The DNSSEC Trust Anchors and Negative Trust Anchors must be stored in the Lua Configuration file. See the DNSSEC in the PowerDNS Recursor for all information about DNSSEC in the PowerDNS Recursor. This page only documents the Lua functions for DNSSEC configuration
addTA(name, dscontent)¶New in version 4.2.0.
Adds Trust Anchor to the list of DNSSEC anchors.
| Parameters: |
|
|---|
clearTA([name])¶New in version 4.2.0.
Remove Trust Anchors for a name from the list of configured trust anchors. When name is
not given, remove all trust anchors instead.
| Parameters: | name (str) – The name in the DNS tree for which the Trust Anchors should be removed. |
|---|
addDS(name, dscontent)¶Deprecated since version 4.2.0: Please use addTA() instead
Adds a DS record (Trust Anchor) to the configuration
| Parameters: |
|
|---|
clearDS([name])¶Deprecated since version 4.2.0: Please use clearTA() instead
Remove Trust Anchors for a name from the list of configured trust anchors. When name is
not given, remove all trust anchors instead.
| Parameters: | name (str) – The name in the DNS tree for which the Trust Anchors should be removed. |
|---|
addNTA(name[, reason])¶Adds a Negative Trust Anchor for name to the configuration.
Please read Negative Trust Anchors for operational information on NTAs.
| Parameters: |
|
|---|
clearNTA([name])¶Remove Negative Trust Anchor for name from the list of configured trust anchors. When name is
not given, remove all negative trust anchors instead.
| Parameters: | name (str) – The name in the DNS tree from where this NTA should be removed |
|---|
readTrustAnchorsFromFile(fname[, interval])¶New in version 4.2.0.
Reads all DS and DNSKEY records from fname (a BIND zone file) and adds these to the Trust Anchors.
This function can be used to read distribution provided trust anchors, as for instance /usr/share/dns/root.key from Debian’s dns-root-data package.
| Parameters: |
|
|---|