[Pdns-users] slave=no, smartmasters and AXFRs

Lorens Kockum lorens-pdns-3987 at tagged.lorens.org
Thu May 12 13:13:30 UTC 2005 

On Thu, May 12, 2005 at 12:32:32PM +0200, Frank Louwers wrote:
> Hi,
> 
> We have the following pdns setup:
> 
> ns2: "main" powerdns server, gmysql backend, mysql db on localhost,
> serving as mysql-master. Scripts feed the database. We also have clients
> that we provide secundary dns for, via the supermaster mechanism. Has
> "slave = yes" in the config file.

I think the problem is there. For a given set of servers,
replication and supermaster are two distinct and incompatible
methods.

> This goes in the ns1-logfiles:
> May 12 07:50:50 ns1 pdns[15516]: No serial for 'XXXXXXXXXX.be'
> found - zone is missing?
> May 12 07:50:50 ns1 pdns[15516]: AXFR started for
> 'XXXXXXXXXX.be', transaction started
> May 12 07:50:50 ns1 pdns[15516]: AXFR done for 'XXXXXXXXXXX.be'
> zone committed
> 
> Is this normal behaviour? How do I disable the smartmaster behaviour on
> ns1/ns3? Isn't "slave = no" enough to disable it?

This is not any "master" behaviour, smart or super or whatever,
this is slave behaviour, and "dns" slave bahaviour at that.

Your mysql slaves should not even have write rights to the
database.  I am fairly sure that the replication you use is one
master -> n slaves, and in that configuration, writing on the
slaves is not good for the replication.

Now, you provide secondary DNS to clients via the supermaster
mechanism. Since the master is the only one who should
write to the database, you configure your mysql-master as
a dns-superslave to your clients, and make sure that your
mysql-master is one of the nameservers of the domains in
question so that it gets the notifications.

On the slaves, your clients' servers should not be listed as
supermasters . . . but the database is replicated. Maybe with
mysql excluding a table from the replication is difficult or
impossible?  If the mysql-slaves do not have write access to the
database, it probably doesn't matter, though you'll get lots of
nasty warnings in the logs.

Make sure that for all your domains, domain.type = 'NATIVE'
and not 'MASTER' on all servers. For all the domains for which
your clients are masters, domain.type should be 'SLAVE'. You
shouldn't have a domain.type = 'MASTER' anywhere.

Personally I chose to set up two different sets of DNS servers,
one set for pdns servers under my control and domains that
ony use that set, and another set for domains that have AXFR
relations with servers not under my control.

HTH.

More information about the Pdns-users mailing list