Hi, is it possible to influence which kind of data is stored in which database backends?
Background of the question: When doing database-level replication of DNS content, everything that's in the database is replicated, right? If you add DNSSEC, part of this is the DNSSEC private key material. Definately *not* what I want to be accessible or even distributed to all of my DNS platforms' servers, especially not if I want to have signing done by a hidden master. To me, this means I currently have the following choices: - Use database replication, and have all private key material distributed to all nameservers - Use default AXFR instead of database replication to get zones transferred from this machines to the rest of the world, to prevent the key material to be spread - Try to hack something on database level that filters out key material and only distributes the "public parts" of the database With the possibility to say "use this database backend for private key material only", I could use another databse backend to store the signed zones, replicate this database and nonetheless neither spread my private keys nor need to hack something nor say byebye to database replication simplicity. Or am I greatly mistaken somehere? kind regards, Sebastian _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
