Hi Sean, On 3/30/20 11:40 PM, Sean Lair via Pdns-users wrote: > Should we be running “pdnsutil rectify-all-zones” anytime a new record > is added? Is there a way to automate this after every record or should > we have it scheduled via cron?
The answer is 'it depends'. It mostly depends on how the how the zones are edited, if you use DNSSEC and is the edits happen on a hidden master. If you're not using DNSSEC, rectification is not needed. If you are using DNSSEC and the zones are edited on a hidden master (no resolvers talk to this authoritative server), PowerDNS will generate the correct NSECx records when it sends the AXFR and no rectification is needed on the master. If you're using DNSSEC and the server that the edits happen on does receive queries from resolvers, you indeed need to rectify. Now it can depend on how the records are modified. If the edits happen via `pdnsutil edit-zone`, the zone is rectified when it is saved. If the edits happen by directly changing content in the database (which is not recommended), you'll need to call `pdnsutil rectify ZONE` for each edited zone, or `pdnsutil rectify-all-zones` if you don't know what changes when. If you're using the API[1] to change the records (which we do recommend), you _can_ call `pdnsutil` as above. However, you can also set the `api_rectify` property of the zone to `true`[2]. Then the zone will be rectified after the changed records have been stored. I hope this clarifies it for you. If not, don't hesitate to reply to the mailinglist. Best regards, Pieter 1 - https://doc.powerdns.com/authoritative/http-api/index.html 2 - https://doc.powerdns.com/authoritative/http-api/zone.html#zone -- Pieter Lexis PowerDNS.COM BV -- https://www.powerdns.com _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
