Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
docs enhancements; clarify error message when set-presigned fails with DNSSEC disabled #4478
(12:04:06 PM) Habbie: wonder if that error from pdnsutil could be more helpful
regarding 8ad575f, from IRC:
(01:09:05 PM) pt01: During AXFR, pdns does rectify. Is this when acting as a (signing) slave (after receiving the zone), or when acting as a master (before signing)?
Please revert the changes which are suggesting axfr out rectify is updating the database
The information that I tried to add to the docs is that even an outgoing AXFR does some sort of rectify, as the outgoing AXFR contains signed NSEC3 records for empty non-terminals. This information is nowhere else to be found. The documentation therefore currently implies that the rectify is fully done by the receiving slave (including signing NSEC3 records for ENT), which requires access to keying material on the slave. However, this is not the case.
It was certainly misguided to modify backend-generic-sql.md, so I changed things so that this information is now in dnssec.md only.