From fd5bbe2a44de2da54b7a25e99c2380507a43eb21 Mon Sep 17 00:00:00 2001
From: uvok cheetah
Date: Sat, 11 Jan 2025 13:50:37 +0100
Subject: Formatting., github issues

---
 _drafts/migrating-dns-servers.md | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

(limited to '_drafts')

diff --git a/_drafts/migrating-dns-servers.md b/_drafts/migrating-dns-servers.md
index 246128f..60aff4a 100644
--- a/_drafts/migrating-dns-servers.md
+++ b/_drafts/migrating-dns-servers.md
@@ -102,18 +102,18 @@ other TLDs and other registrars.
 1. Download the zone data from the INWX web interface
 1. Create the zone in PowerDNS and set various settings
 
-        #!/bin/bash
-        zone="example.com"
-        pdnsutil create-zone $zone
-        pdnsutil set-kind $zone primary
-        pdnsutil secure-zone $zone
-        pdnsutil set-presigned $zone
-        pdnsutil set-meta $zone ALLOW-AXFR-FROM <ip of secondaries>
+       #!/bin/bash
+       zone="example.com"
+       pdnsutil create-zone $zone
+       pdnsutil set-kind $zone primary
+       pdnsutil secure-zone $zone
+       pdnsutil set-presigned $zone
+       pdnsutil set-meta $zone ALLOW-AXFR-FROM <ip of secondaries>
 1. Filter and import the zone. PowerDNS will actually complain about the NSEC3
    records otherwise once you open the zone in your editor.
 
-        grep -vw "IN NSEC3" ./dl-zone.txt > imp-zone.txt
-        pdnsutil load-zone $zone ./imp-zone.txt
+       grep -vw "IN NSEC3" ./dl-zone.txt > imp-zone.txt
+       pdnsutil load-zone $zone ./imp-zone.txt
 
    This should keep the RRSIGs for the NSEC3 records.  This doesn't help with
    the errors I receive later, though…
@@ -162,10 +162,11 @@ other TLDs and other registrars.
     PowerDNS can't sign the reply, because it doesn't have the keys to sign the
     NSEC3 replies (??? I guess ???). So now, instead of sending back an unsigned
     reply, it sends back an error.
+
     I imported the RRSIGs for these NSEC3 records, though, at least in a second
     attempt. I tried all combinations of (set-nsec3|unset-nsec3) and (import
     NSEC3-RRSIG|don't import NSEC3-RRSIG). All variants failed. I have no clue
-    how this is supposed to work cleanly.
+    how this is supposed to work cleanly. [^7]
 
 1. Wait at least 24 hours (TTLs, DNS propagation time). \
    *I am currently at this step. Further steps are guesswork*.
@@ -222,6 +223,11 @@ headache for me.
 
 [^6]: such as duplicate RRSIG replies.
 
+[^7]:
+    There are two GitHub issues similar to this:
+    [#9263](https://github.com/PowerDNS/pdns/issues/9263) and
+    [#8892](https://github.com/PowerDNS/pdns/issues/8892)
+     
 
 <!-- vim: set ft=markdown tw=80 ai tabstop=4 shiftwidth=4 expandtab: -->
 
-- 
cgit v1.2.3