I tried updating the serial, but that did not remove the RRSIG and NSEC
records from the slaves. Bert requested some output of a command on the
master and a slave. I've sent him that yesterday and I'm waiting for a
response from him.
--
View this message in context:
http://powerdns.13854.n7.nab
an de Geijn <[hidden
> email]>
> CC: [hidden email]
> Onderwerp: Re: [Pdns-users] Removing Dnssec records from slave PDNS servers
>
> On Wed, Feb 17, 2016 at 06:27:59AM -0700, mvdgeijn wrote:
> > Hi,
> >
> > I was wondering what the best way is to remove Dnssec re
Hi,
I was wondering what the best way is to remove Dnssec records from the slave
PDNS servers? Our master and slave DNS servers are all PowerDNS servers.
They are kept in sync using AXFR and are all on different locations.
At this moment it seems that when I disable Dnssec on the master for a
dom
I find it a little confusing: the pdnssec show-zone shows on all servers
(master and slaves) that the domain is not presigned.
My knowledge on DnsSec isn't that great, but what I tested is that when the
keys on the slaves (stored in the cryptokeys table) are out of sync with the
master, I have to
On both the master and slave servers "pdnssec show-zone" shows that the zone
is not pre-signed.
Regards,
Marc
--
View this message in context:
http://powerdns.13854.n7.nabble.com/Different-RRSIG-s-on-master-and-slaves-tp10349p10362.html
Sent from the PowerDNS mailing list archive at Nabble.com
I did some other tests, and the fix for this problem seems to be to delete
the records for the domain in the cryptokeys table on the slave servers, and
after that update the serial.
Is there a way to force this using the pdnssec or pdns_control tools from
the master server?
Regards,
Marc
--
Vi
I've compared the master and first slave DNS server, and I noticed a few
differences. The first difference is the configuration on line 2. The
master: 1 0 1 ab and the slave: 1 1 1 ab. What does the second number stand
for? I can't find it in the documentation. Is this causing the difference
betwee
Some additional information: When I update the serial on the master server,
both slave servers are updated with the new information, but the DNSkey
number on the slave servers stays different from the master server on both
slave servers.
--
View this message in context:
http://powerdns.13854.n7
Hi Klaus,
Thanks for your wild guess, but I already tried that several times. Also
"pdnssec rectify-zone concepthouse.nl" and then update serial, but
unfortunatly no change. Still different DNSkey numbers on the master and the
2 slave servers.
Regards,
Marc
--
View this message in context:
ht
Hi,
I'm having trouble locating the problem why for one of our domains the RRSIG
record is different on the master and on the slaves (on the 2 slaves they
are identical). All DNS servers are PowerDNS servers running version 3.3
with MySQL backend. Transfers are done using AXFR.
Using dig +dnssec
10 matches
Mail list logo
