[Pdns-users] MyDNS-Bind Migration and DNSSEC
Hello Everyone, I am in the middle of migration testing for 330K Domains and 1.8 Million records from a MyDNS with a Bind Mysql backend to PowerDNS with PDNSSEC with gmysql backend, We have had no issue migrating zones and records after creating the scripts. Our issue lies in serving the zones. I am finding unless I run pdnssec rectify-zone xyz.com I will see this in monitor and no answer will be provided Dec 13 09:58:35 Should not get here (xyz.com|1): please run pdnssec rectify-zone Upon running rectify-zone all behaves properly. I thought I could run Normal and Secured zones on one server? We are inserting NULL in ordername and auth could this be the cause? Eric Haskins *High Octane Brands LLC* PHP/MySQL Developers ~ E-Commerce Specialists Magento, OpenCart, WorpPress Optimized Hosting HighOctaneBrands.com 978-905-9603 Cell ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] MyDNS-Bind Migration and DNSSEC
Hello Eric, On Dec 13, 2013, at 17:42 , Eric Haskins wrote: I am in the middle of migration testing for 330K Domains and 1.8 Million records from a MyDNS with a Bind Mysql backend to PowerDNS with PDNSSEC with gmysql backend, We have had no issue migrating zones and records after creating the scripts. Our issue lies in serving the zones. I am finding unless I run pdnssec rectify-zone xyz.com I will see this in monitor and no answer will be provided Dec 13 09:58:35 Should not get here (xyz.com|1): please run pdnssec rectify-zone Upon running rectify-zone all behaves properly. I thought I could run Normal and Secured zones on one server? We are inserting NULL in ordername and auth could this be the cause? You have a few options: 1) remove gmysql-dnssec from your configuration. This will fully disable DNSSEC, and also disable all features that use the domainmetadata table. It will also make PowerDNS ignore ordername and auth and this error will go away. 2) keep gmysql-dnssec, and fake up ordername and auth. For non-DNSSEC domains, put 1 in auth. ordername is ignored so NULL is a good value for it. If you do want to support DNSSEC for (some) domains, please read http://doc.powerdns.com/html/dnssec-modes.html#dnssec-direct-database very carefully and/or use rectify-zone after zone data changes. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] MyDNS-Bind Migration and DNSSEC
Peter, Thank You we did manage to get it to work via auth = 1. I have one other question in regards to the DS and DNSKEY records from a registry perspective ICANN requires registrars to provide a mechanism allowing a domain owner to secure a zone. The registrar has to submit the DS and DNSKEY values to the registrar via API is there a way to get these records since it appears PowerDNS is building on the fly when requested?? This and Rollover are our last hurdles Thx again Peter Eric Haskins *High Octane Brands LLC* PHP/MySQL Developers ~ E-Commerce Specialists Magento, OpenCart, WorpPress Optimized Hosting HighOctaneBrands.com 978-905-9603 Cell On Fri, Dec 13, 2013 at 12:11 PM, Peter van Dijk peter.van.d...@netherlabs.nl wrote: Hello Eric, On Dec 13, 2013, at 17:42 , Eric Haskins wrote: I am in the middle of migration testing for 330K Domains and 1.8 Million records from a MyDNS with a Bind Mysql backend to PowerDNS with PDNSSEC with gmysql backend, We have had no issue migrating zones and records after creating the scripts. Our issue lies in serving the zones. I am finding unless I run pdnssec rectify-zone xyz.com I will see this in monitor and no answer will be provided Dec 13 09:58:35 Should not get here (xyz.com|1): please run pdnssec rectify-zone Upon running rectify-zone all behaves properly. I thought I could run Normal and Secured zones on one server? We are inserting NULL in ordername and auth could this be the cause? You have a few options: 1) remove gmysql-dnssec from your configuration. This will fully disable DNSSEC, and also disable all features that use the domainmetadata table. It will also make PowerDNS ignore ordername and auth and this error will go away. 2) keep gmysql-dnssec, and fake up ordername and auth. For non-DNSSEC domains, put 1 in auth. ordername is ignored so NULL is a good value for it. If you do want to support DNSSEC for (some) domains, please read http://doc.powerdns.com/html/dnssec-modes.html#dnssec-direct-databasevery carefully and/or use rectify-zone after zone data changes. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users