[Pdns-users] Can't make AXFR work with LDAP backend
David Douard
david.douard at logilab.fr
Fri Dec 3 11:43:53 UTC 2010
Hi everybody,
I am using PowerDNS from Debian Squeeze with LDAP backend.
The problem is that I have never been able make AXFR dig. I have the problem
for years now, but until now, I never really need to make it work. But I'd
like now to use a PowerDNS server as shadow master for my public zone (the DNS
server is BIND9).
When I do on the machine running powerdns:
dig @localhost logilab.fr AXFR
I sometimes get the correct result, but most of the times, I have a:
;; Got bad packet: out of range
473 bytes
[snip gathered hex values]
If I activate some debug information, I can see:
Dec 2 16:10:54 ident pdns[10893]: TCP Connection Thread died because of STL
error: Writing data: Broken pipe
or if I dig fro another machine:
Dec 2 16:20:00 ident pdns[12375]: TCP Connection Thread died because of STL
error: Reading data: Connection reset by peer
I've been searching on the web and in the Mailing List, without being able to
find a definitive answer to the problem. The recent discussions on similar
situation do not apply here (eg. I do have a serial set to a value >0 for my
SOA.)
Using wireshark on port 53, the strange thing is that when I do an AXFR
request, the communication ends with 2 almost identical ACK packets, the
second one having the RESET flag set. All the requested zone information is
included in the DNS answer packet (the zone is small enough to fit in one
packet). So I guess dig do notice the presence of the RESET packet and
conclude something wrong occured.
Note that the AXFR request do sometimes succeed (very rarely to be honest, I
haven't seen one for a while).
I may have missed something obvious, but I can't find it :-/
Anyone having a clue?
Thanks,
David Douard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20101203/c3679cc3/attachment.sig>
More information about the Pdns-users
mailing list