<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 2024/10/07 21:17, Michel Otte wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAAjjMW98OJ0uD+vrRLERVXs7xJDXYtCwxX6SWMZVy=S+sgYfSg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div>You have left out quite a few details from your setup.
What PowerDNS version are you running? </div>
</div>
</div>
</blockquote>
<p>PDNS 4.6.3<br>
</p>
<blockquote type="cite"
cite="mid:CAAjjMW98OJ0uD+vrRLERVXs7xJDXYtCwxX6SWMZVy=S+sgYfSg@mail.gmail.com">
<div dir="ltr">
<div dir="ltr">
<div>What backend [1] did you configure on the PowerDNS auth
side? </div>
</div>
</div>
</blockquote>
<p>SQLite3<br>
</p>
<blockquote type="cite"
cite="mid:CAAjjMW98OJ0uD+vrRLERVXs7xJDXYtCwxX6SWMZVy=S+sgYfSg@mail.gmail.com">
<div dir="ltr">
<div dir="ltr">
<div>What other commands did you run to set up the secondary
zone?<br>
</div>
</div>
</div>
</blockquote>
<p>I installed the PowerDNS-Admin Web frontend and simply used the
UI to add domains as they get created. I select that the zone is
a secondary, tell it where the master is, pull the domain from the
master, and that's it.<br>
</p>
<blockquote type="cite"
cite="mid:CAAjjMW98OJ0uD+vrRLERVXs7xJDXYtCwxX6SWMZVy=S+sgYfSg@mail.gmail.com">
<div dir="ltr">
<div dir="ltr">
<div>From the context you provide, I take it you are trying to
set up PowerDNS to become a secondary nameserver that
receives zone transfers from a primary BIND nameserver. </div>
</div>
</div>
</blockquote>
<p>Yes<br>
</p>
<blockquote type="cite"
cite="mid:CAAjjMW98OJ0uD+vrRLERVXs7xJDXYtCwxX6SWMZVy=S+sgYfSg@mail.gmail.com">
<div dir="ltr">
<div dir="ltr">
<div>Please start by reading the PowerDNS modes of operation
section [2] from the manual if not already done so,
specifically the part that discusses secondary operation
[3]. Next, make sure the domain you want PowerDNS to be
secondary for is actually created on the PowerDNS side, for
secondary operation [4].</div>
</div>
</div>
</blockquote>
<p>I have 9 domains set up as secondaries and they work fine as far
as I can tell when I manually tell anyone domain to sync with the
master.<br>
</p>
<blockquote type="cite"
cite="mid:CAAjjMW98OJ0uD+vrRLERVXs7xJDXYtCwxX6SWMZVy=S+sgYfSg@mail.gmail.com">
<div dir="ltr">
<div dir="ltr">
<div>PowerDNS also has something that's called auto-primary
mode [5], which allows a primary nameserver to "provision" a
PowerDNS secondary nameserver, or let PowerDNS automatically
discover new zones it should be authoritative for. This
functionality was known as "supermaster", but has been
renamed in recent versions.<br>
</div>
</div>
</div>
</blockquote>
<p>That sounds interesting, I'll read up on that.</p>
<p>From what I've learned up to now, the actual domain record
contains the address of the master, and even if an update is
triggered via notify, it will not be done if the master ip address
doesn't match the ip address in the domain record. Is that
correct? If so, it leads me to the next question, which is: Is
there any way in which I can add a second master ip address to the
record? <br>
</p>
<p>I suppose I can attempt to redo a secondary zone file and use the
LAN (internal) address? The problem is though that PDNS has a
public ip address and is not NAT'ted, so I don't think the LAN ip
address of the master is visible to PDNS. <br>
</p>
<p>Ideas?<br>
</p>
<blockquote type="cite"
cite="mid:CAAjjMW98OJ0uD+vrRLERVXs7xJDXYtCwxX6SWMZVy=S+sgYfSg@mail.gmail.com">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>Hopefully this helps. <font color="#000000">W</font><font
color="#000000" style="font-size:12.8px"><span
style="font-size:12.8px">ith kind regards,</span><br
style="font-size:12.8px">
<span style="font-size:12.8px">Michel Otte</span></font></div>
<div>
<div dir="ltr" class="gmail_signature">
<div dir="ltr"><br>
</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">[1]: <a
href="https://doc.powerdns.com/authoritative/backends/"
moz-do-not-send="true" class="moz-txt-link-freetext">https://doc.powerdns.com/authoritative/backends/</a></div>
<div dir="ltr">[2]: <a
href="https://doc.powerdns.com/authoritative/modes-of-operation.html"
moz-do-not-send="true" class="moz-txt-link-freetext">https://doc.powerdns.com/authoritative/modes-of-operation.html</a></div>
<div dir="ltr">[3]: <a
href="https://doc.powerdns.com/authoritative/modes-of-operation.html#secondary-operation"
moz-do-not-send="true" class="moz-txt-link-freetext">https://doc.powerdns.com/authoritative/modes-of-operation.html#secondary-operation</a></div>
<div dir="ltr">[4]: <a
href="https://doc.powerdns.com/authoritative/backends/generic-sql.html#secondary-operation"
moz-do-not-send="true" class="moz-txt-link-freetext">https://doc.powerdns.com/authoritative/backends/generic-sql.html#secondary-operation</a></div>
<div dir="ltr">[5]: <a
href="https://doc.powerdns.com/authoritative/backends/generic-sql.html#autoprimary-operation"
moz-do-not-send="true" class="moz-txt-link-freetext">https://doc.powerdns.com/authoritative/backends/generic-sql.html#autoprimary-operation</a></div>
</div>
</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Roland Giesler via
Pdns-users <<a
href="mailto:pdns-users@mailman.powerdns.com"
moz-do-not-send="true" class="moz-txt-link-freetext">pdns-users@mailman.powerdns.com</a>>:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I'm
running my primary DNS on Power Mail-in-a-Box, which runs
BIND9's <br>
NAMED and sends notifications when a domain's zone file
changes.<br>
<br>
I have set PowerDNS's config to accept these from the LAN
and Public ip <br>
of the master, but I see this error in syslog. (The DNS is
a NAT'ted <br>
server)<br>
<br>
Oct 7 17:13:43 PowerDNS pdns_server[125]: Received NOTIFY
for <br>
<a href="http://fast.za.net" rel="noreferrer"
target="_blank" moz-do-not-send="true">fast.za.net</a>
from 192.168.131.102 which is not a master (Refused)<br>
Oct 7 17:13:43 PowerDNS pdns_server[125]: message repeated
9 times: [ <br>
Received NOTIFY for <a href="http://fast.za.net"
rel="noreferrer" target="_blank" moz-do-not-send="true">fast.za.net</a>
from 192.168.131.102 which is not a <br>
master (Refused)]<br>
<br>
My config file has:<br>
<br>
allow-axfr-ips=<a
href="http://197.214.119.180/32,192.168.131.0/24,127.0.0.0/8,::1,169.255.79.10/24allow-notify-from=197.214.119.180/32,192.168.131.0/24,::/0"
rel="noreferrer" target="_blank" moz-do-not-send="true">197.214.119.180/32,192.168.131.0/24,127.0.0.0/8,::1,169.255.79.10/24<br>
allow-notify-from=197.214.119.180/32,192.168.131.0/24,::/0</a><br>
<br>
What should I do to allow the changes onto PowerDNS?<br>
<br>
<br>
_______________________________________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">Pdns-users@mailman.powerdns.com</a><br>
<a
href="https://mailman.powerdns.com/mailman/listinfo/pdns-users"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
</blockquote>
</div>
</div>
</blockquote>
</body>
</html>