[Opendnssec-user] AXFR's Between OpenDNSSEC + PowerDNS

Craig Whitmore lennon at orcon.net.nz
Mon Jun 20 01:05:32 UTC 2011

>You are missing one important point. OpenDNSSEC doesn't provide outgoing
>zone transfers, it has to rely on a nameserver to do that. It can do
>incoming zone transfer (pull a zone from a nameserver).

What I wanted to do is.. Pull a zone..... Sign the zone and then push it
via an AXFR to a slave (or get the slave to pull the zone from the
opendnssec) . Ie Acting as a signing proxy.

But what you are saying with opendnssec is it will request via an AXFR ->
sign and then place the files on the harddrive (say in
/var/lib/opendnssec/signed directory) and then you have to do something
with it.

Ie run powerdns/bind again on the box where the files are and it will axfr
them to the slaves.

(hidden master powerdns server) -> opendsnsec (saves files to directory)
-> powerdns on the same box to axfr them to slaves.



More information about the Opendnssec-user mailing list