I've tried using the sqlite3 backend as well now for this zone, with the same non-dnssec-serving/recognizing result. (This does work in the mysql backend however, but thats shared between multiple servers, and this configuration is unique to this particular server.)
Theodore Baschak - AS395089 - Hextet Systems https://ciscodude.net/ - https://hextet.systems/ http://mbix.ca/ On Fri, Aug 12, 2016 at 1:52 AM, Theodore Baschak <[email protected]> wrote: > I've got a few zones I slave for a friend. He presigns some of those zones > on bind and I AXFR them as a slave. > > Log entries don't indicate detecting presigned zones on AXFR. Dig with > +dnssec doesn't return anything either. dnsviz is showing me as being a > problem nameserver for him now. > > I've got the bind-dnssec-db set, and created the dnssec-db with pdnsutil > (and chowned it to pdns:pdns even) > > I've tried pdnsutil set-presigned <zone> > > I've been googling this for about an hour and I can't find something wrong > with what I'm doing. > I did find the following command, which outputs many lines like the > following: > > pdnsutil check-all-zones > Aug 12 06:49:30 [bindbackend] Done parsing domains, 0 rejected, 19 new, 0 > removed > [Warning] Parsed and original record content are not equal: fudo.ca IN > RRSIG 'SOA 8 2 3600 20140614060342 20131216060342 17133 fudo.ca. > gXArdDSbIIFjFn7fjj4h8MnT2ZQYwKuCWOKDXTn+da5MnmCkp7KXM+ > PA78Bm2Z2Lo8boU5mJd49pTdEOrSMUFd9/gNi7PW3a5PPc0v9XHvM+ > 1zTqrRrvch8PzWieiIlOiHjupH5JsDVznKlRDPRmjHerbddr3++PR0OPWPAXy6I=' > (Content parsed as 'SOA 8 2 3600 20140614060342 20131216060342 17133 > fudo.ca gXArdDSbIIFjFn7fjj4h8MnT2ZQYwKuCWOKDXTn+da5MnmCkp7KXM+ > PA78Bm2Z2Lo8boU5mJd49pTdEOrSMUFd9/gNi7PW3a5PPc0v9XHvM+ > 1zTqrRrvch8PzWieiIlOiHjupH5JsDVznKlRDPRmjHerbddr3++PR0OPWPAXy6I=') > [Error] RRSIG found at 'fudo.ca' in non-presigned zone. These do not > belong in the database. > > > > Theodore Baschak - AS395089 - Hextet Systems > https://ciscodude.net/ - https://hextet.systems/ > http://mbix.ca/ > >
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
