starred/nsedit
1
0
Fork 0
mirror of https://github.com/tuxis-ie/nsedit.git synced 2026-04-27 00:25:50 +03:00
Code Issues 32 Projects Releases 3 Packages Wiki Activity

[GH-ISSUE #54] nsedit: pdnssec rectify-zone/rectify-all-zones #30

New issue
Closed
opened 2026-02-28 01:20:37 +03:00 by kerem · 2 comments
kerem commented 2026-02-28 01:20:37 +03:00
Owner
Copy link

Originally created by @piwats on GitHub (Sep 23, 2015).
Original GitHub issue: https://github.com/tuxis-ie/nsedit/issues/54

When having a zone in NSEC3 mode, adding a record to it without running pdnssec rectify-zone xxx or pdnssec rectify all zones results in NXDOMAIN response.

Is there a way nsedit could run pdnssec to rectify the zone it just "edited"?

Originally created by @piwats on GitHub (Sep 23, 2015). Original GitHub issue: https://github.com/tuxis-ie/nsedit/issues/54 When having a zone in NSEC3 mode, adding a record to it without running pdnssec rectify-zone xxx or pdnssec rectify all zones results in NXDOMAIN response. Is there a way nsedit could run pdnssec to rectify the zone it just "edited"?
kerem closed this issue 2026-02-28 01:20:38 +03:00
kerem commented 2026-02-28 01:20:38 +03:00
Author
Owner
Copy link

@tuxis-ie commented on GitHub (Sep 23, 2015):

According to https://doc.powerdns.com/md/httpapi/api_spec/#zones, this is not yet implemented. IMHO, pdns should always be responsible for this.

<!-- gh-comment-id:142581711 --> @tuxis-ie commented on GitHub (Sep 23, 2015): According to https://doc.powerdns.com/md/httpapi/api_spec/#zones, this is not yet implemented. IMHO, pdns should always be responsible for this.
kerem commented 2026-02-28 01:20:38 +03:00
Author
Owner
Copy link

@piwats commented on GitHub (Sep 25, 2015):

I meant, that when you deploy dnssec on pdns

1.) pdnssec secure-zone ZONE
2.) pdnssec set-nsec3 ZONE

after this, each time you add an additional record to the zone, you have to run pdnssec rectify-zone ZONE in order to get answers of the new records. If not, you'll get an NXDOMAIN response.

I'm not sure that this is an upstream bug.

But still, it would be nice to see, if nsedit could simply run pdnssec rectify-zone ZONE, so one doesn't need to run it manually.

<!-- gh-comment-id:143186379 --> @piwats commented on GitHub (Sep 25, 2015): I meant, that when you deploy dnssec on pdns 1.) pdnssec secure-zone ZONE 2.) pdnssec set-nsec3 ZONE after this, each time you add an additional record to the zone, you have to run pdnssec rectify-zone ZONE in order to get answers of the new records. If not, you'll get an NXDOMAIN response. I'm not sure that this is an upstream bug. But still, it would be nice to see, if nsedit could simply run pdnssec rectify-zone ZONE, so one doesn't need to run it manually.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
check-authdb-docroot
template-ns-records
v1.1
v1.0
v0.9
Labels
Clear labels   
bug

   
duplicate

   
enhancement

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
upstream

   
upstream

   
wontfix
No labels
bug
duplicate
enhancement
help wanted
invalid
pull-request
question
question
upstream
upstream
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nsedit#30
No description provided.