>> >> > >Thanks a lot.. I'll patch my copy and see how it works out. >
Seemed to work. Jun 11 21:45:29 database1 pdns[4861]: Done launching threads, ready to distribute questions Jun 11 21:48:44 database1 pdns[4861]: Received NOTIFY for spam.co.nz from 114.23.33.130 for which we are not authoritative Jun 11 21:48:44 database1 pdns[4861]: Created new slave zone 'spam.co.nz' from supermaster 114.23.33.130, queued axfr Jun 11 21:48:44 database1 pdns[4861]: Initiating transfer of 'spam.co.nz' from remote '114.23.33.130' Jun 11 21:48:44 database1 pdns[4861]: gmysql Connection successful Jun 11 21:48:44 database1 pdns[4861]: last message repeated 2 times Jun 11 21:48:44 database1 pdns[4861]: AXFR started for 'spam.co.nz', transaction started Jun 11 21:48:45 database1 pdns[4861]: AXFR done for 'spam.co.nz', zone committed And testing if everything worked out.. Except it sets the options differently that if I typed "pdnssec set-nsec3 spam.co.nz" I have no idea what the difference is but it still passes the dig tests I do... Master.. (entered in via pdnssec set-nsec3 spam.co.nz) select * from domainmetadata; +----+-----------+------------+----------+ | id | domain_id | kind | content | +----+-----------+------------+----------+ | 1 | 1 | NSEC3PARAM | 1 1 1 ab | +----+-----------+------------+----------+ Slave mysql> select * from domainmetadata; (this is entered by the program via your patch) +----+-----------+------------+----------+ | id | domain_id | kind | content | +----+-----------+------------+----------+ | 11 | 9 | PRESIGNED | 1 | | 12 | 9 | NSEC3PARAM | 1 0 1 ab | +----+-----------+------------+----------+ 2 rows in set (0.00 sec) Ok.. Can similar be done with TSIGS . As domains are not transferred securely without TSIG (as far as I know) I have to enter the TSIG stuff in after it has transferred which kind of defeats the purpose of unattended slaves . The initial transfer is unsecure? if you use trusted axfr ip addresses in powerdns settings) . Maybe a key which gets used with all master/slaves as at the moment you have to specify the TSIG key per domain. Also with TSIG it seems you have to use the same TSIG key on the master and all the slave per domain.. What if I want to have different keys per slave? (for example.. If I have hidden master and 4 slaves.. I want each of the slaves to transfer with different keys?). Its not that important at the moment but having a master TSIG key which gets used between transfers would be great. Thanks Craig _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
