Re: [Pdns-users] SOA serial number editing on re-signing of a zone / RRSIG changes
Hi Bert, It only took half a week of thinking, apologies for not getting back to you earlier. This feature has now been added. Thank you very much for adding this essential feature for those who slave PowerDNS zones. I'm testing this as we speak. Without an SOA-EDIT value, the original SOA serial is kept, which is good. I haven't looked at the code (which I might not understand anyway), but it may be useful to have an explicit KEEP for those who wish to add a record to domainmetadata for all their zones. You can set SOA-EDIT to either 'INCEPTION', in which case the SOA serial number will be replaced by MMDD01 of the currently issued RRSIG inception, the one that rolls over each Thursday at midnight GMT. I'm currently testing INCEPTION which appears to work as advertised. :-) Will PowerDNS send out NOTIFYs at that point, or do we rely on slaves refreshing the zone? I'm pondering 'SERIAL-INCREMENT' that will attempt to upgrade the current serial number with the number of weeks that have passed since the original serial number found in the SOA record. FYI, as I use the serial number as a counter, this will probably not be very useful to me, but it may be for others. Thanks again, and best regards, -JP ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] SOA serial number editing on re-signing of a zone / RRSIG changes
On Sun, Mar 27, 2011 at 10:38:32PM +0200, bert hubert wrote: You can set SOA-EDIT to either 'INCEPTION', in which case the SOA serial number will be replaced by MMDD01 of the currently issued RRSIG inception, the one that rolls over each Thursday at midnight GMT. I am not too sure how useful that is if it just replaces the SOA from the zone - I think it would be more useful if it would use either the SOA from the zone or the generated one (whichever is greater - and use MMDD00 for the generated one). I'm pondering 'SERIAL-INCREMENT' that will attempt to upgrade the current serial number with the number of weeks that have passed since the original serial number found in the SOA record. So if your original SOA serial number was 2011022701, and the SOA would be requested today, '4' would be added to the serial number, to get 2011022405, which would indicate that the original serial date is still 20110224, but that 4 'small' changes have been made. This gets messy after 100 weeks. Yes, but unless I have misunderstood the other options, it's currently the only useful one (at least for me). BTW, maybe a lua hook would be possible (for maximum flexibility)? Christof -- http://cmeerw.org sip:cmeerw at cmeerw.org mailto:cmeerw at cmeerw.org xmpp:cmeerw at cmeerw.org ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] SOA serial number editing on re-signing of a zone / RRSIG changes
Hi Christoph, I was talking to Bert this morning about this. It turns out his formulae didn't work for me, because e.g. the INCEPTION formula means the SOA serial number doesn't change even when zones are updated. What I'm using now (r2105) is INCREMENT-WEEKS which works like this: the incoming SOA serial number gets the current week (since epoch) added to it. This way, since neither incoming SOA serial nor week number ever decrease, PowerDNS is able to NOTIFY my slaves of an SOA serial update and they transfer the zone. http://wiki.powerdns.com/trac/changeset/2105 Maybe this will work for you as well? BTW, maybe a lua hook would be possible (for maximum flexibility)? Neat idea ;-) Regards, -JP ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] SOA serial number editing on re-signing of a zone / RRSIG changes
bh == bert hubert bert.hub...@netherlabs.nl writes: bh You can set SOA-EDIT to either 'INCEPTION', ... INCEPTION-WEEK, ... bh [and] I'm pondering 'SERIAL-INCREMENT' an option to set the serial to the time_t of the most recent update would be nice as well. A column in records which looks like: changed | integer | default now())::timestamp - '1970-01-01 00:00:00'::timestamp))::reltime)::integer along with a query which grabs the largest value for the column with the desired domain_id would make for an easy implementation. (With the column default adjusted, of course, for non-postgres.) -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6 ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] SOA serial number editing on re-signing of a zone / RRSIG changes
On Wed, Mar 23, 2011 at 12:39:42AM +0100, Christof Meerwald wrote: Just wanted to check what the status is on having a PowerDNS master with a non-PowerDNS slave for DNSSEC signed zone - we had briefly discussed this some time ago and I think the slave (if it's not PowerDNS) currently won't do an AXFR when the RRSIG changes (and the SOA won't change automatically). Will this be supported in the 3.0 release? Hi Christof, (Jan Piet), It only took half a week of thinking, apologies for not getting back to you earlier. This feature has now been added. 3.0 is really getting close, so we need to figure out quickly if the solution offered is sufficient for both your needs. The currently implemented adds yet another domain metadata item (how did we ever survive without that table?) called SOA-EDIT. You can set SOA-EDIT to either 'INCEPTION', in which case the SOA serial number will be replaced by MMDD01 of the currently issued RRSIG inception, the one that rolls over each Thursday at midnight GMT. You can also set it to INCEPTION-WEEK, in which case the serial number will be very different, the integral number of weeks since the epoch of the currently issued inception. I'm pondering 'SERIAL-INCREMENT' that will attempt to upgrade the current serial number with the number of weeks that have passed since the original serial number found in the SOA record. So if your original SOA serial number was 2011022701, and the SOA would be requested today, '4' would be added to the serial number, to get 2011022405, which would indicate that the original serial date is still 20110224, but that 4 'small' changes have been made. This gets messy after 100 weeks. Please let me know your thoughts! This code can be found in 2103, which has been uploaded to http://powerdnssec.org/downloads (including 64 bits packages). I hope you can let me know quickly if this hits the mark so we can wrapup 3.0! Good luck! ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
