Re: [Pdns-users] DNSSEC and

Frank, I so appreciate your help. It sounds like my intended configuration should be fine, then. I might suggest to the powers that be that the documentation address this question. The reason I have two servers is for redundancy, so I'll probably give both instances write access, but as yo

Re: [Pdns-users] DNSSEC and

Hi Xan, The weekly changes are not key rollovers, they are RRSIG updates/resignings. These are done on the fly (in online mode), and not stored in the database. The backend only contains the ZSK/KSK/CSK, which will only change if you issue a command to roll them. Even if you would issue the ch

Re: [Pdns-users] DNSSEC and

Thank you, Frank. I am aiming to do online signing, but my concern is the weekly key rollover. Wouldn't both PowerDNS instances attempt to perform key rollover on the same database at the same time? Do they not step on each other's toes? -Xan On 8/22/23 07:03, Frank Louwers via Pdns-use

Re: [Pdns-users] DNSSEC and

Hi Xan, It depends which DNSSEC you choose. If you would pick "Online Signing" for instance (great unless you have very busy servers with lots of domains), the "keying data" is stored in the database as well, so both servers would use the same data to sign the zone, resulting in consistent sign

Re: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN

regards Klaus -Ursprüngliche Nachricht- Von: Marijn Gesendet: Freitag, 22. April 2022 19:18 An: Klaus Darilion ; pdns- us...@mailman.powerdns.com Betreff: Re: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN I fill the records with the API. However when I check the SOA file (see belo

Re: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN

ove the root zone from your POwerDNS. regards Klaus > -Ursprüngliche Nachricht- > Von: Marijn > Gesendet: Freitag, 22. April 2022 19:18 > An: Klaus Darilion ; pdns- > us...@mailman.powerdns.com > Betreff: Re: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN > >

Re: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN

-users Im Auftrag von Marijn via Pdns-users Gesendet: Freitag, 22. April 2022 18:54 An: pdns-users@mailman.powerdns.com Betreff: Re: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN I have pdnsutil 4.5.4 running with MySQL backend and native MySQL replication. In pdns.conf I have the foll

Re: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN

An: pdns-users@mailman.powerdns.com > Betreff: Re: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN > > I have pdnsutil 4.5.4 running with MySQL backend and native MySQL > replication. > > In pdns.conf I have the following value. Maybe the @ doesn't work? > > default-soa-con

Re: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN

I have pdnsutil 4.5.4 running with MySQL backend and native MySQL replication. In pdns.conf I have the following value. Maybe the @ doesn't work? default-soa-content=ns1.mijn.host hostmaster.@ 0 10800 3600 604800 3600 Klaus Darilion schreef op 2022-04-22 18:06: I do not see any difference of

Re: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN

I do not see any difference of the two cases. But in any case, returning an answer AND nxdomain is just broken. # dig @ns1.mijn.host. autodiscover.egogo.eu ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62514 ... ;; QUESTION SECTION: ;autodiscover.egogo.eu. IN A ;; ANSWER SEC

Re: [Pdns-users] dnssec and lua-config--file

On 13/05/2020 09:05, Pierrick CHOVELON wrote: Thx, both of you. It works like a charm. Great.  Also look at the "auth-zones" option - depending on your use case it may be another option. https://docs.powerdns.com/recursor/settings.html#auth-zones I'll have a look on the forward-zones-file.

Re: [Pdns-users] dnssec and lua-config--file

Thx, both of you. It works like a charm. I'll have a look on the forward-zones-file. Are modifications taken on the fly or it is necessary to restart the recursor ? Regards ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powe

Re: [Pdns-users] dnssec and lua-config--file

On 13/05/2020 08:18, Pierrick CHOVELON via Pdns-users wrote: Now, let's imagine I want to resolve foo.example.net and also bar.example.net . Do I have to create two zone files one for foo.example.net and one for bar.e

Re: [Pdns-users] dnssec and lua-config--file

Hi, Thank you very much, it works. (I've some typos in the named.conf files too). For the hint file, it was in the default configuration. Now, let's imagine I want to resolve foo.example.net and also bar.example.net. Do I have to create two zone files one for foo.example.net and one for bar.exa

Re: [Pdns-users] dnssec and lua-config--file

On 12-May-2020 19:11 CEST, wrote: > Hi, > > Yes I do : > > cat recursor.conf | grep -v '^\s*$\|^\s*\#' > config-dir=/etc/powerdns > dnssec-log-bogus=yes > hint-file=/usr/share/dns/root.hints > local-address=0.0.0.0 > local-port=3334 > *lua-config-file=/etc/powerdns/recursor.lua* > quiet=yes > s

Re: [Pdns-users] dnssec and lua-config--file

Hi, Yes I do : cat recursor.conf | grep -v '^\s*$\|^\s*\#' config-dir=/etc/powerdns dnssec-log-bogus=yes hint-file=/usr/share/dns/root.hints local-address=0.0.0.0 local-port=3334 *lua-config-file=/etc/powerdns/recursor.lua* quiet=yes security-poll-suffix= setgid=pdns setuid=pdns trace=fail forwar

Re: [Pdns-users] dnssec and lua-config--file

Hi Pierre, On 12-May-2020 16:59 CEST, wrote: > Hello, > > I'm testing pdns-recursor and I'd like to config it in order to : > >- resolves normally exemple.net >- forwards the request foo.example.net to an internal authoritative >server > > I've read the documentation, and found :

Re: [Pdns-users] DNSSEC and SOA records

Hi Tamer, On 21-Jul-2019 22:10 CEST, wrote: > Hello, > > I have setup PowerDNS 4.2.0-rc2 through the CentOS 7 repository. Everything > works fine except SOA replies in AUTHORITY SECTIONs with DNSSEC enabled. We > are testing the domain through the well-known validator Internet.nl and it > resul

Re: [Pdns-users] DNSSEC and subdomains with wildcards

Hello Chris, On 29 May 2014, at 14:22 , Chris wrote: > Now I see that 'test.wildcard.testdomain.asia' no longer resolves. Looking in > the database there is a new entry for 'test.wildcard.testdomain.asia' with > null 'type' and 'content', so I assume that pdns sees that record with no > conte

Re: [Pdns-users] DNSSEC and Master/Slave setup

On Thu, 3 Feb 2011 10:28:23 +0100, bert hubert wrote: [...] > Ideas? > > I prefer a solution where we don't actually increment the serial in the > database but overlay it with something that autoincrements ('weeks since > january first 2011'). I actually like that idea - guess that would work for

Re: [Pdns-users] DNSSEC and Master/Slave setup

On Thu, Feb 03, 2011 at 08:44:08AM +0100, Christof Meerwald wrote: > I kind of expected this to happen today - the master (ns.cmeerw.net) > with the keying material has now updated the RRSIG records, but the > slave (ns2.cmeerw.net, no keying material) still returns the old RRSIG > records: Indeed