Hello Christof, On May 2, 2012, at 22:58 , Christof Meerwald wrote:
> On Wed, 2 May 2012 21:23:21 +0200, Christof Meerwald wrote: >> BTW, I can't remove the gsqlite3 backend as I am using that for slave >> zones - only the primary zones are using the bind backend. >> >> I am currently using: >> >> launch=gsqlite3,bind >> >> Swapping the order to bind,gsqlite3 would make DNSSEC work in the bind >> backend, but DNSSEC would then stop working for the gsqlite3 backend. > > Argh - I now see what is happening. Essentially, you can only have one > DNSSEC enabled backend - otherwise PowerDNS gets confused with which > database to use for the domain metadata. Indeed it does. As it turns out, PowerDNS will indeed only talk about keys with the first DNSSEC-capable backend in the launch list. This in itself is not new in 3.1; but indeed, it breaks your use case now that bindbackend does its own key management. Fixing this involves touching all DNSSEC-supporting modules and changing some interfaces. Therefor, we cannot do this for the 3.1 release. 3.1 will be released with a big warning about this specific setup; we intend to do a 3.1.1 (or similar) release sometime after that with a fix for this issue. Our sincere apologies for the inconvenience. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
