<div dir="ltr"><div>I'm running from PostgresDB. Using the pdnsutil command, I did set the metadata.Here are the results from pdnsutil.<br></div><div><br></div><div>
<table id="gmail-data"><tbody><tr class="gmail-data2"><td style="white-space:nowrap">pdnsutil get-meta <a href="http://chaosdynamics.com">chaosdynamics.com</a><br>Metadata for '<a href="http://chaosdynamics.com">chaosdynamics.com</a>'<br>ALLOW-DNSUPDATE-FROM = <a href="http://66.113.99.176/28">66.113.99.176/28</a>, <a href="http://127.0.0.1/8">127.0.0.1/8</a><br>NOTIFY-DNSUPDATE = 1<br>SOA-EDIT-API = DEFAULT<br>TSIG-ALLOW-DNS-UPDATE = cdkey<br><br>I'll try the zone-cache settings.<br><br><br>Walter<br></td><td style="white-space:nowrap"><br></td><td style="white-space:nowrap">1</td></tr></tbody></table>
</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Jun 26, 2022 at 1:17 PM Gert van Dijk via Pdns-users <<a href="mailto:pdns-users@mailman.powerdns.com">pdns-users@mailman.powerdns.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Walter,<br>
<br>
I believe you may be missing the 'NOTIFY-DNSUPDATE' domain meta setting. [1]<br>
Note that 'dnsupdate' is a different and global setting; whether or not <br>
to enable the support for dynamic updates overall on the instance. [2]<br>
<br>
What is the backend that you use for the dynamic zone?<br>
In my case I have a small scale setup using SQLite on a hidden master <br>
and I used these queries (taken from notes years ago) to enable notify <br>
updates to secondary servers (running a possibly different backend).<br>
<br>
$ sqlite3 /path/to/my/sqlite3.db<br>
sqlite> update domains set type='MASTER' where name='dyn.zone.tld';<br>
sqlite> insert into domainmetadata(domain_id, kind, content) <br>
values((select id from domains where name='dyn.zone.tld'), <br>
'SOA-EDIT-DNSUPDATE', 'SOA-EDIT-INCREASE');<br>
sqlite> insert into domainmetadata(domain_id, kind, content) <br>
values((select id from domains where name='dyn.zone.tld'), <br>
'NOTIFY-DNSUPDATE','1');<br>
<br>
Likely unrelated, but just wanted to note the following. I ran into zone <br>
caching issues on the secondaries side ever since upgrading to 4.5 and <br>
still happening for me on 4.6, complaining about the domain SOA being <br>
out of date. Still have to investigate that further and perhaps file an <br>
issue, but my current workaround for that is setting this on the primary <br>
server:<br>
<br>
zone-cache-refresh-interval=0<br>
zone-metadata-cache-ttl=0<br>
<br>
... which is fine for a small scale setup like mine. You may not run <br>
into the same issue, though. :-)<br>
<br>
HTH<br>
<br>
Gert<br>
<br>
[1]: <a href="https://doc.powerdns.com/authoritative/dnsupdate.html#notify-dnsupdate" rel="noreferrer" target="_blank">https://doc.powerdns.com/authoritative/dnsupdate.html#notify-dnsupdate</a><br>
[2]: <a href="https://doc.powerdns.com/authoritative/dnsupdate.html#dnsupdate" rel="noreferrer" target="_blank">https://doc.powerdns.com/authoritative/dnsupdate.html#dnsupdate</a><br>
<br>
On 6/26/22 19:44, Walter Parker via Pdns-users wrote:<br>
> Hi,<br>
> <br>
> I have a PowerDNS server with Dynamic Updates (RFC2136 enabled) and it <br>
> is not pushing the updates to the secondaries.<br>
> <br>
> I have allow-axfr-ips set to allow the IP addresses of the secondaries <br>
> and also-notify set to IP addresses of the notification servers.<br>
> <br>
> I have allow-dnsudpates-from set to the IP subnet where the request is <br>
> coming from. I have dnsupdate set to true.<br>
> <br>
> When I run acme.sh, I see the update request come in (UPDATE (18591) <br>
> from 66.113.99.184 for <a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">chaosdynamics.com</a> <<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">http://chaosdynamics.com</a>>: <br>
> TSIG is provided, but domain is not secured with TSIG. Processing continues<br>
> ) but I don't see the notification queue message or the AXFR messages.<br>
> <br>
> When I run a notify manually, I see them (logs below).<br>
> What did I miss to get dynamic DNS updates to be transferred to the <br>
> secondary servers?<br>
> <br>
> Jun 26 10:39:02 natasha pdns[65543]: Notification request for domain <br>
> '<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">chaosdynamics.com</a> <<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">http://chaosdynamics.com</a>>' received from operator<br>
> Jun 26 10:39:02 natasha pdns[65543]: Queued notification of domain <br>
> '<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">chaosdynamics.com</a> <<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">http://chaosdynamics.com</a>>' to <a href="http://208.80.126.13:53" rel="noreferrer" target="_blank">208.80.126.13:53</a> <br>
> <<a href="http://208.80.126.13:53" rel="noreferrer" target="_blank">http://208.80.126.13:53</a>><br>
> Jun 26 10:39:02 natasha pdns[65543]: Queued notification of domain <br>
> '<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">chaosdynamics.com</a> <<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">http://chaosdynamics.com</a>>' to <a href="http://208.94.148.13:53" rel="noreferrer" target="_blank">208.94.148.13:53</a> <br>
> <<a href="http://208.94.148.13:53" rel="noreferrer" target="_blank">http://208.94.148.13:53</a>><br>
> Jun 26 10:39:03 natasha pdns[65543]: IXFR of domain '<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">chaosdynamics.com</a> <br>
> <<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">http://chaosdynamics.com</a>>' initiated by <a href="http://208.94.150.198:61335" rel="noreferrer" target="_blank">208.94.150.198:61335</a> <br>
> <<a href="http://208.94.150.198:61335" rel="noreferrer" target="_blank">http://208.94.150.198:61335</a>> with serial 2022062505<br>
> Jun 26 10:39:03 natasha pdns[65543]: AXFR of domain '<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">chaosdynamics.com</a> <br>
> <<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">http://chaosdynamics.com</a>>' allowed: client IP <a href="http://208.94.150.198:61335" rel="noreferrer" target="_blank">208.94.150.198:61335</a> <br>
> <<a href="http://208.94.150.198:61335" rel="noreferrer" target="_blank">http://208.94.150.198:61335</a>> is in allow-axfr-ips<br>
> Jun 26 10:39:03 natasha pdns[65543]: IXFR of domain '<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">chaosdynamics.com</a> <br>
> <<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">http://chaosdynamics.com</a>>' initiated by <a href="http://208.94.147.135:48779" rel="noreferrer" target="_blank">208.94.147.135:48779</a> <br>
> <<a href="http://208.94.147.135:48779" rel="noreferrer" target="_blank">http://208.94.147.135:48779</a>> with serial 2022062505<br>
> Jun 26 10:39:03 natasha pdns[65543]: AXFR of domain '<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">chaosdynamics.com</a> <br>
> <<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">http://chaosdynamics.com</a>>' allowed: client IP <a href="http://208.94.147.135:48779" rel="noreferrer" target="_blank">208.94.147.135:48779</a> <br>
> <<a href="http://208.94.147.135:48779" rel="noreferrer" target="_blank">http://208.94.147.135:48779</a>> is in allow-axfr-ips<br>
> Jun 26 10:39:03 natasha pdns[65543]: IXFR fallback to AXFR for domain <br>
> '<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">chaosdynamics.com</a> <<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">http://chaosdynamics.com</a>>' our serial 2022062606<br>
> Jun 26 10:39:03 natasha pdns[65543]: AXFR of domain '<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">chaosdynamics.com</a> <br>
> <<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">http://chaosdynamics.com</a>>' initiated by <a href="http://208.94.150.198:61335" rel="noreferrer" target="_blank">208.94.150.198:61335</a> <br>
> <<a href="http://208.94.150.198:61335" rel="noreferrer" target="_blank">http://208.94.150.198:61335</a>><br>
> Jun 26 10:39:03 natasha pdns[65543]: AXFR of domain '<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">chaosdynamics.com</a> <br>
> <<a href="http://chaosdynamics.com" rel="noreferrer" target="_blank">http://chaosdynamics.com</a>>' allowed: client IP <a href="http://208.94.150.198:61335" rel="noreferrer" target="_blank">208.94.150.198:61335</a> <br>
> <<a href="http://208.94.150.198:61335" rel="noreferrer" target="_blank">http://208.94.150.198:61335</a>> is in allow-axfr-ips<br>
> <br>
> -- <br>
> The greatest dangers to liberty lurk in insidious encroachment by men of <br>
> zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis<br>
> <br>
> _______________________________________________<br>
> Pdns-users mailing list<br>
> <a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a><br>
> <a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" rel="noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a><br>
<a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" rel="noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><span style="font-family:arial,sans-serif;font-size:13px;border-collapse:collapse;color:rgb(136,136,136)">The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis</span></div></div>