Hi Peter, Thanks for your reply
On 2015年01月29日 23:17, Peter van Dijk wrote: > Hello Martin, > > On 29 Jan 2015, at 7:45 , Martin Chandler <[email protected]> wrote: > >> I am running a PowerDNS hidden master behind BIND dns servers serving to >> the public. >> >> We have a mix of DNSSEC secure zones, and non-secure zones. >> >> My question is do I have to 'rectify-zone' on the non-secure zones? >> (does Powerdns still need the auth and ordername for non-secure zones?) > > On non-secure zones, ordername is ignored, but auth is not. However, if you > just set auth=1 on all records, you get the ‘old’ behaviour, which has been > demonstrated to work just fine in practice. If you use the 3.4.0+ SQL schema, > you get auth=1 by default. Just curious, as a hidden master that only sends zone transfers to the front end BIND servers, what will I lose with the 'old' behaviour? Thanks, Martin -- Cellular phone : 090-7849-6808 e-mail:[email protected] URL :http://www.aventer.net/ _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
