Re: [Pdns-users] Slave DNSKeys
Peter van Dijk wrote: (2) it looks like your RRSIGs and KSK DNSKEY on the slave are truncated; we recommend increasing the size of the ‘content’ column in the records table (see our upgrade notes https://doc.powerdns.com/md/authoritative/upgrading/ ) (Sigh!) I really wonder why the LDAP backend is not improved to support DNSSEC. It's so much easier to setup a LDAP server with multi-master and two-tier replication than a mySQL server. And attributes are of variable length by default. Ciao, Michael. smime.p7s Description: S/MIME Cryptographic Signature ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Slave DNSKeys
Hoi Maurice, On 27 Feb 2015, at 9:44 , Maurice Sienema msien...@unet.nl wrote: We are testing with DNSSEC on our PowerDNS setup, everything seems to be working except the slave server isn't using the DNSKEY set from the master, am I missing the concept and should I register both keys at the parrent zone, or is the slave capable of using the key set from the master? see here what is going wrong: http://dnsviz.net/d/uned.nl/dnssec/ Some details about the setup: Both servers running PowerDNS version 3.1 ( standard Debian wheezy package ) Both servers are running gmysql back-end connected to a local database NS1 is a supermaster for NS2, zones updates are done by NOTIFY/AXFR (1) when using DNSSEC, we strongly recommend upgrading PowerDNS to a 3.4.x release. Packages are available at https://www.powerdns.com/downloads.html (2) it looks like your RRSIGs and KSK DNSKEY on the slave are truncated; we recommend increasing the size of the ‘content’ column in the records table (see our upgrade notes https://doc.powerdns.com/md/authoritative/upgrading/ ) Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Slave DNSKeys
We are testing with DNSSEC on our PowerDNS setup, everything seems to be working except the slave server isn't using the DNSKEY set from the master, am I missing the concept and should I register both keys at the parrent zone, or is the slave capable of using the key set from the master? see here what is going wrong: http://dnsviz.net/d/uned.nl/dnssec/ Some details about the setup: Both servers running PowerDNS version 3.1 ( standard Debian wheezy package ) Both servers are running gmysql back-end connected to a local database NS1 is a supermaster for NS2, zones updates are done by NOTIFY/AXFR Regards, Maurice ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users