<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
Hello, <br>
<br>
Now, we disabled the IPV6 notification issue,<br>
<br>
But still we got below error,<br>
<br>
Feb 6 01:54:36 powerdns pdns[28933]: <b>Received unsuccessful</b>
notification report for 'example.com' from x.x.x.x:53, rcode: 4<br>
<br>
<br>
Also, <br>
<br>
We would like to mentioned that we had setup Powerdns as a hidden
master,<br>
& when we notified to our slave DNS server from our Master using
below commands then our Master servers sent notification to all the
real Name servers of the domain which we have not define or specify
in pdns.conf of hidden master server.<br>
<br>
allow-axfr-ips= 68.71.141.22 174.36.24.251<br>
disable-axfr=no<br>
<br>
<br>
Command that we fired on Master:<br>
------------------------------------<br>
<b>pdns_control notify example .com</b><br>
pdns_control notify-host example.com 68.71.141.22<br>
pdns_control notify-host example.com 174.36.24.251<br>
<br>
<br>
But still received unsuccessful notification that you can see in
below log:<br>
Feb 6 02:18:02 powerdns pdns[30068]: Notification request to host
68.71.141.22 for domain 'example.com' received<br>
Feb 6 02:18:03 powerdns pdns[30068]: Received unsuccessful
notification report for 'example.com' from 68.71.141.22:53, rcode: 5<br>
Feb 6 02:18:03 powerdns pdns[30068]: Removed from notification
list: 'example.com' to 68.71.141.22:53<br>
<br>
<br>
Please help us in how to configure auto slave notification &
auto axfr on Hidden Master <br>
<br>
<br>
Our pdns.conf as per given below,<br>
<br>
<b>cat /etc/powerdns/pdns.conf</b><br>
# Autogenerated configuration file template<br>
#################################<br>
# add-superfluous-nsec3-for-old-bind Add superfluous NSEC3 record
to positive wildcard response<br>
#<br>
# add-superfluous-nsec3-for-old-bind=yes<br>
<br>
#################################<br>
# allow-axfr-ips Allow zonetransfers only to these subnets<br>
#<br>
allow-axfr-ips= 68.71.141.22, 174.36.24.251<br>
<br>
<br>
#################################<br>
# allow-recursion List of subnets that are allowed to recurse<br>
#<br>
# allow-recursion=0.0.0.0/0<br>
#allow-recursion=127.0.0.1<br>
<br>
#################################<br>
# any-to-tcp Answer ANY queries with tc=1, shunting to TCP<br>
#<br>
# any-to-tcp=no<br>
<br>
#################################<br>
# cache-ttl Seconds to store packets in the PacketCache<br>
#<br>
# cache-ttl=20<br>
<br>
#################################<br>
# chroot If set, chroot to this directory for more security<br>
#<br>
# chroot=./<br>
<br>
#################################<br>
# config-dir Location of configuration directory (pdns.conf)<br>
#<br>
config-dir=/etc/powerdns<br>
<br>
#################################<br>
# config-name Name of this virtual configuration - will rename
the binary image<br>
#<br>
# config-name=<br>
<br>
#################################<br>
# control-console Debugging switch - don't use<br>
#<br>
# control-console=no<br>
<br>
#################################<br>
# daemon Operate as a daemon<br>
#<br>
daemon=yes<br>
<br>
#################################<br>
# default-ksk-algorithms Default KSK algorithms<br>
#<br>
# default-ksk-algorithms=rsasha256<br>
<br>
#################################<br>
# default-ksk-size Default KSK size (0 means default)<br>
#<br>
# default-ksk-size=0<br>
<br>
#################################<br>
# default-soa-mail mail address to insert in the SOA record if
none set in the backend<br>
#<br>
# default-soa-mail=<br>
<br>
#################################<br>
# default-soa-name name to insert in the SOA record if none set
in the backend<br>
#<br>
# default-soa-name=a.misconfigured.powerdns.server<br>
<br>
#################################<br>
# default-ttl Seconds a result is valid if not set otherwise<br>
#<br>
# default-ttl=3600<br>
<br>
#################################<br>
# default-zsk-algorithms Default ZSK algorithms<br>
#<br>
# default-zsk-algorithms=rsasha256<br>
<br>
#################################<br>
# default-zsk-size Default KSK size (0 means default)<br>
#<br>
# default-zsk-size=0<br>
<br>
#################################<br>
# disable-axfr Disable zonetransfers but do allow TCP queries<br>
#<br>
disable-axfr=no<br>
<br>
#################################<br>
# disable-tcp Do not listen to TCP queries<br>
#<br>
disable-tcp=no<br>
<br>
#################################<br>
# distributor-threads Default number of Distributor (backend)
threads to start<br>
#<br>
# distributor-threads=3<br>
<br>
#################################<br>
# do-ipv6-additional-processing Do AAAA additional processing<br>
#<br>
# do-ipv6-additional-processing=yes<br>
<br>
#################################<br>
# edns-subnet-option-number EDNS option number to use<br>
#<br>
# edns-subnet-option-number=20730<br>
<br>
#################################<br>
# edns-subnet-processing If we should act on EDNS Subnet options<br>
#<br>
# edns-subnet-processing=no<br>
<br>
#################################<br>
# entropy-source If set, read entropy from this file<br>
#<br>
# entropy-source=/dev/urandom<br>
<br>
#################################<br>
# experimental-direct-dnskey EXPERIMENTAL: fetch DNSKEY RRs from
backend during DNSKEY synthesis<br>
#<br>
# experimental-direct-dnskey=no<br>
<br>
#################################<br>
# experimental-json-interface If the webserver should serve JSON
data<br>
#<br>
# experimental-json-interface=no<br>
<br>
#################################<br>
# experimental-logfile Filename of the log file for JSON parser<br>
#<br>
# experimental-logfile=/var/log/pdns.log<br>
experimental-logfile=/var/log/pdns.log<br>
#################################<br>
# fancy-records Process URL and MBOXFW records<br>
#<br>
# fancy-records=no<br>
<br>
#################################<br>
# guardian Run within a guardian process<br>
#<br>
# guardian=no<br>
<br>
#################################<br>
# include-dir Include *.conf files from this directory<br>
#<br>
# include-dir=<br>
<br>
#################################<br>
# launch Which backends to launch and order to query them in<br>
#<br>
# launch=<br>
<br>
#################################<br>
# load-modules Load this module - supply absolute or relative
path<br>
#<br>
# load-modules=<br>
<br>
#################################<br>
# local-address Local IP addresses to which we bind<br>
#<br>
#local-address=0.0.0.0<br>
<br>
<br>
#################################<br>
# local-ipv6 Local IP address to which we bind<br>
#<br>
# local-ipv6=<br>
<br>
#################################<br>
# local-port The port on which we listen<br>
#<br>
# local-port=53<br>
<br>
#################################<br>
# log-dns-details If PDNS should log DNS non-erroneous details<br>
#<br>
log-dns-details=on<br>
<br>
#################################<br>
# log-dns-queries If PDNS should log all incoming DNS queries<br>
#<br>
# log-dns-queries=no<br>
<br>
#################################<br>
# log-failed-updates If PDNS should log failed update requests<br>
#<br>
# log-failed-updates=<br>
<br>
#################################<br>
# logging-facility Log under a specific facility<br>
#<br>
# logging-facility=<br>
<br>
#################################<br>
# loglevel Amount of logging. Higher is more. Do not set below 3<br>
#<br>
loglevel=4<br>
<br>
#################################<br>
# lua-prequery-script Lua script with prequery handler<br>
#<br>
# lua-prequery-script=<br>
<br>
#################################<br>
# master Act as a master<br>
#<br>
master=yes<br>
<br>
#################################<br>
# max-cache-entries Maximum number of cache entries<br>
#<br>
# max-cache-entries=1000000<br>
<br>
#################################<br>
# max-ent-entries Maximum number of empty non-terminals in a zone<br>
#<br>
# max-ent-entries=100000<br>
<br>
#################################<br>
# max-queue-length Maximum queuelength before considering
situation lost<br>
#<br>
max-queue-length=5000<br>
<br>
#################################<br>
# max-tcp-connections Maximum number of TCP connections<br>
#<br>
# max-tcp-connections=10<br>
<br>
#################################<br>
# module-dir Default directory for modules<br>
#<br>
# module-dir=/usr/local/lib<br>
<br>
#################################<br>
# negquery-cache-ttl Seconds to store negative query results in
the QueryCache<br>
#<br>
# negquery-cache-ttl=60<br>
<br>
#################################<br>
# no-shuffle Set this to prevent random shuffling of answers -
for regression testing<br>
#<br>
# no-shuffle=off<br>
<br>
#################################<br>
# out-of-zone-additional-processing Do out of zone additional
processing<br>
#<br>
# out-of-zone-additional-processing=yes<br>
<br>
#################################<br>
# overload-queue-length Maximum queuelength moving to packetcache
only<br>
#<br>
# overload-queue-length=0<br>
<br>
#################################<br>
# pipebackend-abi-version Version of the pipe backend ABI<br>
#<br>
# pipebackend-abi-version=1<br>
<br>
#################################<br>
# prevent-self-notification Don't send notifications to what we
think is ourself<br>
#<br>
# prevent-self-notification=yes<br>
<br>
#################################<br>
# query-cache-ttl Seconds to store query results in the
QueryCache<br>
#<br>
# query-cache-ttl=20<br>
<br>
#################################<br>
# query-local-address Source IP address for sending queries<br>
#<br>
# query-local-address=0.0.0.0<br>
<br>
#################################<br>
# query-local-address6 Source IPv6 address for sending queries<br>
#<br>
# query-local-address6=::1<br>
query-local-address6=<br>
<br>
#################################<br>
# query-logging Hint backends that queries should be logged<br>
#<br>
#query-logging=yes<br>
<br>
#################################<br>
# queue-limit Maximum number of milliseconds to queue a query<br>
#<br>
# queue-limit=1500<br>
<br>
#################################<br>
# receiver-threads Default number of receiver threads to start<br>
#<br>
# receiver-threads=1<br>
<br>
#################################<br>
# recursive-cache-ttl Seconds to store packets for recursive
queries in the PacketCache<br>
#<br>
# recursive-cache-ttl=10<br>
<br>
#################################<br>
# recursor If recursion is desired, IP address of a recursing
nameserver<br>
#<br>
#recursor=38.126.54.11<br>
<br>
#################################<br>
# retrieval-threads Number of AXFR-retrieval threads for slave
operation<br>
#<br>
# retrieval-threads=2<br>
<br>
#################################<br>
# send-root-referral Send out old-fashioned root-referral instead
of ServFail in case of no authority<br>
#<br>
# send-root-referral=no<br>
<br>
#################################<br>
# server-id Returned when queried for 'server.id' TXT or NSID,
defaults to hostname<br>
#<br>
# server-id=<br>
<br>
#################################<br>
# setgid If set, change group id to this gid for more security<br>
#<br>
# setgid=<br>
<br>
#################################<br>
# setuid If set, change user id to this uid for more security<br>
#<br>
# setuid=<br>
<br>
#################################<br>
# signing-threads Default number of signer threads to start<br>
#<br>
# signing-threads=3<br>
<br>
#################################<br>
# slave Act as a slave<br>
#<br>
# slave=no<br>
<br>
#################################<br>
# slave-cycle-interval Reschedule failed SOA serial checks once
every .. seconds<br>
#<br>
# slave-cycle-interval=60<br>
<br>
#################################<br>
# slave-renotify If we should send out notifications for slaved
updates<br>
#<br>
# slave-renotify=no<br>
<br>
#################################<br>
# smtpredirector Our smtpredir MX host<br>
#<br>
# smtpredirector=a.misconfigured.powerdns.smtp.server<br>
<br>
#################################<br>
# soa-expire-default Default SOA expire<br>
#<br>
# soa-expire-default=604800<br>
<br>
#################################<br>
# soa-minimum-ttl Default SOA minimum ttl<br>
#<br>
# soa-minimum-ttl=3600<br>
<br>
#################################<br>
# soa-refresh-default Default SOA refresh<br>
#<br>
# soa-refresh-default=10800<br>
<br>
#################################<br>
# soa-retry-default Default SOA retry<br>
#<br>
# soa-retry-default=3600<br>
<br>
#################################<br>
# soa-serial-offset Make sure that no SOA serial is less than
this number<br>
#<br>
# soa-serial-offset=0<br>
<br>
#################################<br>
# socket-dir Where the controlsocket will live<br>
#<br>
# socket-dir=/var/run<br>
<br>
#################################<br>
# tcp-control-address If set, PowerDNS can be controlled over TCP
on this address<br>
#<br>
# tcp-control-address=<br>
<br>
#################################<br>
# tcp-control-port If set, PowerDNS can be controlled over TCP on
this address<br>
#<br>
# tcp-control-port=53000<br>
<br>
#################################<br>
# tcp-control-range If set, remote control of PowerDNS is
possible over these networks only<br>
#<br>
# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16,
172.16.0.0/12, ::1/128, fe80::/10<br>
<br>
#################################<br>
# tcp-control-secret If set, PowerDNS can be controlled over TCP
after passing this secret<br>
#<br>
# tcp-control-secret=<br>
<br>
#################################<br>
# traceback-handler Enable the traceback handler (Linux only)<br>
#<br>
# traceback-handler=yes<br>
<br>
#################################<br>
# trusted-notification-proxy IP address of incoming notification
proxy<br>
#<br>
# trusted-notification-proxy=<br>
<br>
#################################<br>
# urlredirector Where we send hosts to that need to be url
redirected<br>
#<br>
# urlredirector=127.0.0.1<br>
<br>
#################################<br>
# version-string PowerDNS version in packets - full, anonymous,
powerdns or custom<br>
#<br>
# version-string=full<br>
<br>
#################################<br>
# webserver Start a webserver for monitoring<br>
#<br>
# webserver=no<br>
<br>
#################################<br>
# webserver-address IP Address of webserver to listen on<br>
#<br>
# webserver-address=127.0.0.1<br>
<br>
#################################<br>
# webserver-password Password required for accessing the
webserver<br>
#<br>
# webserver-password=<br>
<br>
#################################<br>
# webserver-port Port of webserver to listen on<br>
#<br>
# webserver-port=8081<br>
<br>
#################################<br>
# webserver-print-arguments If the webserver should print
arguments<br>
#<br>
# webserver-print-arguments=no<br>
<br>
#################################<br>
# wildcard-url Process URL and MBOXFW records<br>
#<br>
wildcard-url=yes<br>
##################################<br>
module-dir=/usr/lib64<br>
socket-dir=/var/run/pdns-server<br>
setuid=powerdns<br>
setgid=powerdns<br>
launch=gmysql<br>
gmysql-host=127.0.0.1<br>
gmysql-user=powerdns<br>
gmysql-password=xxxx<br>
gmysql-dbname=xxxx<br>
<br>
<br>
<br>
<br>
Kindly suggest us or give steps which requires in conf file of pdns
for setting up Hidden Master DNS server.<br>
<pre wrap="">Awaiting your kind reply.
Thanks</pre>
<br>
<br>
On 02/06/2014 12:05 PM, sajid-gmail wrote:
<blockquote cite="mid:52F32D4C.5060808@gmail.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<br>
Hello,<br>
<br>
I have installed PowerDNS Authoritative Server 3.3 on centos.<br>
<br>
when I allow axfr IPs in master then I got follwing below Error,<br>
<br>
Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
notify to [2607:f0d0:1004:82::4]:53: Network is unreachable<br>
Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
notify to [2607:f0d0:3001:90::4]:53: Network is unreachable<br>
Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
notify to [2607:fc88:1001:1::4]:53: Network is unreachable<br>
Feb 5 22:25:30 powerdns pdns[18815]: Query: select
id,name,master,last_check,type from domains where type='SLAVE'<br>
Feb 5 22:25:30 powerdns pdns[18815]: Query: select
id,name,master,last_check,notified_serial,type from domains where
type='MASTER'<br>
Feb 5 22:25:30 powerdns pdns[18815]: Query: select
content,ttl,prio,type,domain_id,name from records where type='SOA'
and name='cybermaxsolutions.com'<br>
Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
notify to [2607:f0d0:1004:82::4]:53: Network is unreachable<br>
Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
notify to [2607:f0d0:3001:90::4]:53: Network is unreachable<br>
Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
notify to [2607:fc88:1001:1::4]:53: <b>Network is unreachable</b><br>
<br>
<br>
Note : x:x:x:x::x (IPv6 address)<br>
<br>
AXFR setting in master:<br>
cat /etc/powerdns/pdns.conf | grep -v "#" | grep axfr<br>
allow-axfr-ips= 192.168.0.1 192.168.1.11<br>
disable-axfr=no<br>
<br>
Why it is go for IPv6 ip which I am not mentioned in axfr
settings,<br>
Why I got "<b>Network is unreachable</b>"<br>
<br>
Please help me or give me some steps to resolve this issue.<br>
Please share me with some links that are usefull in this kind of
issue,<br>
Or let me know How to stop ipv6 setting in pdns.conf. <br>
<br>
<br>
Awaiting your kind reply.<br>
<br>
Thanks<br>
<br>
</blockquote>
<br>
</body>
</html>