Hello Frederik, On Sep 25, 2013, at 10:49 , Fredrik Roubert wrote:
> My ISP is running a slave DNS service, using PowerDNS 3.0 as this is the > version included in Ubuntu 12.04 LTS. I've already read this post, about > DNSSEC in 3.0 being "explicitly deprecated": > > http://mailman.powerdns.com/pipermail/pdns-users/2012-July/009099.html Yes. This is not the only issue you will run into, and other issues may be more subtle. > Transferring this DNSSEC signed zone, however, leads my ISP's PowerDNS > to log error messages like this: > > Sep 25 10:01:07 ns5 pdns[27445]: Unable to parse record during incoming AXFR > of 'roubert.net' (MOADNSException): Can't deal with multi-part NSEC mappings > yet > > So this is clearly something in PowerDNS 3.0 that was fixed in 3.1: > > http://wiki.powerdns.com/trac/changeset/2590 > http://doc.powerdns.com/html/changelog.html#changelog-auth-3-1 > > But what does it mean? What exactly is it in my configuration that makes > PowerDNS 3.0 unable to handle it? Is it something I could change to make > PowerDNS 3.0 play along as a slave server? The only reason we've seen these multi-part mappings in practice is when BIND stores auto-signing metadata in private records with high TYPE numbers. You may be able to get rid of these by changing your BIND configuration - I'm not sure. If that's not it, check your zone file for any lines containing TYPE in uppercase, or any entry over 255 in http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4 Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
