<div dir="ltr">Hi<div><br></div><div>In your case, AXFR/IXFR/Notify come to dnsdist and then go to PowerDNS from the loopback interface. And in the opposite direction along the same chain, but in reverse order.<br>You can try something like this configuration, with explicit routing</div><div><br># On secondary<br># pdns.conf<br>trusted-notification-proxy=127.0.0.1<br><br># dnsdist.conf<br>setLocal("<a href="http://192.168.1.4:53">192.168.1.4:53</a>")<br>addLocal("<a href="http://127.0.0.1:53">127.0.0.1:53</a>")<br><br>newServer({address="<a href="http://127.0.0.1:5053">127.0.0.1:5053</a>", name="auth", pool="auth"})<br>newServer({address="<a href="http://192.168.1.3:53">192.168.1.3:53</a>", name="primary", pool="primary"})<br><br>addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("<a href="http://192.168.1.3/">192.168.1.3/</a> 32"))}), RCodeAction(DNSRCode.REFUSED))<br>addAction(AndRule({OpcodeRule(DNSOpcode.Notify), makeRule("<a href="http://192.168.1.3/32">192.168.1.3/32</a>")}), PoolAction("auth"))<br>addAction(AndRule({OrRule({QTypeRule(DNSQType.SOA), QTypeRule(DNSQType.NS), QTyp eRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), makeRule("<a href="http://127.0.0.1/32">127.0.0.1/32</a>")} ), Po olAction("primary"))<br><br><br># On primary<br># pdns.conf<br>allow-axfr-ips=<a href="http://127.0.0.1/8">127.0.0.1/8</a><br>also-notify=192.168.1.4,127.0.0.1<br><br># dnsdist.conf<br>setLocal("<a href="http://192.168.1.3:53">192.168.1.3:53</a>")<br>addLocal("<a href="http://127.0.0.1:53">127.0.0.1:53</a>")<br><br>newServer({address="<a href="http://127.0.0.1:5053">127.0.0.1:5053</a>", name="auth", pool="auth"})<br>newServer({address="<a href="http://192.168.1.4:53">192.168.1.4:53</a>", name="secondary", pool="secondary"})<br><br>addAction(AndRule({OrRule({QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), NotRule(makeRule("<a href="http://192.168.1.4/32">192.168.1.4/32</a>"))}), RCodeAction(DNSRCode.REFUSED))<br>addAction(AndRule({OrRule({QTypeRule(DNSQType.SOA), QTypeRule(DNSQType.NS), QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), makeRule("<a href="http://192.168.1.4/32">192.168.1.4/32</a>")}) , PoolAction("auth"))<br>addAction(AndRule({OpcodeRule(DNSOpcode.Notify), makeRule("<a href="http://127.0.0.1/32">127.0.0.1/32</a>")}), PoolAction("secondary"))<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">ср, 9 нояб. 2022 г. в 15:00, <<a href="mailto:dnsdist-request@mailman.powerdns.com">dnsdist-request@mailman.powerdns.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Send dnsdist mailing list submissions to<br>
        <a href="mailto:dnsdist@mailman.powerdns.com" target="_blank">dnsdist@mailman.powerdns.com</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
        <a href="https://mailman.powerdns.com/mailman/listinfo/dnsdist" rel="noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/dnsdist</a><br>
or, via email, send a message with subject or body 'help' to<br>
        <a href="mailto:dnsdist-request@mailman.powerdns.com" target="_blank">dnsdist-request@mailman.powerdns.com</a><br>
<br>
You can reach the person managing the list at<br>
        <a href="mailto:dnsdist-owner@mailman.powerdns.com" target="_blank">dnsdist-owner@mailman.powerdns.com</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of dnsdist digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
   1. powerdns + dnsdist on docker (Andre Magri)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Wed, 9 Nov 2022 12:52:43 +0100<br>
From: Andre Magri <<a href="mailto:andremag@gmail.com" target="_blank">andremag@gmail.com</a>><br>
To: <a href="mailto:dnsdist@mailman.powerdns.com" target="_blank">dnsdist@mailman.powerdns.com</a><br>
Subject: [dnsdist] powerdns + dnsdist on docker<br>
Message-ID:<br>
        <CADO7uLBXA8YYSibwDFj4DA6MMHi=<a href="mailto:ie0GSzgQLXE_LLAzVyZADw@mail.gmail.com" target="_blank">ie0GSzgQLXE_LLAzVyZADw@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi,<br>
I've been trying to solve a replication issue without success so I'm hoping<br>
someone can help me.<br>
<br>
When the master (docker1.home.local) sends a NOTIFY to the slave (<br>
docker2.home.local) I get this on the slave:<br>
<br>
pdns-auth-1      | Nov 09 11:44:06 Received NOTIFY for home.local from<br>
172.18.0.4 for which we are not authoritative, trying supermaster<br>
pdns-auth-1      | Nov 09 11:44:06 Error resolving SOA or NS for home.local<br>
at: <a href="http://172.18.0.4" rel="noreferrer" target="_blank">172.18.0.4</a>: Query to '172.18.0.4' for SOA of 'home.local' produced no<br>
answers<br>
<br>
I tried adding the following to slave dnsdist.conf but then I get no more<br>
logs on the slave:<br>
newServer({address="docker1.home.local", useClientSubnet=true,<br>
name="supermaster1", pool="supermasters"})<br>
addAction(OrRule({QTypeRule(DNSQType.SOA), QTypeRule(DNSQType.AXFR),<br>
QTypeRule(DNSQType.IXFR)}), PoolAction("supermasters"))<br>
<br>
<br>
I figured that the slave is not querying the master for the SOA even though<br>
the supermasters table is populated with the master ip.<br>
<br>
I'm also using *useClientSubnet=true* in all my server declarations.<br>
<br>
I'd appreciate any help and thank you in advance.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://mailman.powerdns.com/pipermail/dnsdist/attachments/20221109/6dbd4ac4/attachment-0001.htm" rel="noreferrer" target="_blank">http://mailman.powerdns.com/pipermail/dnsdist/attachments/20221109/6dbd4ac4/attachment-0001.htm</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
dnsdist mailing list<br>
<a href="mailto:dnsdist@mailman.powerdns.com" target="_blank">dnsdist@mailman.powerdns.com</a><br>
<a href="https://mailman.powerdns.com/mailman/listinfo/dnsdist" rel="noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/dnsdist</a><br>
<br>
<br>
------------------------------<br>
<br>
End of dnsdist Digest, Vol 85, Issue 4<br>
**************************************<br>
</blockquote></div>