Hi all, We're running a PowerDNS 3.4.6 installation with the MySQL backend, and we’re using pdnsutil secure-zone/set-nsec3/rectify-zone to automatically secure all of our domains (the least-effort method, instead of manually signing everything). It works great. Thanks for the excellent software!
To support an internal testing tool, I would like to set up a few DNS records on a subdomain of one of our signed domains, and have those DNS records //intentionally invalidly signed// so that verifying resolvers will flag them and not return them. What is the best way to do this? Can I simply manually enter an invalid RRSIG record for each record, and that manual record will take precedence over any automatic signing that PowerDNS preforms? Or do I need to take some other step (perhaps it requires a separate domain)? Or is what I want to do impossible with PowerDNS automatic signing enabled? Thanks! Nick Williams
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
