Hi Stefan, Thanks for the reply.
Sorry for the confusion. I think "option for dns-sec in the backend" is the key here, because I have this set, as I want to serve some dns-sec zones but not all. Essentially, PDNS, with Mysql Backend (only), and I`m trying to serve dns-sec, and non dns-sec zones. launch=gmysql gmysql-dnssec Set in pdns.conf. In the database: Domains: | 6 | wibble.com | NULL | NULL | NATIVE | NULL | NULL | +----+--------------------------+--------+------------+--------+-----------------+---------+ mysql> select * from records where domain_id=6; +-----+-----------+-----------------+------+------------------------------------------------------------------------------+-------+------+-------------+-----------+------+ | id | domain_id | name | type | content | ttl | prio | change_date | ordername | auth | +-----+-----------+-----------------+------+------------------------------------------------------------------------------+-------+------+-------------+-----------+------+ | 694 | 6 | wibble.com | SOA | ns1.server.co.uk hostmaster.server.net 2011011702 10800 3600 1209600 86400 | 86400 | 0 | NULL | | 0 | | 695 | 6 | mail.wibble.com | A | 1.1.1.1 | 86400 | 0 | NULL | | 0 | | 696 | 6 | wibble.com | NS | ns1.server.co.uk | 86400 | 0 | NULL | | 0 | So I have name server (ns1.server.co.uk is the physical server), SOA and an A record. The auth field (for DNS-SEC is 0) However results from dig: [root@ns1 ~]# dig wibble.com @localhost SOA ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> wibble.com @localhost SOA ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18174 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;wibble.com. IN SOA ;; ANSWER SECTION: wibble.com. 86400 IN SOA ns1.server.co.uk hostmaster.server.net 2011011702 10800 3600 1209600 86400 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jul 21 17:22:56 2011 ;; MSG SIZE rcvd: 101 So, no issues with the SOA, but the A [root@ns1 ~]# dig mail.wibble.com @localhost A ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> mail.wibble.com @localhost A ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57290 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.wibble.com. IN A ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jul 21 17:28:20 2011 ;; MSG SIZE rcvd: 33 And in the logs: Jul 21 17:25:19 ns1 pdns[14821]: Should not get here (mail.wibble.com|1): please run pdnssec rectify-zone wibble.com Im guessing as I have gmysql-dnssec set, its assuming all zones are DNS-SEC enabled. So the question then becomes, can I run 2 gmysql backends, one for sec one for not. Docs don't really tell me this, especially preferably in the same database. Cheers Chris -----Original Message----- From: pdns-users-boun...@mailman.powerdns.com [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of Stefan Schmidt I am not sure what you mean by 'auth zone'. You can run non DNSSEC zones alongside DNSSEC signed ones no problem, PowerDNS will default to non-DNSSEC operation for a Zone if it doesn't find any key material or option for it in the backend. Stefan _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users Knowledge I.T. ‘Unifying Business Technology’ www.knowledgeit.co.uk Knowledge Limited, Company Registration: 1554385 Registered Office: New Century House, Crowther Road, Washington, Tyne & Wear. NE38 0AQ Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR Tel: 0845 142 0020. Fax: 0845 142 0021 E-Mail Disclaimer: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages to clients of Knowledge IT may contain information that is confidential and legally privileged. Please do not read, copy, forward, or store this message unless you are an intended recipient of it. If you have received this message in error, please forward it to the sender and delete it completely from your computer system. Please consider the environment before printing this email. _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users