you're talking about PowerDNS Authoritative, the answer is 'no'. If
you mean PowerDNS Recursor, the answer is 'maybe': you could use its Lua
feature to fiddle w
> mysql backend and I was asked to setup it in order to receive
> dynamic dns updates using dyndns2 protocol (so updates should
> came via authenticated http)
I'm not aware of anything good, but it's pretty trivial to accomplish,
as you probably know: obtain the (authentic) data and INSERT/UPDATE
> Well my problem is that when i make a change my slave server does not seem to
> know about it.
> E.g. the salve does not receive the notification. I see nothing in my logs
> about a notification being sent to the slave.
>
> I'm not 100% sure i have my slave configured correctly either. All i
> Have you considered using NSEC3 narrow?
AXFR doesn't work with NSEC3 narrow.
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
PowerDNS needs zones to be 'rectified' for DNSSEC. It comes with the
`pdnssec' utility which has a `rectify-zone' or `rectify-all-zones'
switch.
Thinking along the lines of lots of zones for which a lot of updates
occur, how do you perform minimal (i.e. as little as necessary)
rectification? I hav
> I'm thinking along the lines of a UDF which employs regexes for ensuring
> most rules (except A, : there I'd use inet_pton(3)).
I've received quite a bit of positive feedback on this idea on the blog
and in personal mail (as well as some people who basically answered
'wtf', of course :).
I'
> I have been noticing that when I add a new record to PDNS my slaves
> are not updated straight away, they only get updated at each refresh
> interval which we set at the default 3 hours.
Are you also incrementing the zone's SOA serial number at each update?
That's the only way that PowerDNS know
> On long, solitary drives I get crazy ideas, and at a beastly hour this
> morning, it happened again:
FWIW, I'm taking this to [1], where I'm showing some examples of what is
possible, even though this is probably less than a proof of concept. ;-)
-JP
[1] http://jpmens.net/2013/01/31/co
Thomas,
> At least in my usecase, I'd prefer to place the check logic in to the
> system that fills the pdns database.
> I also think that it is easier to write the check logic with a
> language like Python or Java than with the MySQL Procedure Language.
Absolutely right on both accounts, and if
On long, solitary drives I get crazy ideas, and at a beastly hour this
morning, it happened again:
It ought to be possible (famous last words) to create a set of MySQL
triggers and a couple of User Defined Functions (UDF) which ensure that
data entered into PowerDNS' MysQL database tables (in part
> And how about
>
> SELECT * FROM domains WHERE name='jabber.mydomain.com'
Sorry, I meant
SELECT * FROM domains WHERE id = 31;
Also, a
dig @yourpdns jabber.mydomain.com any
might help.
-JP
___
Pdns-users mailing l
> Of course! Output of "SELECT * FROM records WHERE
> name='jabber.mydomain.com'":
And how about
SELECT * FROM domains WHERE name='jabber.mydomain.com'
?
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.
> do you perhaps know how to generate a more attractive URL than the
> one above?
It won't get nicer than http://powerdns.com/+
;-)
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdn
> How to get PowerDNS to delete zones that are deleted on a Supermasters?
I don't think that is possible: you'll have to delete zones manually
from your PowerDNS `domains` and `records` tables.
-JP
___
Pdns-users mailing list
Pdns-users@mailman.
> try nslookup (linux):
(/me *groans*)
nslookup(1) ought to have died a thousand deaths many, many years ago.
Use dig(1) or drill(1):
dig @127.0.0.1 domainname SOA
(or any other variation of command-line arguments it supports, and it
has many, some of which are worthwhile knowing.)
> Any hints on how I might solve this problem without actually
> reintroducing the numeric field?
This is probably a bit far-fetched, but a combination of a view (which
PowerDNS will accept without a problem) and an SQL function which hashes
your domain name column into a number might solve the pr
Klaus,
> Are there any plans to implement DNS RRL
> (http://www.redbarn.org/dns/ratelimits) or similar for PowerDNS?
> These DNS amplification attacks are really annoying.
asking, just like that without promising anything, won't get you
anywhere... ;-) Look at what Paul Vixie promises below ;-)
> Works perfectly, but what about updating the serial number for the zone in
> the SOA record? In an SQL master/slave setup I can't think of a reason
> that it would matter. Any thoughts on that?
I tend to agree that if you're using PowerDNS exclusively as mentioned,
you won't need to bother wit
> Can I turn off that?
Have you glanced at the documentation [1]? --send-root-referral=no
sounds like what you want.
-JP
[1] http://doc.powerdns.com/all-settings.html
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.po
> I thought this kind of record was valid.
That's OK: we've all been there...
https://twitter.com/dns_borat/status/141872826536837121 ;-)
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listi
> Is this an expected behavior or an issue with my current version? I
> couldn't find any info about this.
CNAME and other data is expressly forbidden per RFC. [1] As every zone
MUST have SOA and NS records, a CNAME at zone apex is forbidden.
-JP
[1] Exception: DNSSEC data
_
> No, and it is as yet unknown if or when it will.
OK: strike the *if*. :)
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
> does PowerDNS recursive server support DNSSEC now?
No, and it is as yet unknown if or when it will.
-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Hello,
> Now, i wanna build another DNS server using Bind as an fail-over.
If you intend to use BIND (or NSD) as a backup because of its static
nature, then that is a certainly a good idea.
If you want a backup as in "replication", you have two possibilities
with PowerDNS:
a. Use native databas
(Keep this on-list please.)
> So:
> Powerdns is resigning the records automatically or do I have to run a
> command.
PowerDNS re-signs the records automatically -- you don't have to do
anything manually.
> What im missing in the docs or I read over it.
> When you add a record, or change a record
Steffan,
> When publishing the KSK to the registry it reports that the
> Signature is only valid for 14 days (till 12 Juli 2012)
The KSK itself, being a key, never expires. (It call roll, i.e. you can
replace it whenever you wish - AS LONG AS YOU PUBLISH YOUR DS RECORD AT
THE REGISTRY -, but it d
> We do the same thing, but I think that in this case what Mr. Mens
> meant is that no two services can share the same IP address on
> the same port
That's what he meant. :) Seem to have forgotten the "port" bit ...
And, as Stéphane rightly pointed out off-list, not even that is true,
but we d
> 1. I don't see how to run both concurrently on the same host as they always
> conflict on the IP. The host has a singe address - 192.168.40.252.
You cannot run two services of any kind on a single IP address, so
running two DNS servers on one address won't work. See if you can put
one of the ser
1 - 100 of 159 matches
Mail list logo