[Opendnssec-user] AXFR's Between OpenDNSSEC + PowerDNS
Sebastian Castro
sebastian at nzrs.net.nz
Mon Jun 20 01:26:23 UTC 2011
On 06/20/2011 01:05 PM, Craig Whitmore wrote:
>
>>>
>>
>> You are missing one important point. OpenDNSSEC doesn't provide outgoing
>> zone transfers, it has to rely on a nameserver to do that. It can do
>> incoming zone transfer (pull a zone from a nameserver).
>>
>>>
>
> What I wanted to do is.. Pull a zone..... Sign the zone and then push it
> via an AXFR to a slave (or get the slave to pull the zone from the
> opendnssec) . Ie Acting as a signing proxy.
>
> But what you are saying with opendnssec is it will request via an AXFR ->
> sign and then place the files on the harddrive (say in
> /var/lib/opendnssec/signed directory) and then you have to do something
> with it.
>
That's correct.
> Ie run powerdns/bind again on the box where the files are and it will axfr
> them to the slaves.
>
Exactly. OpenDNSSEC won't provide the signed data for distribution using
XFR by itself, requires a nameserver.
> (hidden master powerdns server) -> opendsnsec (saves files to directory)
> -> powerdns on the same box to axfr them to slaves.
>
Yes, this sequence could work. You can use powerdns/bind/nsd to load the
signed zones and serve them to the slaves.
Cheers,
>
> Thanks
> Craig
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>>>
>
>
--
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
More information about the Opendnssec-user
mailing list