fresh install failures...

[ghost]

So im really trying to just get this rolled out on one of my hosts, however im getting nowhere

tsig-secret tsig.example.com && tsig-change tsig.example.com && tsig-share tsig.example.com
tsig-secret tsig.ddns.example.com && tsig-change tsig.ddns.example.com

as per the readme... however this does nothing..... because

ns1# which tsig-secret
/usr/local/bin/tsig-secret
ns1# cat /usr/local/bin/tsig-secret
#!/bin/sh

and again.... frresh install

missing: ./etc/ssl/dns/.DNSKEY
missing: ./etc/ssl/dns/private/.SK
missing: ./etc/ssl/dns/private/tsig.
missing: ./var/unbound/db/root.key
missing: ./var/unbound/etc/root.hints

ns1# rcctl enable nsd unbound pdns_server
ns1# rcctl restart nsd unbound pdns_server
nsd(failed)
unbound(ok)
unbound(ok)
pdns_server(failed)

nsd-checkconf /var/nsd/etc/nsd.conf
/var/nsd/etc/nsd.conf:20: error: cannot open include file '/var/nsd/etc/tsig.example.com': No such file or directory
/var/nsd/etc/nsd.conf:22: at 'remote-control:': error: syntax error
/var/nsd/etc/nsd.conf:22: error: last key has no secret blob
read /var/nsd/etc/nsd.conf failed: 3 errors in configuration file

and /etc/pdns/pdnsd.conf has no sqlite configuration

[horia]

I will include the full path, does this work?
/usr/local/bin/tsig-secret tsig.example.com

• to place the secret in "/etc/ssl/dns/private/tsig.example.com"

/usr/local/bin/tsig-change tsig.example.com

• to copy the key in NSD chroot ("/var/nsd/etc/nsd.conf:20")
• to import the key in PowerDNS

Is there something in "/var/pdns/"?

edit unbound takes a bit to fetch the key, I will remove its restart from README.md
missing: ./var/unbound/db/root.key
missing: ./var/unbound/etc/root.hints

[ghost]

theres something seriously wrong with tsig here....

ls -al /usr/local/bin/tsig-*
-r-x------ 1 root bin 82 Mar 16 00:13 /usr/local/bin/tsig-change
-r-xr-xr-x 1 root bin 40 Mar 16 00:13 /usr/local/bin/tsig-fetch
-r-x------ 1 root bin 82 Mar 16 00:13 /usr/local/bin/tsig-secret
-r-x------ 1 root bin 129 Mar 16 00:13 /usr/local/bin/tsig-share
ns1# ls -al src/usr/local/
bin/ share/
ns1# ls -al src/usr/local/bin/
total 36
drwxr-xr-x 2 root wheel 512 Mar 15 15:03 .
drwxr-xr-x 4 root wheel 512 Mar 15 15:03 ..
-rw-r--r-- 1 root wheel 467 Mar 15 15:03 nsec3salt
-rw-r--r-- 1 root wheel 1693 Mar 15 15:03 pdns-backup
-rw-r--r-- 1 root wheel 685 Mar 15 15:03 rmchangelist
-rw-r--r-- 1 root wheel 638 Mar 15 15:03 tsig-change
-rw-r--r-- 1 root wheel 517 Mar 15 15:03 tsig-fetch
-rw-r--r-- 1 root wheel 791 Mar 15 15:03 tsig-secret
-rw-r--r-- 1 root wheel 659 Mar 15 15:03 tsig-share
ns1# cat /usr/local/bin/tsig-change
#!/bin/sh

Change TSIG secret for NSD and PowerDNS: tsig-change name [algorithm]

ns1#

[ghost]

ls -al /var/pdns/
total 288
drwxr-x--- 2 _powerdns wheel 512 Mar 16 00:13 .
drwxr-xr-x 26 root wheel 512 Mar 15 14:12 ..
-rw-r----- 1 _powerdns wheel 81920 Mar 16 00:13 pdns.sqlite
-rw-r----- 1 _powerdns wheel 61440 Mar 16 00:13 pdnssec.sqlite

cat /etc/pdns/pdns.conf

OpenBSD package configuration sample for various backends.

See /usr/local/share/doc/pdns for database schemas.

setuid=_powerdns

MySQL

#launch=gmysql
#gmysql-host=127.0.0.1
#gmysql-dbname=pdns
#gmysql-user=pdns
#gmysql-password=pdns

PostgreSQL

#launch=gpgsql
#gpgsql-host=127.0.0.1
#gpgsql-dbname=pdns
#gpgsql-user=pdns
#gpgsql-password=pdns

SQLite 3

[horia]

You're right, I will move the "TSIG Wizard" after zone installation, since it won't work without.
I'll and take a look at PowerDNS SQL, and include a script to add and remove zones in a bit.
Thanks again!

[horia]

Scripts to add and remove zones:
https://github.com/vedetta-com/dithematic/blob/master/src/usr/local/bin/zoneadd
https://github.com/vedetta-com/dithematic/blob/master/src/usr/local/bin/zonedel

I have updated README.md to reflect these changes, and testing...