Since my last post, I've now installed the following rpms and am trying the serve my root, net, and kitchen.sink.net zones using the gsqlite3 backend.
[deploy@rec1-jump ~]$ rpm -qa|grep pdns pdns-3.4.1-1.el6.MIND.x86_64 pdns-backend-sqlite-3.4.1-1.el6.MIND.x86_64 pdns-tools-3.4.1-1.el6.MIND.x86_64 Here are the steps that I followed: sqlite3 /var/db/pdns2-gsqlite3-database < /usr/share/doc/pdns/schema.sqlite3.sql zone2sql --named-conf=/etc/named.conf --dnssec --gsqlite|sqlite3 /var/db/pdns2-gsqlite3-database sqlite3 /var/db/pdns2-gsqlite3-database 'analyze;' pdnssec set-presigned kitchensink.net pdnssec set-presigned net pdnssec set-presigned "" My pdns.conf file contains the following: launch=gsqlite3 gsqlite3-dnssec gsqlite3-database=/var/db/pdns-gsqlite3-database local-address=192.168.0.7,127.0.0.1 module-dir=/usr/lib64/pdns socket-dir=/var/run/pdns-server setuid=pdns setgid=pdns I start the pdns-server and it has no complaints: Dec 5 10:44:12 rec1-jump pdns[16951]: Listening on controlsocket in '/var/run/pdns-server/pdns.controlsocket' Dec 5 10:44:12 rec1-jump pdns[16954]: Guardian is launching an instance Dec 5 10:44:12 rec1-jump pdns[16954]: Reading random entropy from '/dev/urandom' Dec 5 10:44:12 rec1-jump pdns[16954]: Loading '/usr/lib64/pdns/libgsqlite3backend.so' Dec 5 10:44:12 rec1-jump pdns[16954]: [gsqlite3] This is the gsqlite3 backend version 3.4.1 (Oct 30 2014, 14:36:09) reporting Dec 5 10:44:12 rec1-jump pdns[16954]: This is a guarded instance of pdns Dec 5 10:44:12 rec1-jump pdns[16954]: UDP server bound to 192.168.0.7:53 Dec 5 10:44:12 rec1-jump pdns[16954]: UDP server bound to 127.0.0.1:53 Dec 5 10:44:12 rec1-jump pdns[16954]: TCP server bound to 192.168.0.7:53 Dec 5 10:44:12 rec1-jump pdns[16954]: TCP server bound to 127.0.0.1:53 Dec 5 10:44:12 rec1-jump pdns[16954]: PowerDNS Authoritative Server 3.4.1 ( [email protected]) (C) 2001-2014 PowerDNS.COM BV Dec 5 10:44:12 rec1-jump pdns[16954]: Using 64-bits mode. Built on 20141030144117 by [email protected], gcc 4.4.7 20120313 (Red Hat 4.4.7-11). Dec 5 10:44:12 rec1-jump pdns[16954]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2. Dec 5 10:44:12 rec1-jump pdns[16954]: Set effective group id to 496 Dec 5 10:44:12 rec1-jump pdns[16954]: Set effective user id to 496 Dec 5 10:44:12 rec1-jump pdns[16954]: Creating backend connection for TCP Dec 5 10:44:12 rec1-jump pdns[16954]: gsqlite3: connection to '/var/db/pdns-gsqlite3-database' successful Dec 5 10:44:12 rec1-jump pdns[16954]: gsqlite3: connection to '/var/db/pdns-gsqlite3-database' successful Dec 5 10:44:12 rec1-jump pdns[16954]: About to create 3 backend threads for UDP Dec 5 10:44:12 rec1-jump pdns[16954]: gsqlite3: connection to '/var/db/pdns-gsqlite3-database' successful Dec 5 10:44:12 rec1-jump pdns[16954]: gsqlite3: connection to '/var/db/pdns-gsqlite3-database' successful Dec 5 10:44:12 rec1-jump pdns[16954]: gsqlite3: connection to '/var/db/pdns-gsqlite3-database' successful Dec 5 10:44:12 rec1-jump pdns[16954]: gsqlite3: connection to '/var/db/pdns-gsqlite3-database' successful Dec 5 10:44:12 rec1-jump pdns[16954]: gsqlite3: connection to '/var/db/pdns-gsqlite3-database' successful Dec 5 10:44:12 rec1-jump pdns[16954]: gsqlite3: connection to '/var/db/pdns-gsqlite3-database' successful Dec 5 10:44:12 rec1-jump pdns[16954]: Done launching threads, ready to distribute questions I then go to my unbound host, which has the DNSKEY for my root zone stored in root.anchor. I issue the following DNS queries using dig: dig @127.0.0.1 kitchensink.net any +dnssec dig @127.0.0.1 net any +dnssec dig @127.0.0.1 . any +dnssec No complaints from unbound for the kitchensink.net or root zone queries, however, the net query logs this error: Dec 05 10:44:47 unbound[26907:7] info: validation failure <net. ANY IN>: signature crypto failed from 192.168.0.7 By turning up the logging and doing more specific queries by qtype, I learn that the problem comes when unbound attempts to validate the signature associated with the NSEC record. I stop the pdns_server and start named serving the exact some zone files and unbound has no complaints for any of the three queries. Am I missing a step or is PowerDNS broken? Thanks, Craig
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
