Thank you for your help. I tried rectifying the zones and it did enter the
ordername and auth, but I am still not getting the DNSSEC answer from both
zones. It works for www.a.aa but not gtec-gru-gw.customer.a.aa see below. Is
"dig +dnssec +multiline @127.0.0.1 www.a.aa" the correct way to test it? I
have included listing of records data, see attachment. I am using pdns version
3.0.1.
$ dig +dnssec +multiline @127.0.0.1 www.a.aa
; <<>> DiG 9.9.1-P1 <<>> +dnssec +multiline @127.0.0.1 www.a.aa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18345
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 2800
;; QUESTION SECTION:
;www.a.aa. IN A
;; ANSWER SECTION:
www.a.aa. 300 IN A 198.190.222.6
www.a.aa. 300 IN RRSIG A 8 3 300 (
20121004000000 20120920000000 31776 a.aa.
HSj+WDdFnTR22fb9I9g22t/WzDgWc9LcjXNePk0Y3RID
zCAOXWRJ2NT55Tuy8NivlzvE4pj4vJidVLMaf4C8YWZs
3Ewty530h97/dLHDPNrl4opN2uWp7VeNguuVtLqjoGua
vIWKNG1CeSLSxmqzuAFB7RgDxxWwgZJxQO631Nk= )
;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Sep 24 09:37:22 2012
;; MSG SIZE rcvd: 223
$ dig +dnssec +multiline @127.0.0.1 gtec-gru-gw.customer.a.aa
; <<>> DiG 9.9.1-P1 <<>> +dnssec +multiline @127.0.0.1 gtec-gru-gw.customer.a.aa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61077
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 2800
;; QUESTION SECTION:
;gtec-gru-gw.customer.a.aa. IN A
;; ANSWER SECTION:
gtec-gru-gw.customer.a.aa. 14400 IN A 209.251.128.86
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Sep 24 09:35:53 2012
;; MSG SIZE rcvd: 73
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Peter van Dijk
Sent: Friday, September 21, 2012 2:21 PM
To: pdns-users Users
Subject: Re: [Pdns-users] DNSSEC Not Working for All Subdomains
Hello Linda,
as I pointed out in my first reply, rectify-zone acts on one domain. The
records that have not been updated have a different domain_id and thus are part
of a different domain.
You need to rectify-zone for each domain in your domains table.
rectify-all-zones might be useful to you.
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
mysql> select name,domain_id, type,ordername, auth from records where name like
'%a.aa';
+-----------------------------------+-----------+-------+------------------+------+
| name | domain_id | type | ordername |
auth |
+-----------------------------------+-----------+-------+------------------+------+
| a.aa | 18 | SOA | | 1 |
| a.aa | 18 | NS | | 1 |
| a.aa | 18 | A | | 1 |
| ns1.a.aa | 18 | A | ns1 | 1 |
| ns2.a.aa | 18 | A | ns2 | 1 |
| tnt-gw.a.aa | 18 | A | tnt-gw | 1 |
| tnt1.a.aa | 18 | A | tnt1 | 1 |
| tnt2.a.aa | 18 | A | tnt2 | 1 |
| tnt-gw2.a.aa | 18 | A | tnt-gw2 | 1 |
| tnt-gw1.a.aa | 18 | A | tnt-gw1 | 1 |
| sesm-gw.a.aa | 18 | A | sesm-gw | 1 |
| sesm1.a.aa | 18 | CNAME | sesm1 | 1 |
| sesm2.a.aa | 18 | CNAME | sesm2 | 1 |
| sesm.a.aa | 18 | A | sesm | 1 |
| ssg1.a.aa | 18 | A | ssg1 | 1 |
| ssg2.a.aa | 18 | A | ssg2 | 1 |
| ssg1-co1-gw.a.aa | 18 | A | ssg1-co1-gw | 1 |
| ssg2-co2-gw.a.aa | 18 | A | ssg2-co2-gw | 1 |
| co1-ssg1-gw.a.aa | 18 | A | co1-ssg1-gw | 1 |
| co2-ssg2-gw.a.aa | 18 | A | co2-ssg2-gw | 1 |
| ssg-internet-gw.a.aa | 18 | A | ssg-internet-gw | 1 |
| nagios1.a.aa | 18 | A | nagios1 | 1 |
| relay1.a.aa | 18 | A | relay1 | 1 |
| relay2.a.aa | 18 | A | relay2 | 1 |
| ems1.a.aa | 18 | A | ems1 | 1 |
| pwas2.a.aa | 18 | CNAME | pwas2 | 1 |
| pwas.a.aa | 18 | A | pwas | 1 |
| pwasdocs.a.aa | 18 | A | pwasdocs | 1 |
| gcdb.a.aa | 18 | A | gcdb | 1 |
| gcdb1.a.aa | 18 | A | gcdb1 | 1 |
| gcdb2.a.aa | 18 | A | gcdb2 | 1 |
| gc1.a.aa | 18 | A | gc1 | 1 |
| gc2.a.aa | 18 | A | gc2 | 1 |
| gc3.a.aa | 18 | A | gc3 | 1 |
| gc4.a.aa | 18 | A | gc4 | 1 |
| voip1.a.aa | 18 | A | voip1 | 1 |
| inbound.smtp.a.aa | 18 | A | smtp inbound | 1 |
| inbound.smtp.a.aa | 18 | A | smtp inbound | 1 |
| outbound.smtp.a.aa | 18 | A | smtp outbound | 1 |
| outbound.smtp.a.aa | 18 | A | smtp outbound | 1 |
| relay.smtp.a.aa | 18 | CNAME | smtp relay | 1 |
| ftp.a.aa | 18 | A | ftp | 1 |
| mail.a.aa | 18 | A | mail | 1 |
| smtp.a.aa | 18 | A | smtp | 1 |
| pop.a.aa | 18 | A | pop | 1 |
| pop3.a.aa | 18 | A | pop3 | 1 |
| imap.a.aa | 18 | A | imap | 1 |
| nagios.a.aa | 18 | CNAME | nagios | 1 |
| news.a.aa | 18 | CNAME | news | 1 |
| ntp.a.aa | 18 | A | ntp | 1 |
| scripts.a.aa | 18 | CNAME | scripts | 1 |
| speedtest.a.aa | 18 | CNAME | speedtest | 1 |
| tickets.a.aa | 18 | A | tickets | 1 |
| user.a.aa | 18 | CNAME | user | 1 |
| *.user.a.aa | 18 | CNAME | user * | 1 |
| webcast.a.aa | 18 | CNAME | webcast | 1 |
| webmail.a.aa | 18 | A | webmail | 1 |
| www.a.aa | 18 | A | www | 1 |
| eupdates.a.aa | 18 | A | eupdates | 1 |
| eupdates.a.aa | 18 | MX | eupdates | 1 |
| gru-fal-gw.customer.a.aa | 87 | A | gru-fal-gw | 1 |
| fal-gru-gw.customer.a.aa | 87 | A | fal-gru-gw | 1 |
| gru-therock-gw.customer.a.aa | 87 | A | gru-therock-gw | 1 |
| therock-gru-gw.customer.a.aa | 87 | A | therock-gru-gw | 1 |
| gru-cardio-gw.customer.a.aa | 87 | A | gru-cardio-gw | 1 |
| cardio-gru-gw.customer.a.aa | 87 | A | cardio-gru-gw | 1 |
| gru-asterisk-gw.customer.a.aa | 87 | A | gru-asterisk-gw | 1 |
| asterisk-gru-gw.customer.a.aa | 87 | A | asterisk-gru-gw | 1 |
| gru-barrsys-gw.customer.a.aa | 87 | A | gru-barrsys-gw | 1 |
| barrsys-gru-gw.customer.a.aa | 87 | A | barrsys-gru-gw | 1 |
| gru-blueskies-gw.customer.a.aa | 87 | A | gru-blueskies-gw | 1 |
| blueskies-gru-gw.customer.a.aa | 87 | A | blueskies-gru-gw | 1 |
| gru-alligator-gw.customer.a.aa | 87 | A | gru-alligator-gw | 1 |
| alligator-gru-gw.customer.a.aa | 87 | A | alligator-gru-gw | 1 |
| gru-352-gw.customer.a.aa | 87 | A | gru-352-gw | 1 |
| 352-gru-gw.customer.a.aa | 87 | A | 352-gru-gw | 1 |
| gru-symo-gw.customer.a.aa | 87 | A | gru-symo-gw | 1 |
| symo-gru-gw.customer.a.aa | 87 | A | symo-gru-gw | 1 |
| gru-hkw-gw.customer.a.aa | 87 | A | gru-hkw-gw | 1 |
| hkw-gru-gw.customer.a.aa | 87 | A | hkw-gru-gw | 1 |
| gru-lw-gw.customer.a.aa | 87 | A | gru-lw-gw | 1 |
| lw-gru-gw.customer.a.aa | 87 | A | lw-gru-gw | 1 |
| gru-drxc-gw.customer.a.aa | 87 | A | gru-drxc-gw | 1 |
| drxc-gru-gw.customer.a.aa | 87 | A | drxc-gru-gw | 1 |
| gru-gpd-gw.customer.a.aa | 87 | A | gru-gpd-gw | 1 |
| gpd-gru-gw.customer.a.aa | 87 | A | gpd-gru-gw | 1 |
| gru-3001-gw.customer.a.aa | 87 | A | gru-3001-gw | 1 |
| 3001-gru-gw.customer.a.aa | 87 | A | 3001-gru-gw | 1 |
| gru-ufhotel-gw.customer.a.aa | 87 | A | gru-ufhotel-gw | 1 |
| ufhotel-gru-gw.customer.a.aa | 87 | A | ufhotel-gru-gw | 1 |
| gru-infenergy-gw.customer.a.aa | 87 | A | gru-infenergy-gw | 1 |
| infenergy-gru-gw.customer.a.aa | 87 | A | infenergy-gru-gw | 1 |
| gru-gtec-gw.customer.a.aa | 87 | A | gru-gtec-gw | 1 |
| gtec-gru-gw.customer.a.aa | 87 | A | gtec-gru-gw | 1 |
| gru-mfaaa-gw.customer.a.aa | 87 | A | gru-mfaaa-gw | 1 |
| mfaaa-gru-gw.customer.a.aa | 87 | A | mfaaa-gru-gw | 1 |
| gru-mri-gw.customer.a.aa | 87 | A | gru-mri-gw | 1 |
| mri-gru-gw.customer.a.aa | 87 | A | mri-gru-gw | 1 |
+-----------------------------------+-----------+-------+------------------+------+
98 rows in set (0.01 sec)
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
