I'm running PowerDNS 4.0.0a2 on Ubuntu 16.04 on a master and four slaves. All machines are using mysql backend on mariadb. All slaves are set up with mysql replication against the master which synchronizes data fine.
Creating DNSSEC on a zone is easily done with pdnsutil secure-zone domain.com and seems to work perfectly with following dnssec lookups. But signatures seems to differ from each nameserver. For instance the master presents one signature while all of the slaves presents their own.
Example output:
Slave 1
# dig +dnssec +short domain.com @ns1.mynameserver.com
A 13 3 900 20161208000000 20161117000000 24981 mynameserver.com. 3/zXyqf1oK4yCSWjLqI6Lx62SzlKHk/909goNWMZ2DrlBFBXNMM3xJlU WWaTpbo8saao+TIsR65aNgYCe+vmUA==
Slave 2
# dig +dnssec +short domain.com @ns2.mynameserver.com
A 13 3 900 20161208000000 20161117000000 24981 mynameserver.com. bbZSlERmHLB33uMbwCB5fiBSzrCfvIrws3TK9qIbMvE8QdzTI9411Ibl Dtpd9ePYF44PlgdVrtS2IZXnI94GcA==
Every online DNS test i've made seems not to mention any problems i.e. http://dnssec-debugger.verisignlabs.com/ as well as the registries i've setup DNNSEC with. Looking at other zones around the net doesn't seem the provide different signatures.
So the question is if the different signatures are a problem or not?
