Working on a multi-server deployment with powerdns and found I'm missing the dnssec options in the 'DNS Zone' settings. Digging into install.php I see that there's a hardcoded test for the existence of `/usr/sbin/dnssec-signzone` but on Ubuntu 24.04 this path has changed to `/usr/bin/dnssec-signzone`.
Another issue I'm now finding is that AXFR doesn't work with powerdns because ispconfig doesn't write the allow zone transfer and also notify fields to the powerdns database. In a post from 2013 I see that (ispconfg) master/slave was suggested for powerdns replication. And while this works, it disables dnssec. dnssec on ispconfig dictates that the master dns server generates the certificates and updates slaves via AXFR. However, for powerdns with a myswl backend this isn't needed. They can be multi master, all serving data from the same database. I run powerdns clusters this way with one management server and many read-only authoritative servers using the same database. So what's the advice for me? I'd like to manage DNS within ISPconfig, but want to use powerdns for it's speed and efficiency. However, the support for GA releases of powerdns seems to be lacking in ispconfig 3.3. I'm now starting to consider if I should run a single ISPconfig server with BIND integrated and then transfer/notify public powerdns servers from there. What's the advice here?
PowerDNS is not officially supported in ISPConfig, so not every function of the DNS module will work with it. There are no PowerDNS-related settings in ISPConfig. It's just a user-contributed server-side plugin that is neither maintained nor tested by the core dev team. There will be no updates, fixes, or adjustments to that plugin. I do not recommend using that plugin. If you want to use that plugin nevertheless, you must maintain, fix, and support it yourself.
@till , thank you for the update. As I would still like to use PowerDNS, I will likely pivot to BIND for a single ISPconfig-managed (internal) DNS server and use that to feed a cluster of PowerDNS servers.
