[Pdns-users] Setting up intentionally invalid DNSSEC record in auto-secure environment

Hi all, We're running a PowerDNS 3.4.6 installation with the MySQL backend, and we’re using pdnsutil secure-zone/set-nsec3/rectify-zone to automatically secure all of our domains (the least-effort method, instead of manually signing everything). It works great. Thanks for the excellent

Re: [Pdns-users] Setting up intentionally invalid DNSSEC record in auto-secure environment

Out of curiosity, what DOES PowerDNS do if it finds an both an A and an RRSIG record for a.b.c.com in the database? Nick On Wed, Jan 6, 2016 at 12:33 PM, Aki Tuomi wrote: > The code does not support this but you might be able to use postresolve > Lua hook to break the reply

Re: [Pdns-users] Setting up intentionally invalid DNSSEC record in auto-secure environment

On Wed, Jan 06, 2016 at 12:46:38PM -0600, Nicholas Williams wrote: > Out of curiosity, what DOES PowerDNS do if it finds an both an A and an > RRSIG record for a.b.c.com in the database? Hi Nicholas, To answer both your messages in one go, if you run with 'presigned zones', PowerDNS will use the

Re: [Pdns-users] Setting up intentionally invalid DNSSEC record in auto-secure environment

(inline) On Wed, Jan 6, 2016 at 11:42 AM, Nicholas Williams wrote: > I'll look into that other script. Thanks, Bert. > >> How about a creating a separate sub-zone with a broken presigned DNSSEC > >> You can set presigned for just that single zone using the

Re: [Pdns-users] Setting up intentionally invalid DNSSEC record in auto-secure environment

On 2016-01-06 20:42, Nicholas Williams wrote: I'll look into that other script. Thanks, Bert.  How about a creating a separate sub-zone with a broken presigned DNSSEC  You can set presigned for just that single zone using the PRESIGNED domain metadata[1] int your database. I really like