PowerDNS
Handle parent/child zone NS records through the API
Our use case comes from our custom integration with DirectAdmin. Normally DirectAdmin works with bind zone files and uses bind to serve those. We have hooked into this to serve all our domains from a central PowerDNS instance (with replication).
Within DirectAdmin it's common to create separate zones for subdomains. That means you have an example.com zone and a sub.example.com zone. Without DNSSEC you can usually get away with not creating sub.example.com NS records in the example.com zone, but DNSSEC forces you to do the right thing. That's why we have a hook that manages the NS records.
- On creation it finds:
- the closest parent and ensures proper NS records.
- all children and ensures proper NS records. If a parent existed before (sub1.sub2.example.com and example.com existed, sub2.example.com is created) we also take care of this. This means deleting the old NS records and creating new ones.
- On deletion the process is reversed
This issue is to open up discussion if this feature is desired in the API and in what form.
The most limited support would be to retrieve the closest parent zone and child zones. Finding the closest parent would also be useful in the case where I want to insert host.example.com and I want to find the zone where I need to insert it.
Full support could mean a parameter on POST /zones to ensure NS records are correct.
We have a delegation check in pdnsutil check-zone; perhaps the API should also have that check?
We have a delegation check in
pdnsutil check-zone; perhaps the API should also have that check?
Probably. However, should we fix the known issues in the delegation check first?
Probably. However, should we fix the known issues in the delegation check first?
Yes.