Thats exactly what I was trying to do! Multiple backends (mysql for my own, bind/sqlite for these slave ones). If that doesn't work that explains why :-) I'll redesign what I'm doing in a different way (likely using dnsdist to redirect these presigned slave zones to a different DNS instance)
Theodore Baschak - AS395089 - Hextet Systems https://ciscodude.net/ - https://hextet.systems/ http://mbix.ca/ On Fri, Aug 12, 2016 at 4:26 AM, Peter van Dijk <[email protected] > wrote: > Hello Theodore, > > do you have multiple backends launched? In general DNSSEC only works on > the first backend I believe. > > Kind regards, > -- > Peter van Dijk > PowerDNS.COM BV - https://www.powerdns.com/ > > > On 12 Aug 2016, at 9:37, Theodore Baschak wrote: > > I've tried using the sqlite3 backend as well now for this zone, with the >> same non-dnssec-serving/recognizing result. >> (This does work in the mysql backend however, but thats shared between >> multiple servers, and this configuration is unique to this particular >> server.) >> >> >> Theodore Baschak - AS395089 - Hextet Systems >> https://ciscodude.net/ - https://hextet.systems/ >> http://mbix.ca/ >> >> >> On Fri, Aug 12, 2016 at 1:52 AM, Theodore Baschak <[email protected] >> > >> wrote: >> >> I've got a few zones I slave for a friend. He presigns some of those zones >>> on bind and I AXFR them as a slave. >>> >>> Log entries don't indicate detecting presigned zones on AXFR. Dig with >>> +dnssec doesn't return anything either. dnsviz is showing me as being a >>> problem nameserver for him now. >>> >>> I've got the bind-dnssec-db set, and created the dnssec-db with pdnsutil >>> (and chowned it to pdns:pdns even) >>> >>> I've tried pdnsutil set-presigned <zone> >>> >>> I've been googling this for about an hour and I can't find something >>> wrong >>> with what I'm doing. >>> I did find the following command, which outputs many lines like the >>> following: >>> >>> pdnsutil check-all-zones >>> Aug 12 06:49:30 [bindbackend] Done parsing domains, 0 rejected, 19 new, 0 >>> removed >>> [Warning] Parsed and original record content are not equal: fudo.ca IN >>> RRSIG 'SOA 8 2 3600 20140614060342 20131216060342 17133 fudo.ca. >>> gXArdDSbIIFjFn7fjj4h8MnT2ZQYwKuCWOKDXTn+da5MnmCkp7KXM+ >>> PA78Bm2Z2Lo8boU5mJd49pTdEOrSMUFd9/gNi7PW3a5PPc0v9XHvM+ >>> 1zTqrRrvch8PzWieiIlOiHjupH5JsDVznKlRDPRmjHerbddr3++PR0OPWPAXy6I=' >>> (Content parsed as 'SOA 8 2 3600 20140614060342 20131216060342 17133 >>> fudo.ca gXArdDSbIIFjFn7fjj4h8MnT2ZQYwKuCWOKDXTn+da5MnmCkp7KXM+ >>> PA78Bm2Z2Lo8boU5mJd49pTdEOrSMUFd9/gNi7PW3a5PPc0v9XHvM+ >>> 1zTqrRrvch8PzWieiIlOiHjupH5JsDVznKlRDPRmjHerbddr3++PR0OPWPAXy6I=') >>> [Error] RRSIG found at 'fudo.ca' in non-presigned zone. These do not >>> belong in the database. >>> >>> >>> >>> Theodore Baschak - AS395089 - Hextet Systems >>> https://ciscodude.net/ - https://hextet.systems/ >>> http://mbix.ca/ >>> >>> >>> _______________________________________________ >> Pdns-users mailing list >> [email protected] >> https://mailman.powerdns.com/mailman/listinfo/pdns-users >> > _______________________________________________ > Pdns-users mailing list > [email protected] > https://mailman.powerdns.com/mailman/listinfo/pdns-users >
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
