Re: [Pdns-users] Storing binary data in PDNS
Hi again, I am running PDNS auth-server 3.4.2 on Gentoo Linux with a MariaDB SQL backend (drop-in replacement for MySQL). That works very well for nearly thousand domains. I have several DNSSEC enabled domains and I want to insert a records like this: MariaDB [pdns] insert into records (domain_id, name, type, content, ttl) values (21603, 1053463d383dc1e87f06fff34b3c6a2d340d91e184d46d70144ffa5a._encr._smimecert.roessner.co, TYPE65514“, \\# 1303 01003082050F308203F7A003020102021069CCB1DF3BD4256F7F8699100BC4300D06092A864886F70D01010B0500308197310B3009060355040613024742311B30190603550408131247726561746572204D616E636865737465723110300E0603550407130753616C666F7264311A3018060355040A1311434F4D4F444F204341204C696D69746564313D303B06035504031334434F4D4F444F2052534120436C69656E742041757468656E7469636174696F6E20616E642053656375726520456D61696C204341301E170D3134313231303030303030305A170D3135313231303233353935395A301E311C301A06092A864886F70D010901160D6340726F6573736E65722E636F30820122300D06092A864886F70D01010105000382010F003082010A0282010100BAE3DAF1760CE1073CCC742FA4E91422CCFD4C3CCB40EE98FFDE1F012E7357E8EEF4D119056F5ACEA799C8F4D4211AC1A27A580CE8C092F88A6456A48DB234DFC31C5C07B760BE20110006ADE9FD173AACA244DCC616468286C963BBF7CB7A28A073DBA05AB71D9711ECFA36C2696C2B8BC248608DF580161C82B579E5513918245AA17F3D6798E75828E8C1EBF0E0482B048925E451FD515524BD60234519ED3F341451FA206AB75B55B3386951E81B8021912E3439B8CA33BBCE34003DE79C3CB47F8276B682849F1AB9EB61A7BCAECC49A1000C58672C42CAD2622C4503185B56ACEF2E61777C326C918D3284D15C73C893AB0A2ED93A2BE6CD578FCC4A530203010001A38201CD308201C9301F0603551D2304183016801482AF6C8CF8C5FE96617CE81F3D2B71485EC48BC0301D0603551D0E04160414AA5D6DE47CD6A999E2EDC4FBA22AE542A437528D300E0603551D0F0101FF0404030205A0300C0603551D130101FF04023000301D0603551D250416301406082B0601050507030406082B0601050507030230460603551D20043F303D303B060C2B06010401B2310102010305302B302906082B06010505070201161D68747470733A2F2F7365637572652E636F6D6F646F2E6E65742F435053305A0603551D1F04533051304FA04DA04B8649687474703A2F2F63726C2E636F6D6F646F63612E636F6D2F434F4D4F444F525341436C69656E7441757468656E7469636174696F6E616E64536563757265456D61696C43412E63726C30818B06082B06010505070101047F307D305506082B060105050730028649687474703A2F2F6372742E636F6D6F646F63612E636F6D2F434F4D4F444F525341436C69656E7441757468656E7469636174696F6E616E64536563757265456D61696C43412E637274302406082B060105050730018618687474703A2F2F6F6373702E636F6D6F646F63612E636F6D30180603551D110411300F810D6340726F6573736E65722E636F300D06092A864886F70D01010B0500038201010055E6C263771F1893AFFEF0BC3C20269402ED300DA5C6961507AA1A04565E2187D814D0ED3422A9B1E2F3B85AFFB37BB3671805093A612AD268343D3F9B585A3E54F9428B2B4670AE991A04A68BAB30C8EB230E72A39B92702E6A16C564BF46E88827CEB1C202AE408D75A9987696B8144D3ACA1E5C44AE0CCDFB7D1CDCFF7F494848801C1095B8D6C39B6ADA143C39E600EE2805A59FFB7027362A764405FDEEDEB25026F7DE79A2D1D68C8CC60DA8ECCA3F3549D304774E0AC6C5D20BC1D245D79BA590FE7F2BC4918447C88766B3AE09726EE317C4F2CA639BCD4F13992DEEA2009B0405B575E234B78523387B7CF011F55D335E750286D83E30C2A0DB, 3600); After doing so, I enter : pdnssec rectify-zone roessner.co Followed by : pdnssec check-zone roessner.co Which leads to a warning: [Warning] Parsed and original record content are not equal: 1053463d383dc1e87f06fff34b3c6a2d340d91e184d46d70144ffa5a._encr._smimecert.roessner.co IN TYPE65514 '\# 1303
Re: [Pdns-users] Configure private subdomain
Nikolaos Milas wrote: If you managed to set up this demo (Split-DNS with powerdns and LDAP-Backend) for the Linux-Tage, could you please post this work here or a link to a page where it is available? Basically it boils down to this ACL: access to dn.subtree=cn=pdns,ou=services,ou=infra-dir filter=(objectClass=dNSDomain2) by set=user/memberOf this/seeAlso read by * none Attribute 'seeAlso' contains DN(s) of group entries of service accounts of powerdns instances. Could not extensively test it though due to time constraints. And a nicer schema for not (ab)using attribute 'seeAlso' would be better. Ciao, Michael. smime.p7s Description: S/MIME Cryptographic Signature ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Configure private subdomain
On 4/3/2015 8:17 μμ, Michael Ströder wrote: This sounds a bit like a special case for split horizon DNS. I promised to configure a demo using powerdns with LDAP backend for this based on OpenLDAP ACLs and several powerdns instances using different LDAP identities. Feel free to come here and ask whether I managed to get it working in time: https://chemnitzer.linux-tage.de/2015/en/programm/beitrag/134 Hi Michael, If you managed to set up this demo (Split-DNS with powerdns and LDAP-Backend) for the Linux-Tage, could you please post this work here or a link to a page where it is available? Thank you in advance. All the best, Nick ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Important PowerDNS announcement: merging with Open-Xchange!
Hi everybody, As a followup to the announcement below, we had a great time at World Hosting Days and met many current and possibly future PowerDNS users. Some of you have asked for some clarification why we took this step, you can find interesting perspectives in this The Register article: http://www.theregister.co.uk/2015/03/24/open_xchange_skype_dovecot_merger/?page=2 The thing is, PowerDNS may power 40 - 50 per cent of all the domain names out there – per principal author Bert Hubert – but the company has until now had a grand total of two staff members. It's impressive that they've been able to support as many users as they have through big-name customers such as Deutsche Telekom and BT, but they've been limited on the sales front. According to Hubert: We were servicing the needs of hundreds of millions of internet users and servicing them well, but in the open-source world people noticed that sometimes PowerDNS development would cease for a month or two, because we were doing sales. Merging with Open-Xchange, which has about 150 employees, fixes that problem for PowerDNS - and does much the same thing for Dovecot too; both companies can now just get on with it rather than having to tout around for investments in order to grow. This link also covers it: http://www.thewhir.com/web-hosting-news/open-xchange-ceo-talks-dovecot-powerdns-mergers-whd-global-2015 And Open-Xchange blogged this: http://blog.open-xchange.com/2015/03/24/powerdns/ Again, if you have any further questions. please do not hesitate to contact us! Bert On Tue, Mar 24, 2015 at 11:37:43AM +0100, bert hubert wrote: Hi everybody, We’re currently at World Hosting Days[1] in Rust Germany, where we just announced that PowerDNS will be joining the Open-Xchange family of companies. Last week it was also announced[2] that the famous Dovecot IMAP server project is now a part of OX[3] too. We’ve been working with Timo and his team at Dovecot and with the OX Team in Email Security projects and are already sharing personnel and infrastructure with each other and the cooperation works really well for all of us. From the Open-Xchange[4] website: “With over a decade of developing open-source software, Open-Xchange believes that only by engineering ruthlessly open products and services can the next generation of innovation emerge on the web. “Stay Open” contains many aspects of how we develop, engineer and deploy our products together with and for client-partners.” We fully believe in that mission, and are glad that PowerDNS will become part of the Open-Xchange family. It will be great to have Timo and friends from Dovecot as cousins! We’ll share more details of what the merger will and will not mean, but rest assured PowerDNS will stay as open and as community friendly as it has ever been. Meanwhile, if you are at WHD, please come meet us at the Open-Xchange booth! Also if you have any concerns, worries or questions about this development, please contact us. Bert, Peter and Pieter [1] http://whd.global/ [2] http://www.open-xchange.com/announcements/18 [3] http://www.dovecot.fi/ [4] http://www.open-xchange.com/home ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users