[Pdns-users] Successful, yet incomplete AXFR to BIND9 slave

bert hubert bert.hubert at netherlabs.nl
Wed Sep 8 21:19:00 UTC 2010 

On Thu, Sep 09, 2010 at 12:10:53AM +0300, Nikolaos Milas wrote:
>  Indeed, I have confirmed that pdns does not send a complete set of
> records during AXFR, by executing:
> 
>    # dig example.com AXFR @dns.example.com
> 
> where dns.example.com is the pdns/ldap server. The output is exactly
> the content of slave files.
> 
> So, why aren't all zone records included in the AXFR set?

Usually this is because of a badly formatted record in the database, one
that cannot be sent out over AXFR. Can you figure out where it stops
exactly, and what would've been the "next" record?

	Bert

> 
> I am waiting for your advice.
> 
> I like pdns and I am trying to resolve issues so that it can replace
> (gradually) all BIND9 servers in our organization.
> 
> Nick
> 
> On 8/9/2010 11:26 ΌΌ, Nikolaos Milas wrote:
> >In my pdns/ldap (tree) on CentOS 5.5, I am setting up a domain
> >(say: 'example.com')  with its single SOA record. This has several
> >virtual subzones (a.example.com, b.example.com etc.) which include
> >their own MX records but are not delegated: the same NS records
> >(as defined in the example.com entry) are used for the whole
> >domain (zone) and its subdomains (subzones).
> >
> >The LDAP server also includes 5 in-addr.arpa zones (which
> >correspond to the 5 available LANs = Class-C subnets) for reverse
> >mapping.
> >
> >Everything seems to be working fine when the pdns server is
> >queried for any records, which obviously means that pdns sees
> >everything correctly in ldap. (One problem however: queries for
> >example.com and its subdomains/hosts indicate AUTHORITY: 0. I
> >would expect it to indicate AUTHORITY: 1 in such queries. Any hint
> >on this?)
> >
> >For testing (preparing a production environment), I have setup a
> >BIND9 slave ( which uses pdns as master. Everything seems to run
> >smoothly, messages in logs indicate successful zone transfers, no
> >errors either in BIND or in pdns logs, BUT *a large number of A
> >records* in some of the subdomains *is not transferred at all*
> >(however, some of the A records are transferred). Interestingly,
> >the PTR records in all in-addr.arpa zones seem to be transferred
> >correctly. The slave is also CentOS 5.5 with
> >bind-9.3.6-4.P1.el5_4.2.
> >
> >The BIND9 zone file for example.com (as produced by slaving),
> >includes all subdomains, specifies their MX records, but it misses
> >a large number of A records. I waited for several AXFRs, to check
> >if subsequent zone transfers would correct things, but nothing
> >changed. The transferred records are always the same.
> >
> >In the meantime, just in case, I have tried switching from the
> >2.9.22 rpm which I had found in a repository, to the more standard
> >2.9.21-4 rpm included in the 'extras' CentOS repositories, but the
> >behavior is exactly the same. (I am using CentOS 5.5 with a
> >2.6.18-194.11.3.el5 kernel).
> >
> >I would come to the conclusion that AXFR is not being sent
> >correctly by pdns, because, if a full set of records is being
> >sent, why the slave is not registering the complete set of
> >records?
> >
> >All rpms (and the servers) are x86_64.
> >
> >Any suggestions? How can I  troubleshoot this in more detail?
> >
> >Thanks in advance,
> >Nick
> >
> >
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list