[Pdns-dev] clarification on the minimum requirements from a pipe-backend with powerdns>=3
Peter van Dijk
peter.van.dijk at netherlabs.nl
Fri Mar 28 18:46:26 CET 2014
Hello Ferenc,
On 28 Mar 2014, at 18:41 , Ferenc Kovacs <tyra3l at gmail.com> wrote:
> After upgrading from 2.9.22 to 3.1 We have bumped into an issue that our resolving via the pipe backed wasn't working anymore.
>
> We were using something like
> pipe-regex=^(.*).(ourcompany.com);(ANY|A)$
> in our pdns config(ANY|ALL is suggested by the official docs: http://doc.powerdns.com/html/backends-detail.html)
> and our backend was only expecting HELO and Q requests, and was responding to any Q request with an A record.
>
> first, we enabled the query-logging, and we were seeing a bunch of
> Query for 'something.ourcompany.com' type 'SOA' failed regex '^(.*).(ourcompany.com);(.*)$'
>
> After adding the SOA to the pipe-regex pattern (ANY|A|SOA) our backend finally started to receive requests, but still not working, because we started getting
> AXFR -1
> requests after the Q requests(even thought that those request are not allowed by the pipe-regex and they don't appear in the query-log), and not handling those caused the resolving to fail before sending the Q to the backend.
>
> My guess is that we should handle the SOA requests properly(send the SOA for the A r), and we are seeing the AXFR requests because pdns is confused by the A response to the SOA request.
>
> Could somebody verify that this is what's happening, and it is only a miracle that this setup was working with previous powerdns versions?
That’s about right!
1) 3.0 and up require a SOA
2) your regex was preventing getting it
3) when you fixed that, your script would still not serve one
4) if PowerDNS doesn’t have a SOA but believes a backend has authority, it will try to generate a SOA, but to do that it needs a serial, and for that it tries to find out what the newest record in the zone is - hence the AXFR
> I guess it would be also nice
> if somebody could update the documentation on http://doc.powerdns.com/html/backends-detail.html a bit, so people would write proper backends from the start instead of bumping into this issues after upgrading.
5) Yes, those docs need to be fixed to reflect the 3.0 and up situation.
Please file an issue at https://github.com/PowerDNS/pdns/issues/new about the docs. Or, if you feel like it, file a pull request with an actual documentation update to https://github.com/PowerDNS/pdns/blob/master/pdns/docs/pdns.xml !
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20140328/6945be2a/attachment.pgp>
More information about the Pdns-dev
mailing list