Hi Leen, Thanks for testing the prerelease!
On Fri, Jan 28, 2011 at 11:14:43AM +0100, Leen Besselink wrote: > First problem: what do I need to specify at the launch parameter ?: > sqlite or sqlite3 ? I updated the documentation to this efffect: "To benefit from this mode, include at least one database-based backend in the 'launch' statement. The Generic SQLite backend version 3 (gsqlite3) probably complements BIND mode best, since it does not require a database server process." > I checked pdns_server --list-modules > gsqlite or gsqlite3 > I guess if I use the 'sqlite3' command to create the database I'll use > gsqlite3. Good thinking! > As I understand it, it is possible to use bind-zones and sqlite3 to > store the keys. Indeed. > So I ran the commands: > $pdnssec secure-zone test.net > This should not happen, still no key! I've updated this error message so it now says: "Failed to secure zone - if you run with the BIND backend, make sure to also launch another backend which supports storage of DNSSEC settings. In addition, add 'blah.nl' to this backend, possibly like this: insert into domains (name, type) values ('blah.nl', 'NATIVE'); And then rerun secure-zone" > Now it worked: > ;; ANSWER SECTION: > www.test.net. 3600 IN CNAME web.test.net. > web.test.net. 3600 IN A 10.0.0.238 This is pretty weird though. I don't see why this would require a zone to be rectified. Even though zones should always be rectified when running with 'g*sql-dnssec'. > So I have 2 suggestions: > 1. add the insert into domain line to zone2sql zone2sql is a bit confusing and may need to be revamped. It does add the 'inert' if you operate from a named.conf. > 2. the documentation should be changed from: > $ echo 'insert into domains (name, type) values ('powerdnssec.org', 'NATIVE') > | sqlite3 ./powerdns.sqlite3 > to: > $ echo "insert into domains (name, type) values ('powerdnssec.org', > 'NATIVE')" | sqlite3 ./powerdns.sqlite3 Done. > After ordering and singing and ordering the DNSSEC the CNAME problems > all went away and when I run dig with +trusted-key= and everything worked. > It also worked with or without the bind backend. Cool! Thanks Leen, the changes you inspired are in http://wiki.powerdns.com/trac/changeset/1927 Bert _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users