[Yeti DNS Discuss] Help with DNSSEC Key

龚道彪 dbgong at biigroup.cn
Fri Jan 22 16:26:28 UTC 2016


Hi Federico,


I have tested the follwing config, it works well.


$ cat /etc/powerdns/recursor.conf
....
dnssec=validate
hint-file=/etc/powerdns/yeti-hints
lua-config-file=/etc/powerdns/yeti.lua
query-local-address6=::
....


$ cat /etc/powerdns/yeti.lua
addDS(".","55954 8 2 88FF12F948BFBE666AC91B1256BB5B77B51150991A5E50F80A9FAB73945BA2AA")


$cat /etc/powerdns/yeti-hints
.                       518400  IN      NS      yeti-ns.wide.ad.jp.
.                       518400  IN      NS      yeti-ns.tisf.net.
.                       518400  IN      NS      yeti-ns.ix.ru.
.                       518400  IN      NS      yeti-dns01.dnsworkshop.org.
.                       518400  IN      NS      dahu2.yeti.eu.org.
.                       518400  IN      NS      ns-yeti.bondis.org.
.                       518400  IN      NS      yeti.aquaray.com.
.                       518400  IN      NS      bii.dns-lab.net.
.                       518400  IN      NS      yeti-ns.lab.nic.cl.
.                       518400  IN      NS      yeti.ipv6.ernet.in.
.                       518400  IN      NS      yeti-ns.conit.co.
.                       518400  IN      NS      yeti.bofh.priv.at.
.                       518400  IN      NS      dahu1.yeti.eu.org.
.                       518400  IN      NS      yeti-ns.as59715.net.
.                       518400  IN      NS      yeti-ns.switch.ch.


bii.dns-lab.net.        518400  IN      AAAA    240c:f:1:22::6
yeti.bofh.priv.at.      172800  IN      AAAA    2a01:4f8:161:6106:1::10
yeti.ipv6.ernet.in.     172800  IN      AAAA    2001:e30:1c1e:1::333
yeti.aquaray.com.       172800  IN      AAAA    2a02:ec0:200::1
dahu1.yeti.eu.org.      172800  IN      AAAA    2001:4b98:dc2:45:216:3eff:fe4b:8c5b
dahu2.yeti.eu.org.      172800  IN      AAAA    2001:67c:217c:6::2
ns-yeti.bondis.org.     172800  IN      AAAA    2a02:2810:0:405::250
yeti-ns.ix.ru.          172800  IN      AAAA    2001:6d0:6d06::53
yeti-ns.lab.nic.cl.     172800  IN      AAAA    2001:1398:1:21::8001
yeti-ns.tisf.net.       172800  IN      AAAA    2001:559:8000::6
yeti-ns.wide.ad.jp.     172800  IN      AAAA    2001:200:1d9::35
yeti-ns.conit.co.       172800  IN      AAAA    2604:6600:2000:11::4854:a010
yeti-ns.switch.ch.      172800  IN      AAAA    2001:620:0:ff::29
yeti-ns.as59715.net.    172800  IN      AAAA    2a02:cdc5:9715:0:185:5:203:53
yeti-dns01.dnsworkshop.org. 172800 IN   AAAA    2001:1608:10:167:32e::53
 
 ---
Kevin
------------------ Original ------------------
From:  "龚道彪"<dbgong at biigroup.cn>;
Date:  Fri, Jan 22, 2016 11:33 PM
To:  "Federico Olivieri"<lvrfrc87 at gmail.com>; "discuss"<discuss at lists.yeti-dns.org>; 

Subject:  Re: [Yeti DNS Discuss] Help with DNSSEC Key

 
Hi Federico,


 addDS() should need the DS record.
the DS record for Yeti root zone is '. IN DS 55954 8 2 88FF12F948BFBE666AC91B1256BB5B77B51150991A5E50F80A9FAB73945BA2AA'


Please you try
 addDS(".","55954 8 2 88FF12F948BFBE666AC91B1256BB5B77B51150991A5E50F80A9FAB73945BA2AA")
 
------------------ Original ------------------
From:  "Federico Olivieri"<lvrfrc87 at gmail.com>;
Date:  Fri, Jan 22, 2016 08:26 PM
To:  "discuss"<discuss at lists.yeti-dns.org>; 

Subject:  [Yeti DNS Discuss] Help with DNSSEC Key

 
Hi everyone, 

I'm trying to enable my DNS server recursive on DNS Yeti.

In order to do that, I need to use a LUA script



clearDS()
 
        addDS(".", "IN DNSKEY 257 3 8 AwEAAaP3gGQ4db0tAiDEky0dcUNGeI1aTDYP5NFxzhbdpD60ZhKLVV4KyxPmoSNUpq5Fv5M0iBwK1Tyswsyq/9sMSoZ8zx8aT3ho1YnPsSqQeJfjTT1WsX6YZ5Kw6B2QkjRNa6OMGZ96Kn8AI/slqsw+z8hY49Sn3baeo9iJxHPzloNc2dQkW4aLqzNEYxnuoJsthCfGrPSAXlUjY9m3YKIaEWR5WFYQk770fT+gGWLk/54Vp0sG+Lw75JZnwhDhixPFaToTDNqbHQmkEylq1XJLO15uZ/+RZNRfTXZKO4fVR0tMEbMAITqRmyP8xLXY4RXbS4J32gnenQbzABX8sQmwO7s=")
 
 
 
When I start the DNS service I get this error
 
 
 
Jan 21 13:19:42 raspberrypi pdns_recursor[12794]: Jan 21 13:19:42 Unable to load Lua script from '/etc/powerdns/lua.conf': Parsing record content (try 'pdnsutil check-zone'): expected digits at position 0 in 'IN DNSKEY 257 3 8 AwEAAaP3gGQ4db0tAiDEky0dcUNGeI1aTDYP5NFxzhbd
 
 
 
Unfortunately is the first time that I use LUA scripting I try to googole for it but I haven't found anything useful Maybe is the syntax of the file...

Can you help me with that?

Thanks


Federico
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yeti-dns.org/pipermail/discuss/attachments/20160123/cc8ebfc3/attachment.html>


More information about the discuss mailing list