[Pdns-users] slave=no, smartmasters and AXFRs

Frank Louwers frank at openminds.be
Thu May 12 14:11:02 UTC 2005 

On Thu, May 12, 2005 at 03:13:30PM +0200, Lorens Kockum wrote:
> On Thu, May 12, 2005 at 12:32:32PM +0200, Frank Louwers wrote:
> > Hi,
> > 
> > We have the following pdns setup:
> > 
> > ns2: "main" powerdns server, gmysql backend, mysql db on localhost,
> > serving as mysql-master. Scripts feed the database. We also have clients
> > that we provide secundary dns for, via the supermaster mechanism. Has
> > "slave = yes" in the config file.
> 
> I think the problem is there. For a given set of servers,
> replication and supermaster are two distinct and incompatible
> methods.

Let me explain in more detail:
- our own ns1/ns2/ns3 use mysql replication (ns1 and ns3 are
  mysql-replication slaves of ns2). No axfr/... involved in replication
  among them.

- we offer colocation customers the possibility to use our dns-servers
  as backup dns-servers for the domains they have. We add the ip of the
  nameserver of the customer to the supermasters table, and tell the
  customer to send us NOTIFYs. The idea is that our ns2 catches the
  NOTIFYS, add the domain to the database, do a AXFR from the customer's
  nameserver, and let mysql replicate these new entries to ns1 and ns3.

- ns1/ns3 will also get the NOTIFYs (as they are listed as NS for the
  customer's domains), but as they are configured with "slave = no", I
  assumed they wouldn't do axfrs from the customer.

> > This goes in the ns1-logfiles:
> > May 12 07:50:50 ns1 pdns[15516]: No serial for 'XXXXXXXXXX.be'
> > found - zone is missing?
> > May 12 07:50:50 ns1 pdns[15516]: AXFR started for
> > 'XXXXXXXXXX.be', transaction started
> > May 12 07:50:50 ns1 pdns[15516]: AXFR done for 'XXXXXXXXXXX.be'
> > zone committed
> > 
> > Is this normal behaviour? How do I disable the smartmaster behaviour on
> > ns1/ns3? Isn't "slave = no" enough to disable it?
> 
> This is not any "master" behaviour, smart or super or whatever,
> this is slave behaviour, and "dns" slave bahaviour at that.

to clarify: XXXXXXX.be in the above is the domain of a customer that has
his own (i suppose bind) nameserver.

> Your mysql slaves should not even have write rights to the
> database.  I am fairly sure that the replication you use is one
> master -> n slaves, and in that configuration, writing on the
> slaves is not good for the replication.

i am aware of that, but the reason they want to write to write to the db
is because of the AXFRs, which they shouldn't do in the first place.


Vriendelijke groeten,
Frank Louwers

-- 
Openminds bvba                www.openminds.be
Tweebruggenstraat 16  -  9000 Gent  -  Belgium

More information about the Pdns-users mailing list