Hi Stefan,

 Thanks for the reply.

 Sorry for the confusion. I think "option for dns-sec in the backend" is the 
key here, because I have this set, as I want to serve some dns-sec zones but 
not all.

 Essentially, PDNS, with Mysql Backend (only), and I`m trying to serve dns-sec, 
and non dns-sec zones.

launch=gmysql
gmysql-dnssec


 Set in pdns.conf.

 In the database:

Domains:

|  6 | wibble.com               | NULL   |       NULL | NATIVE |            
NULL | NULL    |
+----+--------------------------+--------+------------+--------+-----------------+---------+


mysql> select * from records where domain_id=6;
+-----+-----------+-----------------+------+------------------------------------------------------------------------------+-------+------+-------------+-----------+------+
| id  | domain_id | name            | type | content                            
                                          | ttl   | prio | change_date | 
ordername | auth |
+-----+-----------+-----------------+------+------------------------------------------------------------------------------+-------+------+-------------+-----------+------+
| 694 |         6 | wibble.com      | SOA  | ns1.server.co.uk 
hostmaster.server.net 2011011702 10800 3600 1209600 86400 | 86400 |    0 |      
  NULL |           |    0 |

| 695 |         6 | mail.wibble.com | A    | 1.1.1.1          | 86400 |    0 |  
      NULL |           |    0 |
| 696 |         6 | wibble.com      | NS   | ns1.server.co.uk | 86400 |    0 |  
      NULL |           |    0 |


 So I have name server (ns1.server.co.uk is the physical server), SOA and an A 
record. The auth field (for DNS-SEC is 0)

 However results from dig:

[root@ns1 ~]# dig wibble.com @localhost SOA

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> wibble.com @localhost SOA
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18174
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;wibble.com.                    IN      SOA

;; ANSWER SECTION:
wibble.com.             86400   IN      SOA     ns1.server.co.uk 
hostmaster.server.net 2011011702 10800 3600 1209600 86400

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 21 17:22:56 2011
;; MSG SIZE  rcvd: 101

 So, no issues with the SOA, but the A

[root@ns1 ~]# dig mail.wibble.com @localhost A

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> mail.wibble.com @localhost A
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57290
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.wibble.com.               IN      A

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 21 17:28:20 2011
;; MSG SIZE  rcvd: 33


 And in the logs:

Jul 21 17:25:19 ns1 pdns[14821]: Should not get here (mail.wibble.com|1): 
please run pdnssec rectify-zone wibble.com

 Im guessing as I have gmysql-dnssec set, its assuming all zones are DNS-SEC 
enabled.

 So the question then becomes, can I run 2 gmysql backends, one for sec one for 
not. Docs don't really tell me this, especially preferably in the same database.

Cheers

Chris



-----Original Message-----
From: pdns-users-boun...@mailman.powerdns.com 
[mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of Stefan Schmidt


I am not sure what you mean by 'auth zone'.
You can run non DNSSEC zones alongside DNSSEC signed ones no problem,
PowerDNS will default to non-DNSSEC operation for a Zone if it doesn't
find any key material or option for it in the backend.

 Stefan
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Knowledge I.T.
‘Unifying Business Technology’
www.knowledgeit.co.uk

Knowledge Limited, Company Registration: 1554385
Registered Office: New Century House, Crowther Road, Washington, Tyne & Wear. 
NE38 0AQ
Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR

Tel: 0845 142 0020. Fax: 0845 142 0021

E-Mail Disclaimer: This e-mail message is intended to be received only by 
persons entitled to receive the confidential information it may contain. E-mail 
messages to clients of Knowledge IT may contain information that is 
confidential and legally privileged. Please do not read, copy, forward, or 
store this message unless you are an intended recipient of it. If you have 
received this message in error, please forward it to the sender and delete it 
completely from your computer system.

Please consider the environment before printing this email.
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to