Hello Theodore,
do you have multiple backends launched? In general DNSSEC only works on
the first backend I believe.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
On 12 Aug 2016, at 9:37, Theodore Baschak wrote:
I've tried using the sqlite3 backend as well now for this zone, with
the
same non-dnssec-serving/recognizing result.
(This does work in the mysql backend however, but thats shared between
multiple servers, and this configuration is unique to this particular
server.)
Theodore Baschak - AS395089 - Hextet Systems
https://ciscodude.net/ - https://hextet.systems/
http://mbix.ca/
On Fri, Aug 12, 2016 at 1:52 AM, Theodore Baschak
<[email protected]>
wrote:
I've got a few zones I slave for a friend. He presigns some of those
zones
on bind and I AXFR them as a slave.
Log entries don't indicate detecting presigned zones on AXFR. Dig
with
+dnssec doesn't return anything either. dnsviz is showing me as being
a
problem nameserver for him now.
I've got the bind-dnssec-db set, and created the dnssec-db with
pdnsutil
(and chowned it to pdns:pdns even)
I've tried pdnsutil set-presigned <zone>
I've been googling this for about an hour and I can't find something
wrong
with what I'm doing.
I did find the following command, which outputs many lines like the
following:
pdnsutil check-all-zones
Aug 12 06:49:30 [bindbackend] Done parsing domains, 0 rejected, 19
new, 0
removed
[Warning] Parsed and original record content are not equal: fudo.ca
IN
RRSIG 'SOA 8 2 3600 20140614060342 20131216060342 17133 fudo.ca.
gXArdDSbIIFjFn7fjj4h8MnT2ZQYwKuCWOKDXTn+da5MnmCkp7KXM+
PA78Bm2Z2Lo8boU5mJd49pTdEOrSMUFd9/gNi7PW3a5PPc0v9XHvM+
1zTqrRrvch8PzWieiIlOiHjupH5JsDVznKlRDPRmjHerbddr3++PR0OPWPAXy6I='
(Content parsed as 'SOA 8 2 3600 20140614060342 20131216060342 17133
fudo.ca gXArdDSbIIFjFn7fjj4h8MnT2ZQYwKuCWOKDXTn+da5MnmCkp7KXM+
PA78Bm2Z2Lo8boU5mJd49pTdEOrSMUFd9/gNi7PW3a5PPc0v9XHvM+
1zTqrRrvch8PzWieiIlOiHjupH5JsDVznKlRDPRmjHerbddr3++PR0OPWPAXy6I=')
[Error] RRSIG found at 'fudo.ca' in non-presigned zone. These do not
belong in the database.
Theodore Baschak - AS395089 - Hextet Systems
https://ciscodude.net/ - https://hextet.systems/
http://mbix.ca/
_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users
