[dns-operations] PowerDNS has not Cookie feature?

James Stevens James.Stevens at jrcs.co.uk
Sun Dec 2 13:05:34 UTC 2018


PowerDNS have an IXFR converter (ixfrdist), similar to using the 
"ixfr-from-differences yes;" in bind, but they told us it is not really 
production ready right now, so we use bind to convert AXFR (from 
PowerDNS) to IXFR, which we need to supply minor zone data updates 
rapidly to outside DNS anycast providers.

We only use PowerDNS as a hidden Master, so I've not tried it as an IXFR 
client - all our slaves & resolvers are bind.

To be fair, its DNSSEC support is really easy to use and we make a lot 
of use of its REST/API.

The only issue I have with its DNSSEC support is that it signs on the 
fly, which means (if you used it to publish your zone) you would need to 
have your private keys on public facing servers - I'm not particularly 
comfortable with this, which is another reason I like having bind 
between PowerDNS and the outside world.

I've also recent hit a pretty severe performance issue with a catalog 
zone that doesn't affect bind. A single "dig" takes about 15 to 17 
seconds to return about 2000 records, where as bind returns them 
instantaneously.


James


On 02/12/2018 11:24, Csillag Tamas wrote:
> Hi,
> 
> I did some research at my previous job a year ago and what I found is that only
> Bind has server side IXFR support and like many other DNS software PowerDNS
> *has* client side IXFR support.
> 
> Is that different from what have you found?
> 
> Regards,
>   Tamas
> 
> On Sat, Dec 01, 2018 at 12:00:19PM +0000, James Stevens wrote:
>> There are a lot of areas where PowerDNS could do a better job of RFC
>> compliance, like IXFR support :)
>>
>> Try using its "SOA=EPOCH" option (i.e. SOA = unixtime) - its just a bad
>> joke.
>>
>>
>>
>> James
>>
>>
>> On 11/11/2018 08:49, Champion Xie wrote:
>>>
>>>
>>> -- 
>>> Best Regards!!
>>> champion_xie
>>>
>>> _______________________________________________
>>> dns-operations mailing list
>>> dns-operations at lists.dns-oarc.net
>>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>> dns-operations mailing list
>>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>>
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-operations mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> 



More information about the dns-operations mailing list