Hoi Maurice, On 27 Feb 2015, at 9:44 , Maurice Sienema <[email protected]> wrote:
> We are testing with DNSSEC on our PowerDNS setup, everything seems to be > working except the slave server isn't using the DNSKEY set from the master, > am I missing the concept and should I register both keys at the parrent zone, > or is the slave capable of using the key set from the master? > > see here what is going wrong: > http://dnsviz.net/d/uned.nl/dnssec/ > > Some details about the setup: > Both servers running PowerDNS version 3.1 ( standard Debian wheezy package ) > Both servers are running gmysql back-end connected to a local database > NS1 is a supermaster for NS2, zones updates are done by NOTIFY/AXFR (1) when using DNSSEC, we strongly recommend upgrading PowerDNS to a 3.4.x release. Packages are available at https://www.powerdns.com/downloads.html (2) it looks like your RRSIGs and KSK DNSKEY on the slave are truncated; we recommend increasing the size of the ‘content’ column in the records table (see our upgrade notes https://doc.powerdns.com/md/authoritative/upgrading/ ) Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
