[Pdns-users] Successful, yet incomplete AXFR to BIND9 slave

Nikolaos Milas nmilas at admin.noa.gr
Wed Sep 8 21:10:53 UTC 2010


  Indeed, I have confirmed that pdns does not send a complete set of 
records during AXFR, by executing:

    # dig example.com AXFR @dns.example.com

where dns.example.com is the pdns/ldap server. The output is exactly the 
content of slave files.

So, why aren't all zone records included in the AXFR set?

I am waiting for your advice.

I like pdns and I am trying to resolve issues so that it can replace 
(gradually) all BIND9 servers in our organization.

Nick

On 8/9/2010 11:26 ΌΌ, Nikolaos Milas wrote:
> In my pdns/ldap (tree) on CentOS 5.5, I am setting up a domain (say: 
> 'example.com')  with its single SOA record. This has several virtual 
> subzones (a.example.com, b.example.com etc.) which include their own 
> MX records but are not delegated: the same NS records (as defined in 
> the example.com entry) are used for the whole domain (zone) and its 
> subdomains (subzones).
>
> The LDAP server also includes 5 in-addr.arpa zones (which correspond 
> to the 5 available LANs = Class-C subnets) for reverse mapping.
>
> Everything seems to be working fine when the pdns server is queried 
> for any records, which obviously means that pdns sees everything 
> correctly in ldap. (One problem however: queries for example.com and 
> its subdomains/hosts indicate AUTHORITY: 0. I would expect it to 
> indicate AUTHORITY: 1 in such queries. Any hint on this?)
>
> For testing (preparing a production environment), I have setup a BIND9 
> slave ( which uses pdns as master. Everything seems to run smoothly, 
> messages in logs indicate successful zone transfers, no errors either 
> in BIND or in pdns logs, BUT *a large number of A records* in some of 
> the subdomains *is not transferred at all* (however, some of the A 
> records are transferred). Interestingly, the PTR records in all 
> in-addr.arpa zones seem to be transferred correctly. The slave is also 
> CentOS 5.5 with bind-9.3.6-4.P1.el5_4.2.
>
> The BIND9 zone file for example.com (as produced by slaving), includes 
> all subdomains, specifies their MX records, but it misses a large 
> number of A records. I waited for several AXFRs, to check if 
> subsequent zone transfers would correct things, but nothing changed. 
> The transferred records are always the same.
>
> In the meantime, just in case, I have tried switching from the 2.9.22 
> rpm which I had found in a repository, to the more standard 2.9.21-4 
> rpm included in the 'extras' CentOS repositories, but the behavior is 
> exactly the same. (I am using CentOS 5.5 with a 2.6.18-194.11.3.el5 
> kernel).
>
> I would come to the conclusion that AXFR is not being sent correctly 
> by pdns, because, if a full set of records is being sent, why the 
> slave is not registering the complete set of records?
>
> All rpms (and the servers) are x86_64.
>
> Any suggestions? How can I  troubleshoot this in more detail?
>
> Thanks in advance,
> Nick
>
>



More information about the Pdns-users mailing list