Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Although under the hood a lot has changed in OpenDNSSEC 2.0, the architecture and workflow has more in common with OpenDNSSEC 1.4 than it differs. This 'HOWTO' will initially focus on procedures that have changed or are formerly not possible. In the future this should be more complete and include updated sections now only find found in the 1.4 Documentation.


Most of the following parameters such as TTLs and algorithms will not be used for this zone. They are still required to be present however, like in any other policy. Please also note that this is different than defining a policy without keys. A policy without keys will get its DNSSEC related records stripped.

Change Database Backend

If you are running OpenDNSSEC and want to change its used database backend there are three steps involved:

  1. Change database settings in conf.xml
  2. Create database
  3. Convert the database

To accommodate step 3 we provided two scripts: convert_mysql_to_sqlite and convert_sqlite_to_mysql both located in enforcer/utils.

Code Block
usage: ./convert_mysql_to_sqlite -i DATABASE_MYSQL -o DATABASE_SQLITE [-h HOST] [-u USER] [-p PASSWORD]
usage: ./convert_sqlite_to_mysql -i DATABASE_SQLITE -o DATABASE_MYSQL [-h HOST] [-u USER] [-p PASSWORD]
  • DATBASE_MYSQL, Name of the MySQL database. Make sure you created the database beforehand.
  • DATABASE_SQLITE, Path of SQLite database file. Will overwrite existing file
  • HOST, USER, PASSWORD apply to the MySQL database. HOST will default to localhost.

When creating a SQLite database make sure the resulting file is readable and writable for the user OpenDNSSEC runs as.