[Pdns-users] IXFR confuses dig, Godaddy
Pierre Beck
pbeck at videobuster.de
Mon Dec 30 15:39:03 UTC 2013
Hello Bert,
sorry for the confusion, I'm still new to DNS terminology. Yes, it is
three *messages*, and as far as I can see that makes the difference for
dig / BIND. The request is IXFR with a serial < current serial. Dig does
expect an AXFR-style response, but not in multiple messages. So that's
issue #1 dig failing to parse IXFR responses from PowerDNS. I'm in
contact with ISC about that issue, but it would be wise to workaround in
PowerDNS as well to increase compatibility mid-term by putting more /
all information in one message.
Issue #2 is sending an AXFR conditionless. When request serial >=
current serial, only the current SOA should be sent, but PowerDNS always
sends full AXFR. This does not break dig, as dig will just cut off the
connection when the first message with SOA serial equal or lower
arrived. But that may change when issue #1 is fixed and is a protocol
violation anyways.
Should be easy to fix: Just compare serials before answering and put
everything in one message. Send only SOA when request serial >= current
serial.
Issue #3 is GoDaddy somewhat running into the same problem as dig (do
they use BIND servers?), but that's more of an anecdote. A live example
of what happens when compat issues arise between PowerDNS and BIND.
Regards,
Pierre Beck
More information about the Pdns-users
mailing list