The current bind backend relies on other backends to get it's keying material for dnssec. While this is a viable option for some, it really isn't the correct way to do this. If you want to use SQL backend for storing key material, you can just as well use SQL backend for the zone data as well... It creates (unnecessary) dependency for dnssec backend, which requires that the dnssec backend builder ignores bind backend when it's being used, which also makes the code treat bind backend special.
So.
I propose to following fixes:
- Let bind backend handle the key material on it's own. It is not that
difficult to use bind tools to generate they key material to the zones
instead of SQL.
- Decouple bind backend from the dnssec backend.
- Put all the relevant options into the bind backend file
- Including TSIG keys for AXFR
- DNS key material can be fetched from the zone file's configuration
- Allow pdnssec to generate the config snippets required (such as, key
material etc.)
- Patch AXFR process to detect and enable dnssec processing for presigned
zones.
If more information is required, do not hesitate to ask.
Aki Tuomi
signature.asc
Description: Digital signature
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
