Hi, Just a few queries on implementing DNSSec with a MySQL backend, if I could trouble someone for their thoughts an recommendations?
Currently our PowerDNS Auth infra looks like below: +-----------------+ +-----------------+ | PowerDNS Auth B | | PowerDNS Auth C | +-----------------+ +-----------------+ | MYSQL SLAVE | | MYSQL SLAVE | +-------^---------+ +-------^---------+ | | | | | +--------------+ | | | PowerAdmin | | MASTER/SLAVE| +------+-------+ |MASTER/SLAVE REPLICATION | | |REPLICATION | +------v-------+ | +--------------+ MYSQL MASTER +--------------+ +------^-------+ | | +------+----------+ | PowerDNS Auth A | +-----------------+ We currently edit records by way of PowerAdmin, which updates the master database directly and so "PowerDNS Auth A" instance is not actually used or interacted with, normally. Zone/record updates are replicated to the "edge" Auth servers (B and C) via MySQL replication. We would like to enable DNSSec on a few of our domains, at least as a proof of concept. A few questions... I assume I need to enable gmysql-dnssec on ALL PowerDNS Auth instances (A,B and C)? Will PowerDNS commands to enable DNSSec signing of a zone need executed on "PowerDNS Auth A" ONLY (which will add the relevant records to the database and replicate them to B and C)? Given that PowerAdmin talks directly to the database, any record changes here likely to cause a problem with these signed domains? Should I look at a newer GUI that implements the DNSSec commands and interacts with PowerDNS API instead? Thanks in advance... Regards, Alun. [Tibus Logo]<http://www.tibus.com/?utm_source=signature&utm_medium=email>[Separator]Alun James Senior Systems Engineer T: +44 (0) 28 9033 1122 E: aja...@tibus.com<mailto:aja...@tibus.com> W: www.tibus.com<http://www.tibus.com/?utm_source=signature&utm_medium=email> [http://frontend.open.ms-dev.web.tibus.net/zesty/tibus-sig-new/assets/icon-fb.png]<https://www.facebook.com/tibusDigital> [http://frontend.open.ms-dev.web.tibus.net/zesty/tibus-sig-new/assets/icon-tw.png] <https://twitter.com/tibus> [http://frontend.open.ms-dev.web.tibus.net/zesty/tibus-sig-new/assets/icon-li.png] <https://www.linkedin.com/company/tibus> Tibus is a wholly-owned division of Wireless.
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users