Load DNSSEC key for pdns recursor

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Load DNSSEC key for pdns recursor

Federico87
I need to load a DNSSEC key for my power DNS recursor in order to "talk" with some IPv6 root server under test. Can you please suggest me how do it or point me in the right direction?

Thanks

Federico

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: Load DNSSEC key for pdns recursor

bert hubert-3
On Thu, Jan 21, 2016 at 12:42:26PM +0000, Federico Olivieri wrote:
> I need to load a DNSSEC key for my power DNS recursor in order to "talk"
> with some IPv6 root server under test. Can you please suggest me how do it
> or point me in the right direction?

Hmm, this is indeed not documented it appears.

Try https://doc.powerdns.com/md/recursor/settings/#lua-config-file

And put in that config file:

        clearDS()
        addDS(".", "19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5")

This gets you the default root anchor, but you can put in your own of
course.

        Bert

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: Load DNSSEC key for pdns recursor

Federico87
Hi,

I put the config in a file and pointed the pdns config file to the lua file.

That is my config

clearDS()
        addDS(".", "IN DNSKEY 257 3 8 AwEAAaP3gGQ4db0tAiDEky0dcUNGeI1aTDYP5NFxzhbdpD60ZhKLVV4KyxPmoSNUpq5Fv5M0iBwK1Tyswsyq/9sMSoZ8zx8aT3ho1YnPsSqQeJfjTT1WsX6YZ5Kw6B2QkjRNa6OMGZ96Kn8AI/slqsw+z8hY49Sn3baeo9iJxHPzloNc2dQkW4aLqzNEYxnuoJsthCfGrPSAXlUjY9m3YKIaEWR5WFYQk770fT+gGWLk/54Vp0sG+Lw75JZnwhDhixPFaToTDNqbHQmkEylq1XJLO15uZ/+RZNRfTXZKO4fVR0tMEbMAITqRmyP8xLXY4RXbS4J32gnenQbzABX8sQmwO7s=")

When I start pdsn I get this error

Jan 21 13:19:42 raspberrypi pdns_recursor[12794]: Jan 21 13:19:42 Unable to load Lua script from '/etc/powerdns/lua.conf': Parsing record content (try 'pdnsutil check-zone'): expected digits at position 0 in 'IN DNSKEY 257 3 8 AwEAAaP3gGQ4db0tAiDEky0dcUNGeI1aTDYP5NFxzhbd

Maybe is the syntax of the file...Can you help me whit this. Is the first time I'm working with DNSSEC and LUA :)

Thanks

2016-01-21 12:54 GMT+00:00 bert hubert <[hidden email]>:
On Thu, Jan 21, 2016 at 12:42:26PM +0000, Federico Olivieri wrote:
> I need to load a DNSSEC key for my power DNS recursor in order to "talk"
> with some IPv6 root server under test. Can you please suggest me how do it
> or point me in the right direction?

Hmm, this is indeed not documented it appears.

Try https://doc.powerdns.com/md/recursor/settings/#lua-config-file

And put in that config file:

        clearDS()
        addDS(".", "19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5")

This gets you the default root anchor, but you can put in your own of
course.

        Bert


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users