[Pdns-users] Problem with guarded and AXFR gone, problem with chroot and Notif y still there with 2.9.12

[Bauer, Georg]

Hi!

Some time ago I reported about two problems with regard to AXFR:

- when the slave ran guarded, AXFRs broke with an error. This problem seems
to be gone with 2.9.12

- when the master runs chrooted, notifies can't be sent to the nameservers
of a changed domain. The domain in question is set up with NS records with
server names. PDNS usually resolves those server names to their IP addresses
and sends notify packages there. If the master runs chrooted, this doesn't
work. The server complains about not being able to resolve nameservers:

Dec 15 15:39:11 simon pdns[23780]: Unable to queue notification of domain
'leicaesk.de': nameservers do not resolve!

That's in communicator.cc in line 158. It uses the FindNS class to resolve
the nameserver IP addresses and that one does a simple gethostbyname to
resolve the name to an IP address. This needs several files in the chroot
jail, so there is at least documentation needed what files to put where.
Especially the "where" could be printed out by the server on start, so
people can see where the chroot jail would be?

A different solution would be to rewrite the FindNS class to make use of the
configured recursor to find the IP of the nameservers to be notified. That
way no files in the chroot jail would be needed and it would work with every
plattform in the same way, as differences in the resolver library wouldn't
show up.

A third solution would be to put some caveat in the pdns.conf default file,
so people changing it are informed about the fact that they need to make the
resolver library happy to make use of chroot on master servers that use
notify records. That would be the simples way out ;-)

bye, Georg