Hello! My ISP is running a slave DNS service, using PowerDNS 3.0 as this is the version included in Ubuntu 12.04 LTS. I've already read this post, about DNSSEC in 3.0 being "explicitly deprecated":
http://mailman.powerdns.com/pipermail/pdns-users/2012-July/009099.html But seeing that my ISP's position of "we'll use what's default in the LTS" is kind of reasonable, I thought it might be worth asking here on pdns-users@ anyway: I've set up a master DNS using BIND 9.8 (sorry guys, it's not that I have anything against PowerDNS, BIND is just a better choice for me personally here ;-) and DNSSEC signed my zone using RSA/SHA-1 keys: http://dnssec-debugger.verisignlabs.com/roubert.net (As far as I can tell, it's all fine. I've also whitelisted my ISP's server for zone transfers, and transferring other zones, that aren't using DNSSEC, between the same two servers works just fine.) Transferring this DNSSEC signed zone, however, leads my ISP's PowerDNS to log error messages like this: Sep 25 10:01:07 ns5 pdns[27445]: Unable to parse record during incoming AXFR of 'roubert.net' (MOADNSException): Can't deal with multi-part NSEC mappings yet So this is clearly something in PowerDNS 3.0 that was fixed in 3.1: http://wiki.powerdns.com/trac/changeset/2590 http://doc.powerdns.com/html/changelog.html#changelog-auth-3-1 But what does it mean? What exactly is it in my configuration that makes PowerDNS 3.0 unable to handle it? Is it something I could change to make PowerDNS 3.0 play along as a slave server? Cheers // Fredrik Roubert -- Forsterstrasse 64 | +41 78 8170377 CH-8044 Zürich | http://www.df.lth.se/~roubert/ _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
