<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
FYI, there are many ways to transfer the data from one DNS auth server into pdns. This method should work with any type of DNS master and is pretty simple to do without having to do direct database inserts that are tough to understand when first learning PowerDNS.
Later on when PowerDNS has been running for a while and one understands the database layout better, direct database updates are a very powerful/flexible way to manage the data along with using the PowerDNS API.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="font-family: calibri, arial, helvetica, sans-serif; text-align: left; background-color: rgb(255, 255, 255); display: inline !important">Note: The pdns server will be a hidden DNS server temporarily until you are ready for step #8.</span><br>
</div>
<div style="font-size: 12pt; color: rgb(0, 0, 0);">
<ol style="font-family: Calibri, Arial, Helvetica, sans-serif;">
<li style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Setup your new PowerDNS Auth server as a superslave to the mydns supermaster server (add the master IP to the supermasters table and enable slave=yes in the pdns.conf). Set master=yes in the pdns.conf as well to be ready for #8 below.</li><li style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Set the pdns server hostname to match the mydns server or set the pdns.conf "server-id" to match the mydns server or one of the other NS records. This will allow pdns to respond to the supermaster's NOTIFY and auto-provision the zone. If the hostname or server-id
doesn't match any of the NS records, the NOTIFY will be ignored.<br>
</li><li style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Set the mydns server to also-notify the pdns server IP address.</li><li style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Create a script to send a NOTIFY from the mydns server to all slaves or just the pdns server if that is an option. This depends on the features/flexibility of the DNS server but it could be an update to the serial, add a dummy record then remove it, or any
other way that DNS server supports sending a NOTIFY to slaves. The pdns equivalent to this is:<br>
pdns_control notify <domain> (or)<br>
pdns_control notify-host <domain> <host></li><li style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Watch the pdns logs while running the script from #4:<br>
journalctl -fu pdns (or)<br>
tail -f /var/log/<pdns log file></li><li style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
If all of the setup details are correct from #1-#3 above, you should have a fully populated pdns master. If not, check the logs and adjust accordingly. You may want to blast the pdns backend database and recreate each time until a good run fully populates
all domains and records without errors.</li><li style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Use <a href="https://github.com/joemiller/dns_compare">https://github.com/joemiller/dns_compare</a> to check pdns against the mydns server.</li><li style="font-family: calibri, arial, helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
When ready to go live, swap the IPs to make the PDNS the active master, correct/remove the "server-id" in the pdns.conf, update the domains "type" from SLAVE to either MASTER or NATIVE depending on how you have slaves configured.<br>
In a pure PowerDNS environment with database replication handling updates to slaves, this would be NATIVE. If you have any traditional master/slaves using NOTIFY (including pdns slaves not using database replication), then this would be set to MASTER. Note
that this can be mixed per domain (obviously since this field in the database is per domain) but I wanted to point this out so the pdns master could also be a slave for some partner zones. This is very powerful/flexible when you have hidden masters that manage
some/most of the domains but you also want to be able to be a slave to other masters for other domains/zones.</li></ol>
<div style=""><font face="calibri, arial, helvetica, sans-serif">Dave</font></div>
</div>
<div>
<div id="appendonsend"></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Pdns-users <pdns-users-bounces@mailman.powerdns.com> on behalf of Rob Campbell <rob.j.campbell@gmail.com><br>
<b>Sent:</b> Thursday, February 7, 2019 11:33 AM<br>
<b>To:</b> pdns-users@mailman.powerdns.com<br>
<b>Subject:</b> Re: [Pdns-users] Help with mydns backend</font>
<div> </div>
</div>
<div>
<div dir="ltr">
<div>Thanks, at least I know it's not something silly I've done! I'd prefer to move to the generic database backend as well but the plan was to use the mydns backend to switch over quickly then migrate to the generic backend later. Maybe we'll have to skip
the mydns backend and get our data migrated.</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Rob.<br>
</div>
<div><br>
</div>
</div>
<br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Thu, 7 Feb 2019 at 17:22, Vincent Hoffman-Kazlauskas <<a href="mailto:vince@unsane.co.uk">vince@unsane.co.uk</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
We've actually seen similar at work as we're currently running on<br>
pdns-3.4.10 and want to move to a supported version. I haven't raised it<br>
here as the decision was made to move to the gmysql backend, then<br>
upgrade so we got the the extra features such as DNSSEC.<br>
<br>
Sorry its not very helpful but I thought better a me too than silence.<br>
I might be able to persuade them to test/provide data if needed, but no<br>
promises.<br>
<br>
Vince<br>
<br>
On 07/02/2019 17:11, Rob Campbell wrote:<br>
> Hi,<br>
> <br>
> I'm trying to switch from mydns-ng to powerdns 4.1.6 with the mydns<br>
> backend. It seems to be working fine on my quietest nameserver but on a<br>
> busy one it starts returning REFUSED to queries after a few minutes and<br>
> I can't work out why as it's not logging any errors. I tried setting<br>
> loglevel=6 and still didn't get anything logged. How can I get some logs<br>
> showing why it's returning REFUSED?<br>
> Seems like we ramp up to over 70 TCP connections quite quickly and we're<br>
> fine at first but once we hit that many either the backend can't keep up<br>
> or we're hitting some limit I've not found.<br>
> <br>
> Config is:<br>
> <br>
> launch=<br>
> security-poll-suffix=<br>
> server-id=<br>
> include-dir=/etc/powerdns/pdns.d<br>
> setgid=pdns<br>
> setuid=pdns<br>
> version-string=anonymous<br>
> max-tcp-connections=1024<br>
> receiver-threads=8<br>
> reuseport=yes<br>
> cache-ttl=60<br>
> loglevel=6<br>
> launch+=mydns<br>
> mydns-soa-active=no<br>
> mydns-rr-active=no<br>
> <br>
> Can anyone help me work out why it's refusing queries?<br>
> <br>
> Kind regards,<br>
> Rob Campbell.<br>
> <br>
> _______________________________________________<br>
> Pdns-users mailing list<br>
> <a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a><br>
> <a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" rel="noreferrer" target="_blank">
https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
> <br>
_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a><br>
<a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" rel="noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
</blockquote>
</div>
</div>
</div>
</body>
</html>