<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Palatino Linotype">Hi Bert, <br>
<br>
Trying to find a solution, I removed from LDAP both the record
that appeared last in AXFR and the one after it, and then
retried. This time the AXFR set contained as a last record the
next in sequence, but still contained the same number of
records. So, <b>the transaction seems as if AXFR table is
limited in size and can only contain a particular number ofÃÂ
entries</b>: 510 records. When this limit is reached, AXFR
table is finalized and sent.<br>
<br>
Does this help in finding a solution? (I remind you that I found
the same behavior both with 2.9.21-4 and with 2.9.22-7.)<br>
<br>
As to the other problem: Querying the main server (pdns/ldap),
shows AUTHORITY: 0, whereas querying the slave (BIND9) shows
AUTHORITY: 2 and provides authority information (as it should)!
(Note that the slave only uses data derived from AXFR.) See
below.ÃÂ </font></font><font size="-1"><font face="Palatino
Linotype">Have I set up something wrong? Why the authority
server does not indicate authority, while the slave correctly
indicates the authoritative server?<br>
</font></font>
<blockquote><font size="-1"><font face="Palatino Linotype"><font
face="Courier New, Courier, monospace">Here is the query at
the "master" (run on the master box):<br>
-----------------------------------------------------------<br>
# dig hostabc.subdom.example.com any @dns.example.com</font></font></font><br>
<br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">; <<>> DiG
9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> </font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">hostabc.subdom.example.com</font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace"> any @dns</font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">.example.com</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; global options:ÃÂ printcmd</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; Got answer:</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; ->>HEADER<<- opcode:
QUERY, status: NOERROR, id: 37278</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; flags: qr aa rd; QUERY: 1,
ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0</font></font></font><br>
<br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; QUESTION SECTION:</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;</font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">hostabc.subdom.example.com</font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">.ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ INÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ANY</font></font></font><br>
<br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; ANSWER SECTION:</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">hostabc.subdom.example.com</font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">.ÃÂ ÃÂ 3600ÃÂ ÃÂ ÃÂ INÃÂ ÃÂ ÃÂ ÃÂ ÃÂ AÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ
10.10.10.10</font></font></font><br>
<br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; Query time: 3 msec</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; SERVER:
10.10.10.5#53(10.10.10.5)</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; WHEN: Thu SepÃÂ 9 09:31:20 2010</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; MSG SIZEÃÂ rcvd: 54</font></font></font><br>
<br>
<br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">Now, here is the query at the
"slave" (run on the <b>master</b> box, as well):<br>
-----------------------------------------------------------------------</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace"># dig </font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">hostabc.subdom.example.com</font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace"> any @slavedns</font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">.example.com</font></font></font><br>
<br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">; <<>> DiG
9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> </font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">hostabc.subdom.example.com</font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace"> any @slavedns</font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">.example.com</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; global options:ÃÂ printcmd</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; Got answer:</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; ->>HEADER<<- opcode:
QUERY, status: NOERROR, id: 27381</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; flags: qr aa rd ra; QUERY: 1,
ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1</font></font></font><br>
<br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; QUESTION SECTION:</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;</font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">hostabc.subdom.example.com</font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">.ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ INÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ANY</font></font></font><br>
<br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; ANSWER SECTION:</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">hostabc.subdom.example.com</font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">.ÃÂ ÃÂ 3600ÃÂ ÃÂ ÃÂ INÃÂ ÃÂ ÃÂ ÃÂ ÃÂ AÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ
10.10.10.10</font></font></font><br>
<br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; AUTHORITY SECTION:</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">noa.gr.ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ 3600ÃÂ ÃÂ ÃÂ
INÃÂ ÃÂ ÃÂ ÃÂ ÃÂ NSÃÂ ÃÂ ÃÂ ÃÂ ÃÂ dns</font></font></font><font size="-1"><font
face="Palatino Linotype"><font face="Courier New, Courier,
monospace">.example.com</font></font></font><font size="-1"><font
face="Palatino Linotype"><font face="Courier New, Courier,
monospace">.</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">noa.gr.ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ 3600ÃÂ ÃÂ ÃÂ
INÃÂ ÃÂ ÃÂ ÃÂ ÃÂ NSÃÂ ÃÂ ÃÂ ÃÂ ÃÂ slavedns</font></font></font><font size="-1"><font
face="Palatino Linotype"><font face="Courier New, Courier,
monospace">.example.com</font></font></font><font size="-1"><font
face="Palatino Linotype"><font face="Courier New, Courier,
monospace">.</font></font></font><br>
<br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; ADDITIONAL SECTION:</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">dns.example.com</font></font></font><font
size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">.ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ 3600ÃÂ ÃÂ ÃÂ INÃÂ ÃÂ ÃÂ ÃÂ ÃÂ
AÃÂ ÃÂ ÃÂ ÃÂ ÃÂ ÃÂ 10.10.10.5</font></font></font><br>
<br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; Query time: 13 msec</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; SERVER:
10.10.10.6#53(10.10.10.6)</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; WHEN: Thu SepÃÂ 9 09:31:32 2010</font></font></font><br>
<font size="-1"><font face="Palatino Linotype"><font face="Courier
New, Courier, monospace">;; MSG SIZEÃÂ rcvd: 108</font></font></font><br>
</blockquote>
<font size="-1"><font face="Palatino Linotype">My pdns.conf follows:<br>
</font></font>
<blockquote><font size="-1" face="Courier New, Courier, monospace">setuid=pdns</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">setgid=pdns</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">launch=ldap</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">ldap-host=localhost</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">ldap-basedn=ou=dns,dc=example,dc=com</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">ldap-binddn=uid=auth,ou=System,dc=example,dc=com</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">ldap-secret=***********</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">ldap-method=tree</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">local-address=127.0.0.1
10.10.10.5</font><font face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">local-port=53</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">allow-axfr-ips=10.10.10.0/24</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">allow-recursion=</font><font
size="-1" face="Courier New, Courier, monospace">127.0.0.1,
10.10.10.0/24</font><font face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">logging-facility=5</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">loglevel=8</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">log-dns-details=on</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">recursor=127.0.0.1:5300</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">webserver-password=*********</font><font
face="Courier New, Courier, monospace"><br>
</font><font size="-1" face="Courier New, Courier, monospace">webserver-port=8081<br>
</font><small><font face="Courier New, Courier, monospace">webserver-print-arguments=yes<br>
</font></small></blockquote>
<font size="-1"><font face="Palatino Linotype">Nick<br>
<br>
</font></font><br>
On 9/9/2010 12:51 ÃÂÃÅ, Nikolaos Milas wrote:
<blockquote cite="mid:4C88056A.7030404@admin.noa.gr" type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<small><font face="Courier New, Courier, monospace">Yes, I can see
exactly where it stopped, but I can't find a reason why it did
so. It seems to me as a typical host A record like all the
others - it responds to dig queries as well.<br>
<br>
</font></small><small><font face="Courier New, Courier,
monospace">...<br>
<br>
The AXFR stops at a particular record, then includes the SOA
record and ends: <br>
</font></small>
<blockquote><small><font face="Courier New, Courier, monospace"><font
face="Courier New, Courier, monospace">...</font></font></small><small><font
face="Courier New, Courier, monospace"><br>
</font></small></blockquote>
<small><font face="Courier New, Courier, monospace">Any ideas?<br>
<br>
Nick.</font></small><br>
<br>
On 9/9/2010 12:19 ÃÂÃÅ, bert hubert wrote:
<blockquote cite="mid:20100908211859.GB30856@xs.powerdns.com"
type="cite">Usually this is because of a badly formatted record
in the database, one<br>
<pre wrap="">that cannot be sent out over AXFR. Can you figure out where it stops
exactly, and what would've been the "next" record?
</pre>
</blockquote>
</blockquote>
<br>
</body>
</html>