On Mon, 2019-10-14 at 17:56 +0200, Pieter Lexis wrote:
> I spotted something that *might* be root of your issue (and perhaps a
> small bug on our end).
I think you've spotted the problem. I was running:
$ pdnsutil add-zone-key parsemail.org zsk 1024 active rsasha1
Which was creating a new ZSK w
On Mon, 2019-10-14 at 10:57 +0200, Gert van Dijk wrote:
> On Mon, Oct 14, 2019 at 9:54 AM Mike Cardwell
> wrote:
> > I'm looking into migrating from Bind9 to PowerDNS. [...]
>
> Have you seen the instructions on how to perform a ZSK rollover [1]?
> I
> don't
On Mon, 2019-10-14 at 10:57 +0200, Gert van Dijk wrote:
> On Mon, Oct 14, 2019 at 9:54 AM Mike Cardwell
> wrote:
> > I'm looking into migrating from Bind9 to PowerDNS. [...]
>
> Have you seen the instructions on how to perform a ZSK rollover [1]?
> I
> don't
On Mon, 2019-10-14 at 08:54 +0100, Mike Cardwell wrote:
> As you can see above I now have 2 ZSKs and 2 RRSIGs with each lookup.
> But when I go to remove the old ZSK:
>
> root@ned:~# pdnsutil remove-zone-key parsemail.org 2
> root@ned:~# pdnsutil list-keys
I did a bad paste in m
I'm looking into migrating from Bind9 to PowerDNS. Although I've not
changed nameservers on the domain yet, I've imported my zone file,
imported my existing KSK and ZSK and that works fine:
root@ned:~# pdnsutil list-keys
Zone TypeSizeAlgorithmID Locatio
n
to respond with nothing, I have to return an empty array:
[]
But then if the first client comes back again, it will get the "nothing
response" too, as that wasn't given a scopeMask. Because you can not apply
a scopeMask to an empty response by doing something like:
[
{
scopeMask
sounds like it will work if I want to for example return a different
A record depending on the source IP address. However, what if I want to
return a specific A record for some source IPs, and *no* A record for
other IPs? How do I set a scopeMask on an empty response?
--
Mike Cardwell https://gre
ce I've figured out exactly how
they're used) ?
--
Mike Cardwell https://grepular.com https://emailprivacytester.com
OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Descr
