[bind10-dev] SQL in BIND 10
Evan Hunt
each at isc.org
Thu Feb 7 20:20:08 UTC 2013
> I've not closely looked into the DNSSEC support of PowerDNS, but my
> preliminary understanding is that signatures are not in the user
> database but generated and maintained either in-memory or in some
> "captive" storage. Is that what people would expect when they want to
> support DNSSEC with their own provisioning system? Or are they
> willing to maintain DNSSEC related data in the own system?
In BIND 9 we have a feature called "inline-signing" which allows an
unsigned zone (either master or slave) to create a signed clone of itself;
queries are then served from the signed version.
If I wanted to do something like you're describing in BIND 9, I'd just need
the database to be able to signal the server when it's been updated, so that
the server can pull the new records from the database and do the internal
equivalent of a notify and IXFR to update the signed clone.
A similar architecture would make sense for BIND 10, I think. But if the
database doesn't have that ability to send a signal when there's new data,
then I don't see any for it to work, so this might end up being a capability
we disable when using certain databases.
eh
More information about the bind10-dev
mailing list