<div dir="ltr">
see my remark above - do you really want your PDNS server to notify your<br><div>
Bind?</div><div><br></div><div><span style="color:rgb(255,0,0)">The reason why we want PDNS(slave) to update BIND is that it has a GUI and we will be making use of it to update records to BIND</span></div><div><span style="color:rgb(255,0,0)"><br></span></div><div><span style="color:rgb(255,0,0)">So what we require is to update Bind from PDNS,i take it the confusion comes where im also updating PDNS from BIND?</span><br></div><div><span class="gmail-im"></span></div><div><span class="gmail-im"></span></div>
</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Feb 18, 2019 at 9:39 AM Nico CARTRON <<a href="mailto:nicolas@ncartron.org">nicolas@ncartron.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Tshepo, <br>
<br>
(please reply to the list, not only myself, as having the history is<br>
useful e.g. for archives, but also as other people can then answer).<br>
<br>
your configuration is kind of weird, as you have your PDNS Auth sending<br>
notifies to the master - unless you want to use DNS updates to PDNS, and<br>
send them back to Bind?<br>
I don't think that's the case, given what you said earlier.<br>
<br>
What would be interesting as well, would be to have logs for both Bind<br>
and PDNS roughly at the same time, when Bind tries to notify PDNS.<br>
<br>
Comments in-line below for the rest.<br>
<br>
Cheers,<br>
Nico<br>
<br>
On 18-Feb-2019 07:17 CET, <<a href="mailto:hyacinthmsimango@gmail.com" target="_blank">hyacinthmsimango@gmail.com</a>> wrote:<br>
<br>
> Hi Nico<br>
> <br>
> That would not be a problem, please see the below for pdns(slave) & bind<br>
> (master)<br>
> <br>
> PDNS CONF:<br>
> <br>
> allow-axfr-ips=10.200.1.12<br>
> <br>
> allow-dnsupdate-from=10.200.1.12<br>
<br>
not sure this is needed, since you're already doing XFR from this Bind<br>
server.<br>
<br>
> allow-notify-from=10.200.1.12<br>
> <br>
> allow-unsigned-notify=yes<br>
> <br>
> allow-unsigned-supermaster=yes<br>
> <br>
> also-notify=10.200.1.12<br>
<br>
see my remark above - do you really want your PDNS server to notify your<br>
Bind?<br>
<br>
> api=yes<br>
> <br>
> api-key=changeme<br>
> <br>
> config-dir=/etc/pdns<br>
> <br>
> disable-axfr=no<br>
> <br>
> disable-tcp=yes<br>
> <br>
> distributor-threads=10<br>
> <br>
> dnsupdate=yes<br>
> <br>
> forward-dnsupdate=yes<br>
> <br>
> forward-notify=10.200.1.12<br>
<br>
same remark as above.<br>
<br>
> local-address=0.0.0.0<br>
<br>
Please see<br>
<a href="https://doc.powerdns.com/authoritative/settings.html#local-address" rel="noreferrer" target="_blank">https://doc.powerdns.com/authoritative/settings.html#local-address</a><br>
it is advised to bind to specific IP addresses - in your case,<br>
10.200.1.12<br>
<br>
> local-port=53<br>
> <br>
> log-dns-details=yes<br>
> <br>
> log-dns-queries=yes<br>
> <br>
> log-timestamp=yes<br>
> <br>
> logging-facility=0<br>
> <br>
> loglevel=5<br>
> <br>
> master=yes<br>
<br>
Not sure you need that, since your PDNS will be slave.<br>
<br>
> module-dir=/usr/lib64/pdns<br>
> <br>
> non-local-bind=yes<br>
> <br>
> only-notify=<a href="http://10.1.200.12/23,::/0" rel="noreferrer" target="_blank">10.1.200.12/23,::/0</a><br>
<br>
same remark as above re notifies, and also the IP address is wrong.<br>
<br>
> query-cache-ttl=60<br>
> <br>
> query-local-address=10.1.200.13<br>
<br>
The IP address is wrong - I guess this should be 10.200.1.13?<br>
<br>
> query-logging=yes<br>
> <br>
> <br>
> security-poll-suffix=<a href="http://secpoll.powerdns.com" rel="noreferrer" target="_blank">secpoll.powerdns.com</a>.<br>
> <br>
> <br>
> setgid=pdns<br>
> <br>
> setuid=pdns<br>
> <br>
> slave=yes<br>
> <br>
> version-string=full<br>
> <br>
> webserver=bserver-address=10.200.1.13<br>
> <br>
> webserver-allow-from=<a href="http://0.0.0.0/0,::/0" rel="noreferrer" target="_blank">0.0.0.0/0,::/0</a><br>
> <br>
> webserver-port=8081<br>
> <br>
> launch=gmysql<br>
> gmysql-host=10.200.1.11<br>
> gmysql-port=3306<br>
> gmysql-user=ns1<br>
> gmysql-dbname=pdns_vox<br>
> gmysql-password=ohplease<br>
> <br>
> <br>
> BIND CONF:<br>
> <br>
> options {<br>
> listen-on port 53 { 127.0.0.1;10.200.1.13;any;};<br>
> // listen-on-v6 port 53 { ::1; };<br>
> directory "/var/named";<br>
> dump-file "/var/named/data/cache_dump.db";<br>
> statistics-file "/var/named/data/named_stats.txt";<br>
> memstatistics-file "/var/named/data/named_mem_stats.txt";<br>
> recursing-file "/var/named/data/named.recursing";<br>
> secroots-file "/var/named/data/named.secroots";<br>
> allow-query {localhost;10.200.1.12;10.200.1.13;};<br>
> allow-update-forwarding {10.200.1.13;};<br>
> };<br>
> <br>
> */<br>
> recursion no;<br>
> <br>
> dnssec-enable no;<br>
> dnssec-validation no;<br>
> <br>
> /* Path to ISC DLV key */<br>
> bindkeys-file "/etc/named.iscdlv.key";<br>
> <br>
> managed-keys-directory "/var/named/dynamic";<br>
> <br>
> pid-file "/run/named/named.pid";<br>
> session-keyfile "/run/named/session.key";<br>
> };<br>
> <br>
> <br>
> logging {<br>
> channel default_debug {<br>
> file "data/named.run";<br>
> severity dynamic;<br>
> };<br>
> };<br>
> <br>
> zone "." IN {<br>
> type hint;<br>
> file "<a href="http://named.ca" rel="noreferrer" target="_blank">named.ca</a>";<br>
> };<br>
> <br>
> zone "<a href="http://test123.co.za" rel="noreferrer" target="_blank">test123.co.za</a>" IN {<br>
> type master;<br>
> file "named.bind-master.zones";<br>
> also-notify {10.200.1.13;};<br>
<br>
if your PDNS is slave, it should be listed as NS in your zone, and<br>
therefore you wouldn't need this also-notify statement.<br>
<br>
> allow-transfer {10.200.1.13;};<br>
> };<br>
> <br>
> zone "<a href="http://www.voxcloud.co.za" rel="noreferrer" target="_blank">www.voxcloud.co.za</a>" IN {<br>
> type master;<br>
> file "named.bind-rec.zones";<br>
> also-notify {10.200.1.13;};<br>
<br>
same remark as for the <a href="http://test123.co.za" rel="noreferrer" target="_blank">test123.co.za</a> zone.<br>
<br>
> allow-transfer {10.200.1.13;};<br>
> };<br>
> include "/etc/named.rfc1912.zones";<br>
> include "/etc/named.root.key";<br>
> <br>
> <br>
> <br>
> ZONE FILE FOR BIND:<br>
> <br>
> $TTL 3600<br>
> @ IN SOA <a href="http://test123.co.za" rel="noreferrer" target="_blank">test123.co.za</a>. <a href="http://tshepo.msimango.voxtelecom.co.za" rel="noreferrer" target="_blank">tshepo.msimango.voxtelecom.co.za</a>. (<br>
> <br>
> 2019020714 ; Serial<br>
> 3600 ; Refresh<br>
> 1800 ; Retry<br>
> 604800 ; Expire<br>
> 3600 ) ; TTL<br>
> <br>
> <br>
> <br>
> ;nameserver -NS records<br>
> @ IN NS ns1<br>
> @ IN A 10.200.3.1<br>
> ns1 IN A 10.200.1.12 ;If you want to assign a server<br>
> to your domain<br>
<br>
you should add an entry for ns2 (PDNS) here, so that Bind sends notifies<br>
to PDNS when a change occurs, and then PDNS can XFR the zone.<br>
<br>
> <br>
> <br>
> ~<br>
> ~<br>
> <br>
> <br>
> On Fri, 15 Feb 2019, 16:14 Nico CARTRON <<a href="mailto:nicolas@ncartron.org" target="_blank">nicolas@ncartron.org</a> wrote:<br>
> <br>
> > Hi Tshepo,<br>
> ><br>
> > On 15-Feb-2019 14:50 CET, <<a href="mailto:hyacinthmsimango@gmail.com" target="_blank">hyacinthmsimango@gmail.com</a>> wrote:<br>
> ><br>
> > > Hi Brian<br>
> > ><br>
> > > For PDNS (Slave) i'm using MariaDB and for BIND it's just BIND Flat<br>
> > files,i<br>
> > > think my configuration is wrong.<br>
> ><br>
> > sending your Bind and PowerDNS configuration on this list would be<br>
> > indeed helpful - can you do that?<br>
> ><br>
> > Cheers,<br>
> ><br>
> > --<br>
> > Nico<br>
> ><br>
> ><br>
> > > On Fri, Feb 15, 2019 at 11:06 AM Brian Candler <<a href="mailto:b.candler@pobox.com" target="_blank">b.candler@pobox.com</a>><br>
> > wrote:<br>
> > ><br>
> > > > On 15/02/2019 06:44, TSHEPO MSIMANGO wrote:<br>
> > > ><br>
> > > > PDNS LOGS:<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > *Feb 13 11:13:16 pdns-slave pdns_server: Error trying to resolve<br>
> > > > '<a href="http://10.200.1.12:0" rel="noreferrer" target="_blank">10.200.1.12:0</a><br>
> > > > <<br>
> > <a href="https://protect-za.mimecast.com/s/0N2hCQ1X9NHopOq7IOwZUT?domain=10.200.1.12" rel="noreferrer" target="_blank">https://protect-za.mimecast.com/s/0N2hCQ1X9NHopOq7IOwZUT?domain=10.200.1.12</a><br>
> > >'<br>
> > > > for notifying '<a href="http://test123.co.za" rel="noreferrer" target="_blank">test123.co.za</a><br>
> > > > <<br>
> > <a href="https://protect-za.mimecast.com/s/oMJkCRgX3MH51ElNcEijaK?domain=test123.co.za" rel="noreferrer" target="_blank">https://protect-za.mimecast.com/s/oMJkCRgX3MH51ElNcEijaK?domain=test123.co.za</a><br>
> > >'<br>
> > > > to server: Unable to send notify to <a href="http://10.200.1.12:53" rel="noreferrer" target="_blank">10.200.1.12:53</a><br>
> > > > <<br>
> > <a href="https://protect-za.mimecast.com/s/nDKCCVmW35sg63KMTNoQ3S?domain=10.200.1.12" rel="noreferrer" target="_blank">https://protect-za.mimecast.com/s/nDKCCVmW35sg63KMTNoQ3S?domain=10.200.1.12</a><br>
> > ><br>
> > > > Invalid argument*<br>
> > > ><br>
> > > > Maybe you have some invalidation configuration for the zone. Which<br>
> > > > backend are you using? How did you configure the slave zone?<br>
> > > ><br>
> > ><br>
> > ><br>
> > > --<br>
> > > Kind Regards<br>
> > > Tshepo Hyacinth Msimango<br>
> ><br>
> > > _______________________________________________<br>
> > > Pdns-users mailing list<br>
> > > <a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a><br>
> > > <a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" rel="noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
> ><br>
> ><br>
<br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><div>Kind Regards</div><div>Tshepo Hyacinth Msimango</div></div>