Dear PowerDNS Community, With the help of many of you, we've now brought 'PowerDNSSEC' to the point where it might make sense for you to trial it on test domains. We expect to make move some of our own important domains over to PowerDNSSEC early next week. PowerDNS.COM underlies the commercial DNS hosting service 'Express', and may have to wait a bit longer.
To test, head over to http://www.powerdnssec.org (which of course is powered by PowerDNSSEC). More information is on http://wiki.powerdns.com/trac/wiki/PDNSSEC - including how to get started, and how to get help. In brief, PowerDNSSEC will allow you to continue operating as normal in many cases, with only slight changes to your installation. There is no need to run signing tools, nor is there a need to rotate keys or run scripts. Particularly, if you run with Generic MySQL, Generic PostgreSQL or Generic SQLite3, you should have an easy time. A small schema update is required, plus an invocation of 'pdnssec secure-zone domain-name && pdnssec rectify-zone domain-name' per domain you want to secure. And that should be it. Supported are: * NSEC * NSEC3 in ordered mode (pre-hashed records) * NSEC3 in narrow mode (unmodified records) * Zone transfers (for NSEC) * Import of 'standard' private keys from BIND/NSD * Export of 'standard' private keys * RSASHA1 * "Pure" PostgreSQL, SQLite3 & MySQL operations * Hybrid BIND/PostgreSQL/SQLite3/MySQL operation To join the fun, download the tarball which can be found on the sites above, and let us know how it works for you! To clarify, we do not recommend taking the current code snapshot into production, but we are getting close. Kind regards, Bert _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users