Hi, On 10/26/2011 04:26 PM, Posner, Sebastian wrote: > With the possibility to say "use this database backend for private > key material only", I could use another databse backend to store > the signed zones, replicate this database and nonetheless neither
powerdns doesn't store signatures in the database backend when running in live signing mode. (If you're running pre-signed you wouldn't store the keys in the database in the first place.) | 4.2. Signatures | | In PowerDNS live signing mode, signatures, as served through RRSIG | records, are calculated on the fly, and heavily cached. ( http://doc.powerdns.com/powerdnssec.html ) Presumably the database replication slaves duplicate the calculation of RRSIGs and therefore need the (private) keys. I haven't tried replication with 3.0 yet but I looked in my database and there are no RRSIG (or DNSKEY etc) records. Best regards, Florian -- I remember yesterday, but the memory is in my head now. Was yesterday real? Or is it only the memory that is real? _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
