goodday powerdns-users, my company is planning the migration of our authoritative name servers to powerdns 4.1.x with a bind backend (managed with puppet). this part is working as intended.
Now i'm investigating the possibilities to enable dnssec. I enabled this on a test server as per documentation: pdns.conf: bind-dnssec-db=/etc/powerdns/bind-dnssec-db.sqlite3 command's # pdnsutil create-bind-db /etc/powerdns/bind-dnssec-db.sqlite3 # pdnsutil secure-zone <zone1> and queries are signed. So far so good. The question is: can I put the bind-dnssec-db.sqlite3 inside puppet after I secured the zone. (can it be readonly from powerdns's viewpoint) or does powerdns need read-write acces to the bind-dnssec-db.sqlite3? (maybe for key roll over?) and if it has to be read-write, do I have to replicate the bind-dnssec-db.sqlite3 to my other auth nameservers or do I keep the bind-dnssec-db.sqlite3 local per server? the zone configuration is 'native' for al zone's, there is no master/slave setup. thanks in advance, Philip
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
