<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
Thanks for your good support,<br>
Now, we disabled the IPV6 notification issue,<br>
<br>
But still we got below error,<br>
<br>
FebÃÂ 6 01:54:36 powerdns pdns[28933]: <b>Received unsuccessful</b>
notification report for 'example.com' from x.x.x.x:53, rcode: 4<br>
<br>
<br>
Also, <br>
<br>
We would like to mentioned that we had setup Powerdns as a hidden
master,<br>
& when we notified to our slave DNS server from our Master using
below commands then our Master servers sent notification to all the
real Name servers of the domain which we have not define or specify
in pdns.conf of hidden master server.<br>
<br>
allow-axfr-ips= 68.71.141.22 174.36.24.251<br>
disable-axfr=no<br>
<br>
<br>
Command that we fired on Master:<br>
------------------------------------<br>
<b>pdns_control notify example .com</b><br>
pdns_control notify-host example.com 68.71.141.22<br>
pdns_control notify-host example.com 174.36.24.251<br>
<br>
<br>
But still received unsuccessful notification that you can see in
below log:<br>
FebÃÂ 6 02:18:02 powerdns pdns[30068]: Notification request to host
68.71.141.22 for domain 'example.com' received<br>
FebÃÂ 6 02:18:03 powerdns pdns[30068]: Received unsuccessful
notification report for 'example.com' from 68.71.141.22:53, rcode: 5<br>
FebÃÂ 6 02:18:03 powerdns pdns[30068]: Removed from notification
list: 'example.com' to 68.71.141.22:53<br>
<br>
<br>
Please help us in how to configure auto slave notification &
auto axfr on Hidden Master <br>
<br>
<br>
Our pdns.conf as per given below,<br>
<br>
<b>cat /etc/powerdns/pdns.conf</b><br>
# Autogenerated configuration file template<br>
#################################<br>
# add-superfluous-nsec3-for-old-bindÃÂ ÃÂ ÃÂ Add superfluous NSEC3 record
to positive wildcard response<br>
#<br>
# add-superfluous-nsec3-for-old-bind=yes<br>
<br>
#################################<br>
# allow-axfr-ipsÃÂ ÃÂ ÃÂ Allow zonetransfers only to these subnets<br>
#<br>
allow-axfr-ips= 68.71.141.22, 174.36.24.251<br>
<br>
<br>
#################################<br>
# allow-recursionÃÂ ÃÂ ÃÂ List of subnets that are allowed to recurse<br>
#<br>
# allow-recursion=0.0.0.0/0<br>
#allow-recursion=127.0.0.1<br>
<br>
#################################<br>
# any-to-tcpÃÂ ÃÂ ÃÂ Answer ANY queries with tc=1, shunting to TCP<br>
#<br>
# any-to-tcp=no<br>
<br>
#################################<br>
# cache-ttlÃÂ ÃÂ ÃÂ Seconds to store packets in the PacketCache<br>
#<br>
# cache-ttl=20<br>
<br>
#################################<br>
# chrootÃÂ ÃÂ ÃÂ If set, chroot to this directory for more security<br>
#<br>
# chroot=./<br>
<br>
#################################<br>
# config-dirÃÂ ÃÂ ÃÂ Location of configuration directory (pdns.conf)<br>
#<br>
ÃÂ config-dir=/etc/powerdns<br>
<br>
#################################<br>
# config-nameÃÂ ÃÂ ÃÂ Name of this virtual configuration - will rename
the binary image<br>
#<br>
# config-name=<br>
<br>
#################################<br>
# control-consoleÃÂ ÃÂ ÃÂ Debugging switch - don't use<br>
#<br>
# control-console=no<br>
<br>
#################################<br>
# daemonÃÂ ÃÂ ÃÂ Operate as a daemon<br>
#<br>
daemon=yes<br>
<br>
#################################<br>
# default-ksk-algorithmsÃÂ ÃÂ ÃÂ Default KSK algorithms<br>
#<br>
# default-ksk-algorithms=rsasha256<br>
<br>
#################################<br>
# default-ksk-sizeÃÂ ÃÂ ÃÂ Default KSK size (0 means default)<br>
#<br>
# default-ksk-size=0<br>
<br>
#################################<br>
# default-soa-mailÃÂ ÃÂ ÃÂ mail address to insert in the SOA record if
none set in the backend<br>
#<br>
# default-soa-mail=<br>
<br>
#################################<br>
# default-soa-nameÃÂ ÃÂ ÃÂ name to insert in the SOA record if none set
in the backend<br>
#<br>
# default-soa-name=a.misconfigured.powerdns.server<br>
<br>
#################################<br>
# default-ttlÃÂ ÃÂ ÃÂ Seconds a result is valid if not set otherwise<br>
#<br>
# default-ttl=3600<br>
<br>
#################################<br>
# default-zsk-algorithmsÃÂ ÃÂ ÃÂ Default ZSK algorithms<br>
#<br>
# default-zsk-algorithms=rsasha256<br>
<br>
#################################<br>
# default-zsk-sizeÃÂ ÃÂ ÃÂ Default KSK size (0 means default)<br>
#<br>
# default-zsk-size=0<br>
<br>
#################################<br>
# disable-axfrÃÂ ÃÂ ÃÂ Disable zonetransfers but do allow TCP queries<br>
#<br>
disable-axfr=no<br>
<br>
#################################<br>
# disable-tcpÃÂ ÃÂ ÃÂ Do not listen to TCP queries<br>
#<br>
disable-tcp=no<br>
<br>
#################################<br>
# distributor-threadsÃÂ ÃÂ ÃÂ Default number of Distributor (backend)
threads to start<br>
#<br>
# distributor-threads=3<br>
<br>
#################################<br>
# do-ipv6-additional-processingÃÂ ÃÂ ÃÂ Do AAAA additional processing<br>
#<br>
# do-ipv6-additional-processing=yes<br>
<br>
#################################<br>
# edns-subnet-option-numberÃÂ ÃÂ ÃÂ EDNS option number to use<br>
#<br>
# edns-subnet-option-number=20730<br>
<br>
#################################<br>
# edns-subnet-processingÃÂ ÃÂ ÃÂ If we should act on EDNS Subnet options<br>
#<br>
# edns-subnet-processing=no<br>
<br>
#################################<br>
# entropy-sourceÃÂ ÃÂ ÃÂ If set, read entropy from this file<br>
#<br>
# entropy-source=/dev/urandom<br>
<br>
#################################<br>
# experimental-direct-dnskeyÃÂ ÃÂ ÃÂ EXPERIMENTAL: fetch DNSKEY RRs from
backend during DNSKEY synthesis<br>
#<br>
# experimental-direct-dnskey=no<br>
<br>
#################################<br>
# experimental-json-interfaceÃÂ ÃÂ ÃÂ If the webserver should serve JSON
data<br>
#<br>
# experimental-json-interface=no<br>
<br>
#################################<br>
# experimental-logfileÃÂ ÃÂ ÃÂ Filename of the log file for JSON parser<br>
#<br>
# experimental-logfile=/var/log/pdns.log<br>
experimental-logfile=/var/log/pdns.log<br>
#################################<br>
# fancy-recordsÃÂ ÃÂ ÃÂ Process URL and MBOXFW records<br>
#<br>
# fancy-records=no<br>
<br>
#################################<br>
# guardianÃÂ ÃÂ ÃÂ Run within a guardian process<br>
#<br>
# guardian=no<br>
<br>
#################################<br>
# include-dirÃÂ ÃÂ ÃÂ Include *.conf files from this directory<br>
#<br>
# include-dir=<br>
<br>
#################################<br>
# launchÃÂ ÃÂ ÃÂ Which backends to launch and order to query them in<br>
#<br>
# launch=<br>
<br>
#################################<br>
# load-modulesÃÂ ÃÂ ÃÂ Load this module - supply absolute or relative
path<br>
#<br>
# load-modules=<br>
<br>
#################################<br>
# local-addressÃÂ ÃÂ ÃÂ Local IP addresses to which we bind<br>
#<br>
#local-address=0.0.0.0<br>
<br>
<br>
#################################<br>
# local-ipv6ÃÂ ÃÂ ÃÂ Local IP address to which we bind<br>
#<br>
# local-ipv6=<br>
<br>
#################################<br>
# local-portÃÂ ÃÂ ÃÂ The port on which we listen<br>
#<br>
# local-port=53<br>
<br>
#################################<br>
# log-dns-detailsÃÂ ÃÂ ÃÂ If PDNS should log DNS non-erroneous details<br>
#<br>
log-dns-details=on<br>
<br>
#################################<br>
# log-dns-queriesÃÂ ÃÂ ÃÂ If PDNS should log all incoming DNS queries<br>
#<br>
# log-dns-queries=no<br>
<br>
#################################<br>
# log-failed-updatesÃÂ ÃÂ ÃÂ If PDNS should log failed update requests<br>
#<br>
# log-failed-updates=<br>
<br>
#################################<br>
# logging-facilityÃÂ ÃÂ ÃÂ Log under a specific facility<br>
#<br>
# logging-facility=<br>
<br>
#################################<br>
# loglevelÃÂ ÃÂ ÃÂ Amount of logging. Higher is more. Do not set below 3<br>
#<br>
loglevel=4<br>
<br>
#################################<br>
# lua-prequery-scriptÃÂ ÃÂ ÃÂ Lua script with prequery handler<br>
#<br>
# lua-prequery-script=<br>
<br>
#################################<br>
# masterÃÂ ÃÂ ÃÂ Act as a master<br>
#<br>
master=yes<br>
<br>
#################################<br>
# max-cache-entriesÃÂ ÃÂ ÃÂ Maximum number of cache entries<br>
#<br>
# max-cache-entries=1000000<br>
<br>
#################################<br>
# max-ent-entriesÃÂ ÃÂ ÃÂ Maximum number of empty non-terminals in a zone<br>
#<br>
# max-ent-entries=100000<br>
<br>
#################################<br>
# max-queue-lengthÃÂ ÃÂ ÃÂ Maximum queuelength before considering
situation lost<br>
#<br>
max-queue-length=5000<br>
<br>
#################################<br>
# max-tcp-connectionsÃÂ ÃÂ ÃÂ Maximum number of TCP connections<br>
#<br>
# max-tcp-connections=10<br>
<br>
#################################<br>
# module-dirÃÂ ÃÂ ÃÂ Default directory for modules<br>
#<br>
# module-dir=/usr/local/lib<br>
<br>
#################################<br>
# negquery-cache-ttlÃÂ ÃÂ ÃÂ Seconds to store negative query results in
the QueryCache<br>
#<br>
# negquery-cache-ttl=60<br>
<br>
#################################<br>
# no-shuffleÃÂ ÃÂ ÃÂ Set this to prevent random shuffling of answers -
for regression testing<br>
#<br>
# no-shuffle=off<br>
<br>
#################################<br>
# out-of-zone-additional-processingÃÂ ÃÂ ÃÂ Do out of zone additional
processing<br>
#<br>
# out-of-zone-additional-processing=yes<br>
<br>
#################################<br>
# overload-queue-lengthÃÂ ÃÂ ÃÂ Maximum queuelength moving to packetcache
only<br>
#<br>
# overload-queue-length=0<br>
<br>
#################################<br>
# pipebackend-abi-versionÃÂ ÃÂ ÃÂ Version of the pipe backend ABI<br>
#<br>
# pipebackend-abi-version=1<br>
<br>
#################################<br>
# prevent-self-notificationÃÂ ÃÂ ÃÂ Don't send notifications to what we
think is ourself<br>
#<br>
# prevent-self-notification=yes<br>
<br>
#################################<br>
# query-cache-ttlÃÂ ÃÂ ÃÂ Seconds to store query results in the
QueryCache<br>
#<br>
# query-cache-ttl=20<br>
<br>
#################################<br>
# query-local-addressÃÂ ÃÂ ÃÂ Source IP address for sending queries<br>
#<br>
# query-local-address=0.0.0.0<br>
<br>
#################################<br>
# query-local-address6ÃÂ ÃÂ ÃÂ Source IPv6 address for sending queries<br>
#<br>
# query-local-address6=::1<br>
query-local-address6=<br>
<br>
#################################<br>
# query-loggingÃÂ ÃÂ ÃÂ Hint backends that queries should be logged<br>
#<br>
#query-logging=yes<br>
<br>
#################################<br>
# queue-limitÃÂ ÃÂ ÃÂ Maximum number of milliseconds to queue a query<br>
#<br>
# queue-limit=1500<br>
<br>
#################################<br>
# receiver-threadsÃÂ ÃÂ ÃÂ Default number of receiver threads to start<br>
#<br>
# receiver-threads=1<br>
<br>
#################################<br>
# recursive-cache-ttlÃÂ ÃÂ ÃÂ Seconds to store packets for recursive
queries in the PacketCache<br>
#<br>
# recursive-cache-ttl=10<br>
<br>
#################################<br>
# recursorÃÂ ÃÂ ÃÂ If recursion is desired, IP address of a recursing
nameserver<br>
#<br>
#recursor=38.126.54.11<br>
<br>
#################################<br>
# retrieval-threadsÃÂ ÃÂ ÃÂ Number of AXFR-retrieval threads for slave
operation<br>
#<br>
# retrieval-threads=2<br>
<br>
#################################<br>
# send-root-referralÃÂ ÃÂ ÃÂ Send out old-fashioned root-referral instead
of ServFail in case of no authority<br>
#<br>
# send-root-referral=no<br>
<br>
#################################<br>
# server-idÃÂ ÃÂ ÃÂ Returned when queried for 'server.id' TXT or NSID,
defaults to hostname<br>
#<br>
# server-id=<br>
<br>
#################################<br>
# setgidÃÂ ÃÂ ÃÂ If set, change group id to this gid for more security<br>
#<br>
# setgid=<br>
<br>
#################################<br>
# setuidÃÂ ÃÂ ÃÂ If set, change user id to this uid for more security<br>
#<br>
# setuid=<br>
<br>
#################################<br>
# signing-threadsÃÂ ÃÂ ÃÂ Default number of signer threads to start<br>
#<br>
# signing-threads=3<br>
<br>
#################################<br>
# slaveÃÂ ÃÂ ÃÂ Act as a slave<br>
#<br>
# slave=no<br>
<br>
#################################<br>
# slave-cycle-intervalÃÂ ÃÂ ÃÂ Reschedule failed SOA serial checks once
every .. seconds<br>
#<br>
# slave-cycle-interval=60<br>
<br>
#################################<br>
# slave-renotifyÃÂ ÃÂ ÃÂ If we should send out notifications for slaved
updates<br>
#<br>
# slave-renotify=no<br>
<br>
#################################<br>
# smtpredirectorÃÂ ÃÂ ÃÂ Our smtpredir MX host<br>
#<br>
# smtpredirector=a.misconfigured.powerdns.smtp.server<br>
<br>
#################################<br>
# soa-expire-defaultÃÂ ÃÂ ÃÂ Default SOA expire<br>
#<br>
# soa-expire-default=604800<br>
<br>
#################################<br>
# soa-minimum-ttlÃÂ ÃÂ ÃÂ Default SOA minimum ttl<br>
#<br>
# soa-minimum-ttl=3600<br>
<br>
#################################<br>
# soa-refresh-defaultÃÂ ÃÂ ÃÂ Default SOA refresh<br>
#<br>
# soa-refresh-default=10800<br>
<br>
#################################<br>
# soa-retry-defaultÃÂ ÃÂ ÃÂ Default SOA retry<br>
#<br>
# soa-retry-default=3600<br>
<br>
#################################<br>
# soa-serial-offsetÃÂ ÃÂ ÃÂ Make sure that no SOA serial is less than
this number<br>
#<br>
# soa-serial-offset=0<br>
<br>
#################################<br>
# socket-dirÃÂ ÃÂ ÃÂ Where the controlsocket will live<br>
#<br>
# socket-dir=/var/run<br>
<br>
#################################<br>
# tcp-control-addressÃÂ ÃÂ ÃÂ If set, PowerDNS can be controlled over TCP
on this address<br>
#<br>
# tcp-control-address=<br>
<br>
#################################<br>
# tcp-control-portÃÂ ÃÂ ÃÂ If set, PowerDNS can be controlled over TCP on
this address<br>
#<br>
# tcp-control-port=53000<br>
<br>
#################################<br>
# tcp-control-rangeÃÂ ÃÂ ÃÂ If set, remote control of PowerDNS is
possible over these networks only<br>
#<br>
# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16,
172.16.0.0/12, ::1/128, fe80::/10<br>
<br>
#################################<br>
# tcp-control-secretÃÂ ÃÂ ÃÂ If set, PowerDNS can be controlled over TCP
after passing this secret<br>
#<br>
# tcp-control-secret=<br>
<br>
#################################<br>
# traceback-handlerÃÂ ÃÂ ÃÂ Enable the traceback handler (Linux only)<br>
#<br>
# traceback-handler=yes<br>
<br>
#################################<br>
# trusted-notification-proxyÃÂ ÃÂ ÃÂ IP address of incoming notification
proxy<br>
#<br>
# trusted-notification-proxy=<br>
<br>
#################################<br>
# urlredirectorÃÂ ÃÂ ÃÂ Where we send hosts to that need to be url
redirected<br>
#<br>
# urlredirector=127.0.0.1<br>
<br>
#################################<br>
# version-stringÃÂ ÃÂ ÃÂ PowerDNS version in packets - full, anonymous,
powerdns or custom<br>
#<br>
# version-string=full<br>
<br>
#################################<br>
# webserverÃÂ ÃÂ ÃÂ Start a webserver for monitoring<br>
#<br>
# webserver=no<br>
<br>
#################################<br>
# webserver-addressÃÂ ÃÂ ÃÂ IP Address of webserver to listen on<br>
#<br>
# webserver-address=127.0.0.1<br>
<br>
#################################<br>
# webserver-passwordÃÂ ÃÂ ÃÂ Password required for accessing the
webserver<br>
#<br>
# webserver-password=<br>
<br>
#################################<br>
# webserver-portÃÂ ÃÂ ÃÂ Port of webserver to listen on<br>
#<br>
# webserver-port=8081<br>
<br>
#################################<br>
# webserver-print-argumentsÃÂ ÃÂ ÃÂ If the webserver should print
arguments<br>
#<br>
# webserver-print-arguments=no<br>
<br>
#################################<br>
# wildcard-urlÃÂ ÃÂ ÃÂ Process URL and MBOXFW records<br>
#<br>
wildcard-url=yes<br>
##################################<br>
module-dir=/usr/lib64<br>
socket-dir=/var/run/pdns-server<br>
setuid=powerdns<br>
setgid=powerdns<br>
launch=gmysql<br>
gmysql-host=127.0.0.1<br>
gmysql-user=powerdns<br>
gmysql-password=xxxx<br>
gmysql-dbname=xxxx<br>
<br>
<br>
<br>
<br>
Kindly suggest us or give steps which requires in conf file of pdns
for setting up Hidden Master DNS server.<br>
<pre wrap="">Awaiting your kind reply.
Thanks</pre>
<br>
<br>
<br>
<br>
<br>
<br>
On 02/06/2014 03:11 PM, Aki Tuomi wrote:
<blockquote cite="mid:20140206094116.GC10044@pi.ip.fi" type="cite">
<pre wrap="">On Thu, Feb 06, 2014 at 12:05:56PM +0530, sajid-gmail wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello,
I have installed PowerDNS Authoritative Server 3.3 on centos.
when I allow axfr IPs in master then I got follwing below Error,
Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
notify to [2607:fc88:1001:1::4]:53: Network is unreachable
Feb 5 22:25:30 powerdns pdns[18815]: Query: select
id,name,master,last_check,type from domains where type='SLAVE'
Feb 5 22:25:30 powerdns pdns[18815]: Query: select
id,name,master,last_check,notified_serial,type from domains where
type='MASTER'
Feb 5 22:25:30 powerdns pdns[18815]: Query: select
content,ttl,prio,type,domain_id,name from records where type='SOA'
and name='example.com'
Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
notify to [2607:fc88:1001:1::4]:53: *Network is unreachable*
</pre>
</blockquote>
<pre wrap="">You are using IPv6 for notifications, set query-local-address6= to disable this
(yes, leave it empty)
Or fix your IPv6 routing.
</pre>
<blockquote type="cite">
<pre wrap="">Note : x:x:x:x::x (IPv6 address)
AXFR setting in master:
cat /etc/powerdns/pdns.conf | grep -v "#" | grep axfr
allow-axfr-ips= 192.168.0.1 192.168.1.11
disable-axfr=no
Why it is go for IPv6 ip which I am not mentioned in axfr settings,
Why I got "*Network is unreachable*"
Please help me or give me some steps to resolve this issue.
Please share me with some links that are usefull in this kind of issue,
Or let me know How to stop ipv6 setting in pdns.conf.
Awaiting your kind reply.
Thanks
</pre>
</blockquote>
<blockquote type="cite">
<pre wrap="">_______________________________________________
Pdns-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pdns-users@mailman.powerdns.com">Pdns-users@mailman.powerdns.com</a>
<a class="moz-txt-link-freetext" href="http://mailman.powerdns.com/mailman/listinfo/pdns-users">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a>
</pre>
</blockquote>
</blockquote>
<br>
<br>
</body>
</html>