Hello Fredrik, On Sep 26, 2013, at 2:46 , Fredrik Roubert wrote:
> On Wed 25 Sep 11:00 CEST 2013, Peter van Dijk wrote: > >> If that's not it, check your zone file for any lines containing TYPE in >> uppercase, or any entry over 255 in >> http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4 > > Ah, thank you, this is interesting. My zone file has TYPE65534 records, > which are part of BIND's "Fully automatic zone signing" process: > > ftp://ftp.isc.org/isc/bind9/9.9.4/doc/arm/Bv9ARM.ch04.html#id2563513 > > Are you saying that PowerDNS 3.0 is failing on these TYPE65534 records? If > so, then that's case closed for it wouldn't be possible to get rid of them > without also saying good-bye to automatic zone signing. PowerDNS is failing on the NSECs related to these records. So, in short, yes. Again - please don't use 3.0 for DNSSEC. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
