search

tuxis-ie / nsedit

DNS Editor working with PowerDNS's new API
GNU General Public License v2.0
198 stars 55 forks source link

DNSSEC enabled zones are not automaticly rectified on update #163

Closed webvanced closed 6 years ago

webvanced commented 6 years ago

At this moment i have to manually run pdnsutil rectify-zone to rectify the zone for correct NSEC ordering.

DNSSEC-enabled zones should be rectified after changing the zone data. This can be done by the API automatically after a change when the API-RECTIFY metadata is set. When creating or updating a zone, the “api_rectify” field of the Zone can be set to true to enable this behaviour.

Or the rectifying should be done after updating the zone by PUT /servers/{server_id}/zones/{zone_id}/rectify

webvanced commented 6 years ago

This can be done automaticly in powerdns >= 4.1. Setting domain meta data API-RECTIFY=1 after securing a domain and run a rectify domain:

pdnsutil set-meta domain.nl API-RECTIFY 1 pdnsutil rectify-zone domain.nl

I willl close this issue because it can be handled by powerdns itself now.