From powerdns at usenet-verwaltung.de  Fri Mar  1 13:52:47 2013
From: powerdns at usenet-verwaltung.de (Juergen Ilse)
Date: Fri, 1 Mar 2013 14:52:47 +0100
Subject: [Pdns-users]  Reverse DNS
In-Reply-To: <mailman.1.1362135601.15960.pdns-users@mailman.powerdns.com>
References: <mailman.1.1362135601.15960.pdns-users@mailman.powerdns.com>
Message-ID: <20130301135247.GA21435@usenet-verwaltung.de>

On  Thu, 28 Feb 2013 11:36:27 -0500 Jay Zeemer <jzeemer at hotmail.com> worte:
> ----------------------------------------------------------------------
> Greetings,
> 
> I am running Power DNS on an ubuntu server, and everything seems to be working correct except I have reverse DNS configured and delegated, but for some reason my reverse dns response is a CNAME for in-addr.arpa instead of my PTR records domain name.
> 
> Thanks for any and all assistance.

Have a look at RFC2317 for further explanation:
In case of reverse-delegation for networks smaller than /24, the common
practice is to fill in an "additional label" using CNAMEs instead of 
PTR records.

regards,
	Juergen Ilse
-- 
Ein Domainname (auch wenn er Teil einer Mailadresse ist) ist nur ein Name,
nicht mehr und nicht weniger ...


From peter.van.dijk at netherlabs.nl  Fri Mar  1 14:50:42 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Fri, 1 Mar 2013 15:50:42 +0100
Subject: [Pdns-users] Reverse DNS
In-Reply-To: <20130301135247.GA21435@usenet-verwaltung.de>
References: <mailman.1.1362135601.15960.pdns-users@mailman.powerdns.com>
	<20130301135247.GA21435@usenet-verwaltung.de>
Message-ID: <E9136540-2D6A-467A-814E-04834CE380DC@netherlabs.nl>

Hello,

On Mar 1, 2013, at 14:52 , Juergen Ilse wrote:

> On  Thu, 28 Feb 2013 11:36:27 -0500 Jay Zeemer <jzeemer at hotmail.com> worte:
>> I am running Power DNS on an ubuntu server, and everything seems to be working correct except I have reverse DNS configured and delegated, but for some reason my reverse dns response is a CNAME for in-addr.arpa instead of my PTR records domain name.
>> 
>> Thanks for any and all assistance.
> 
> Have a look at RFC2317 for further explanation:
> In case of reverse-delegation for networks smaller than /24, the common
> practice is to fill in an "additional label" using CNAMEs instead of 
> PTR records.


This 'common practice' is broken, ugly and unnecessary. It is also, indeed, common, and probably explains at least part of what you are seeing.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From grinapo+pdnsdevel at gmail.com  Fri Mar  1 15:02:33 2013
From: grinapo+pdnsdevel at gmail.com (Peter Gervai)
Date: Fri, 1 Mar 2013 16:02:33 +0100
Subject: [Pdns-users] Reverse DNS
In-Reply-To: <E9136540-2D6A-467A-814E-04834CE380DC@netherlabs.nl>
References: <mailman.1.1362135601.15960.pdns-users@mailman.powerdns.com>
	<20130301135247.GA21435@usenet-verwaltung.de>
	<E9136540-2D6A-467A-814E-04834CE380DC@netherlabs.nl>
Message-ID: <CAAWNVq9iw6y=inPfo-OAkgr4kTx3FifbJWTKqo7eObiWxugoew@mail.gmail.com>

On Fri, Mar 1, 2013 at 3:50 PM, Peter van Dijk
<peter.van.dijk at netherlabs.nl> wrote:
> This 'common practice' is broken, ugly and unnecessary.

What are the alternatives?

g


From mh+pdns-users at zugschlus.de  Fri Mar  1 20:29:50 2013
From: mh+pdns-users at zugschlus.de (Marc Haber)
Date: Fri, 1 Mar 2013 21:29:50 +0100
Subject: [Pdns-users] Reverse DNS
In-Reply-To: <BAY002-W2151C5B3D4AB43DB81F6BEEA5FE0@phx.gbl>
References: <BAY002-W2151C5B3D4AB43DB81F6BEEA5FE0@phx.gbl>
Message-ID: <20130301202950.GK7925@torres.zugschlus.de>

On Thu, Feb 28, 2013 at 11:36:27AM -0500, Jay Zeemer wrote:
> I am running Power DNS on an ubuntu server, and everything seems to be
> working correct except I have reverse DNS configured and delegated,
> but for some reason my reverse dns response is a CNAME for
> in-addr.arpa instead of my PTR records domain name.

This could be an RFC2317 delegation. Which IP address/network are we
talking about?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062


From aleksey.chudov at gmail.com  Fri Mar  1 22:21:01 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Sat, 02 Mar 2013 00:21:01 +0200
Subject: [Pdns-users] Pdns Remote backend crash
Message-ID: <513129CD.4060003@gmail.com>

Hello,

I encountered the following problem. When executing Remote backend 
(tested with Remote + socket, pipe and http) and distributor-threads 
parameter greater than 1 pdns_server process crash while performance 
testing.

Pdns was built on Debian 6.0.7

aptitude install libboost-program-options-dev libboost-serialization-dev 
liblua5.1-dev libz-dev
wget http://downloads.powerdns.com/releases/pdns-3.2.tar.gz
tar -xzf pdns-3.2.tar.gz
cd pdns-3.2/
./configure --prefix=/usr --sysconfdir=/etc/powerdns 
--localstatedir=/var/run/pdns --libdir=/usr/lib/pdns --disable-shared 
--enable-static --enable-static-boost --enable-static-binaries 
--enable-pdns_server --disable-recursor --with-modules="pipe remote" 
--with-dynmodules=""
make
make install


There is no errors when pdns_server starts with distributor-threads=1. 
Performance is quite good – 7k qps according to dnsperf statistics (32 
instances of dnsperf simultaneously). But if I start pdns_server with 
distributor-threads greater than 1 and run more than one instance 
dnsperf simultaneously, the process crash.

log-level is set to 9 but only the following message is printed to log file

Feb 27 19:49:01 srv1 pdns[28609]: Got a signal 6, attempting to print 
trace:
Feb 27 19:49:01 srv1 pdns[28609]: [0x49a720]
Feb 27 19:49:01 srv1 pdns[28609]: [0x6598d0]
Feb 27 19:49:01 srv1 pdns[28609]: [0x762f75]
Feb 27 19:49:01 srv1 pdns[28609]: [0x6f5b90]
Feb 27 19:49:01 srv1 pdns[28609]: [0x6f0ac5]
Feb 27 19:49:01 srv1 pdns[28609]: [0x42b227]
Feb 27 19:49:01 srv1 pdns[28609]: [0x47f202]
Feb 27 19:49:01 srv1 pdns[28609]: [0x4a5e41]
Feb 27 19:49:01 srv1 pdns[28609]: [0x456399]
Feb 27 19:49:01 srv1 pdns[28609]: [0x45e9b7]
Feb 27 19:49:01 srv1 pdns[28609]: [0x460825]
Feb 27 19:49:01 srv1 pdns[28609]: [0x4e1244]
Feb 27 19:49:01 srv1 pdns[28609]: [0x65561a]
Feb 27 19:49:01 srv1 pdns[28609]: [0x741fa9]
Feb 27 19:49:01 srv1 pdns[28607]: Our pdns instance (28609) exited after 
signal 6
Feb 27 19:49:01 srv1 pdns[28607]: Respawning

I specifically checked that there is no such problem with Pipe backend 
only with Remote backend.

Any ideas?


Best regards,
Aleksey



From cmouse at youzen.ext.b2.fi  Sat Mar  2 10:05:15 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 12:05:15 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <513129CD.4060003@gmail.com>
References: <513129CD.4060003@gmail.com>
Message-ID: <20130302100514.GA9458@pi.ip.fi>

I'll have a look at this, can you please file a bug report at 

http://wiki.powerdns.com/trac

Regards,
Aki Tuomi

On Sat, Mar 02, 2013 at 12:21:01AM +0200, Aleksey Chudov wrote:
> Hello,
> 
> I encountered the following problem. When executing Remote backend
> (tested with Remote + socket, pipe and http) and distributor-threads
> parameter greater than 1 pdns_server process crash while performance
> testing.
> 
> Pdns was built on Debian 6.0.7
> 
> aptitude install libboost-program-options-dev
> libboost-serialization-dev liblua5.1-dev libz-dev
> wget http://downloads.powerdns.com/releases/pdns-3.2.tar.gz
> tar -xzf pdns-3.2.tar.gz
> cd pdns-3.2/
> ./configure --prefix=/usr --sysconfdir=/etc/powerdns
> --localstatedir=/var/run/pdns --libdir=/usr/lib/pdns
> --disable-shared --enable-static --enable-static-boost
> --enable-static-binaries --enable-pdns_server --disable-recursor
> --with-modules="pipe remote" --with-dynmodules=""
> make
> make install
> 
> 
> There is no errors when pdns_server starts with
> distributor-threads=1. Performance is quite good – 7k qps according
> to dnsperf statistics (32 instances of dnsperf simultaneously). But
> if I start pdns_server with distributor-threads greater than 1 and
> run more than one instance dnsperf simultaneously, the process
> crash.
> 
> log-level is set to 9 but only the following message is printed to log file
> 
> Feb 27 19:49:01 srv1 pdns[28609]: Got a signal 6, attempting to
> print trace:
> Feb 27 19:49:01 srv1 pdns[28609]: [0x49a720]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x6598d0]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x762f75]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x6f5b90]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x6f0ac5]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x42b227]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x47f202]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x4a5e41]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x456399]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x45e9b7]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x460825]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x4e1244]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x65561a]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x741fa9]
> Feb 27 19:49:01 srv1 pdns[28607]: Our pdns instance (28609) exited
> after signal 6
> Feb 27 19:49:01 srv1 pdns[28607]: Respawning
> 
> I specifically checked that there is no such problem with Pipe
> backend only with Remote backend.
> 
> Any ideas?
> 
> 
> Best regards,
> Aleksey
> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/f072a496/attachment.sig>

From cmouse at youzen.ext.b2.fi  Sat Mar  2 11:18:52 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 13:18:52 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130302100514.GA9458@pi.ip.fi>
References: <513129CD.4060003@gmail.com>
 <20130302100514.GA9458@pi.ip.fi>
Message-ID: <20130302111852.GA10522@pi.ip.fi>

> > Hello,
> > 
> > I encountered the following problem. When executing Remote backend
> > (tested with Remote + socket, pipe and http) and distributor-threads
> > parameter greater than 1 pdns_server process crash while performance
> > testing.
> > 
> > Pdns was built on Debian 6.0.7

Hi!

I tried with pdns-3.2 and svn head, and was unable to reproduce your problem.

Can you show me your remotebackend script, maybe? The one I used for testing
is at http://cmouse.desteem.org/remote.txt and dnsperf input was generated with

LC_ALL=C egrep '^[A-Za-z]+$' /usr/share/dict/american-english | awk '{ print $1 ".example.com A" }' > dnsperf.in

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/03d35b6e/attachment.sig>

From cmouse at youzen.ext.b2.fi  Sat Mar  2 11:51:18 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 13:51:18 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130302111852.GA10522@pi.ip.fi>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi>
Message-ID: <20130302115118.GB10522@pi.ip.fi>

On Sat, Mar 02, 2013 at 01:18:52PM +0200, Aki Tuomi wrote:
> > > Hello,
> > > 
> > > I encountered the following problem. When executing Remote backend
> > > (tested with Remote + socket, pipe and http) and distributor-threads
> > > parameter greater than 1 pdns_server process crash while performance
> > > testing.
> > > 
> > > Pdns was built on Debian 6.0.7
> 
> Hi!
> 
> I tried with pdns-3.2 and svn head, and was unable to reproduce your problem.
> 
> Can you show me your remotebackend script, maybe? The one I used for testing
> is at http://cmouse.desteem.org/remote.txt and dnsperf input was generated with
> 
> LC_ALL=C egrep '^[A-Za-z]+$' /usr/share/dict/american-english | awk '{ print $1 ".example.com A" }' > dnsperf.in
> 
> Aki

Also, please recompile with CFLAGS="-g -O3" CXXFLAGS="-g -O3" to ensure that
debugging symbols get inserted and the stack trace will be more helpful. 

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/5f736303/attachment.sig>

From aleksey.chudov at gmail.com  Sat Mar  2 14:14:16 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Sat, 02 Mar 2013 16:14:16 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130302111852.GA10522@pi.ip.fi>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi>
Message-ID: <51320938.5010906@gmail.com>

On 02.03.2013 13:18, Aki Tuomi wrote:
> I'll have a look at this, can you please file a bug report at
> http://wiki.powerdns.com/trac

Suggest to make sure it is really a bug and not my fault.

> Can you show me your remotebackend script, maybe?

Does not matter. I can reproduce the problem with yours 
http://cmouse.desteem.org/remote.txt

> I tried with pdns-3.2 and svn head, and was unable to reproduce your problem.

Below is the exact commands of how I can reproduce the problem on my 
clean Debian virtual machine

# Upgrade the system

aptitude update
aptitude full-upgrade


# Build and install PowerDNS

aptitude install build-essential libboost-program-options-dev 
libboost-serialization-dev liblua5.1-0-dev zlib1g-dev
cd /usr/src/
wget http://downloads.powerdns.com/releases/pdns-3.2.tar.gz
tar -xzf pdns-3.2.tar.gz
cd pdns-3.2/
CFLAGS="-g -O3" CXXFLAGS="-g -O3" ./configure --prefix=/usr/local/pdns 
--disable-shared --enable-static --enable-static-boost 
--enable-static-binaries --enable-pdns_server --disable-recursor 
--with-modules="pipe remote" --with-dynmodules=""
make
make install


# Install Remote backend script

aptitude install ruby rubygems libjson-ruby
wget http://cmouse.desteem.org/remote.txt -O /usr/local/pdns/etc/remote.rb
chmod +x /usr/local/pdns/etc/remote.rb


# Start and test PowerDNS

/usr/sbin/groupadd -r pdns
/usr/sbin/useradd -g pdns -s /bin/false -r -c "PowerDNS daemon" -d 
/var/run/pdns pdns

/usr/local/pdns/sbin/pdns_server --daemon --guardian=yes --cache-ttl=0 
--distributor-threads=7 --launch=remote --local-ipv6= 
--log-dns-details=yes --log-failed-updates=yes --loglevel=4 
--query-cache-ttl=0 --query-local-address6= --setgid=pdns --setuid=pdns 
--socket-dir=/var/run/pdns --version-string=anonymous 
--remote-connection-string=pipe:command=/usr/local/pdns/etc/remote.rb

dig @localhost xxx.example.com. A


# Build and install dnsperf

aptitude install libbind-dev libkrb5-dev libssl-dev libcap-dev libxml2-dev
cd /usr/src/
wget 
ftp://ftp.nominum.com/pub/nominum/dnsperf/1.0.1.0/dnsperf-src-1.0.1.0-1.tar.gz
tar -xzf dnsperf-src-1.0.1.0-1.tar.gz
cd dnsperf-src-1.0.1.0-1/
./configure --prefix=/usr/local/dnsperf
make
make install


# Start performance test

LC_ALL=C egrep '^[A-Za-z]+$' /usr/share/dict/american-english | awk '{ 
print $1 ".example.com A" }' > /usr/local/dnsperf/dnsperf.in
/usr/local/dnsperf/bin/dnsperf -d /usr/local/dnsperf/dnsperf.in -s 
localhost -f inet -l 300


# PowerDNS crash :(


Regards,
Aleksey


From cmouse at youzen.ext.b2.fi  Sat Mar  2 14:28:09 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 16:28:09 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <51320938.5010906@gmail.com>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
Message-ID: <20130302142809.GA12483@pi.ip.fi>

On Sat, Mar 02, 2013 at 04:14:16PM +0200, Aleksey Chudov wrote:
> On 02.03.2013 13:18, Aki Tuomi wrote:
> >I'll have a look at this, can you please file a bug report at
> >http://wiki.powerdns.com/trac
> 
> Suggest to make sure it is really a bug and not my fault.
> 
> >Can you show me your remotebackend script, maybe?
> 
> Does not matter. I can reproduce the problem with yours
> http://cmouse.desteem.org/remote.txt
> 
> >I tried with pdns-3.2 and svn head, and was unable to reproduce your problem.
> 
> Regards,
> Aleksey

Did the crash give any usable stack trace or core file which you could
inspect with gdb? 

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/03f694c7/attachment.sig>

From barney+powerdns at lucidnetworks.co.uk  Sat Mar  2 17:10:18 2013
From: barney+powerdns at lucidnetworks.co.uk (Barney Sowood)
Date: Sat, 2 Mar 2013 17:10:18 +0000
Subject: [Pdns-users] pdns master fails to send notify due to error parsing
	SOA record
Message-ID: <20130302171017.GB8314@lucidnetworks.co.uk>

Hi,

I'm running pdns with the generic postgresql backend. I converted
zones from bind using zone2sql and I'm successfuly serving data.

I'm using pdns as a master and have several bind slaves. The slaves
can successfully do an AXFR. They'll also recieve a NOTIFY if I run
"pdns_control <zone>". However, when I update the SOA of a zone, no
notify is generated and the following message is logged -

Mar  2 17:04:34 XXXXXX pdns[24518]: Exception: Parsing record
content: while parsing IP address, expected digits at position 0 in
'nameserver1.hosted.lucidnetworks.co.uk dns-admin.lucidnetworks.co.uk
2013030201 86400 3600 3600000 3600'
Mar  2 17:04:34 XXXXXX pdns[24518]: TCP Connection Thread died
because of STL error: Parsing record content: while parsing IP
address, expected digits at position 0 in
'nameserver1.hosted.lucidnetworks.co.uk dns-admin.lucidnetworks.co.uk
2013030201 86400 3600 3600000 3600'

Config as follows -

allow-axfr-ips=xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
disable-axfr=no
master=yes

I'm running packages from debian stable, 2.9.22-8+squeeze1 to be
precise.

I can't see any relevant Debian bugs filed. Can anyone point me in the
right direction for resolving this?

Thanks,

Barney.


From aleksey.chudov at gmail.com  Sat Mar  2 17:32:28 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Sat, 02 Mar 2013 19:32:28 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130302142809.GA12483@pi.ip.fi>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
	<20130302142809.GA12483@pi.ip.fi>
Message-ID: <513237AC.5070705@gmail.com>

On 02.03.2013 16:28, Aki Tuomi wrote:
> Did the crash give any usable stack trace or core file which you could
> inspect with gdb?

I'm not sure exactly where I can find the core file. There is no any new 
files in the current, root and /usr/local/pdns directories.

There is no additional information in the server log files other than 
what I have already sent in my first letter.


Mar  2 18:06:14 srv1 pdns[17019]: Got a signal 11, attempting to print 
trace:
Mar  2 18:06:14 srv1 pdns[17019]: Got a signal 6, attempting to print 
trace:
Mar  2 18:06:14 srv1 pdns[17019]: Got a signal 11, attempting to print 
trace:
Mar  2 18:06:14 srv1 pdns[17019]: Got a signal 6, attempting to print 
trace:
Mar  2 18:06:14 srv1 pdns[17019]: [0x478350]
Mar  2 18:06:14 srv1 pdns[17019]: [0x61c710]
Mar  2 18:06:14 srv1 pdns[17019]: [0x409d64]
Mar  2 18:06:14 srv1 pdns[17019]: [0x45b072]
Mar  2 18:06:14 srv1 pdns[17019]: [0x483e21]
Mar  2 18:06:14 srv1 pdns[17019]: [0x42fa39]
Mar  2 18:06:14 srv1 pdns[17019]: [0x43a278]
Mar  2 18:06:14 srv1 pdns[17019]: [0x43bfd5]
Mar  2 18:06:14 srv1 pdns[17019]: [0x4bf594]
Mar  2 18:06:14 srv1 pdns[17019]: [0x478350]
Mar  2 18:06:14 srv1 pdns[17019]: [0x61c710]
Mar  2 18:06:14 srv1 pdns[17019]: [0x68e335]
Mar  2 18:06:14 srv1 pdns[17019]: [0x624810]
Mar  2 18:06:14 srv1 pdns[17019]: [0x61f7e5]
Mar  2 18:06:14 srv1 pdns[17019]: [0x40a467]
Mar  2 18:06:14 srv1 pdns[17019]: [0x4809f1]
Mar  2 18:06:14 srv1 pdns[17019]: [0x482d11]
Mar  2 18:06:14 srv1 pdns[17019]: [0x43a535]
Mar  2 18:06:14 srv1 pdns[17019]: [0x43bfd5]
Mar  2 18:06:14 srv1 pdns[17019]: [0x4bf594]
Mar  2 18:06:14 srv1 pdns[17019]: [0x61700a]
Mar  2 18:06:14 srv1 pdns[17019]: [0x66fa69]
Mar  2 18:06:15 srv1 pdns[17017]: Our pdns instance (17019) exited after 
signal 6
Mar  2 18:06:15 srv1 pdns[17017]: Respawning


Have you tried to reproduce the problem using the commands that I sent 
in the previous letter?

Aleksey



From cmouse at youzen.ext.b2.fi  Sat Mar  2 17:35:32 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 19:35:32 +0200
Subject: [Pdns-users] pdns master fails to send notify due to error
 parsing SOA record
In-Reply-To: <20130302171017.GB8314@lucidnetworks.co.uk>
References: <20130302171017.GB8314@lucidnetworks.co.uk>
Message-ID: <20130302173532.GB13880@pi.ip.fi>

On Sat, Mar 02, 2013 at 05:10:18PM +0000, Barney Sowood wrote:
> Hi,
> 
> I'm running pdns with the generic postgresql backend. I converted
> zones from bind using zone2sql and I'm successfuly serving data.
> 
> I'm using pdns as a master and have several bind slaves. The slaves
> can successfully do an AXFR. They'll also recieve a NOTIFY if I run
> "pdns_control <zone>". However, when I update the SOA of a zone, no
> notify is generated and the following message is logged -
> 
> Mar  2 17:04:34 XXXXXX pdns[24518]: Exception: Parsing record
> content: while parsing IP address, expected digits at position 0 in
> 'nameserver1.hosted.lucidnetworks.co.uk dns-admin.lucidnetworks.co.uk
> 2013030201 86400 3600 3600000 3600'

Hi!

First of all, upgrade your servers, 2.9.22 is damn old and has bugs. 

Secondly, the error means that you have A record with SOA content. 

Aki Tuomi

> Barney.
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/86319098/attachment.sig>

From cmouse at youzen.ext.b2.fi  Sat Mar  2 17:37:07 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 19:37:07 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <513237AC.5070705@gmail.com>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
	<20130302142809.GA12483@pi.ip.fi> <513237AC.5070705@gmail.com>
Message-ID: <20130302173707.GC13880@pi.ip.fi>

On Sat, Mar 02, 2013 at 07:32:28PM +0200, Aleksey Chudov wrote:
> On 02.03.2013 16:28, Aki Tuomi wrote:
> >Did the crash give any usable stack trace or core file which you could
> >inspect with gdb?
> 
> I'm not sure exactly where I can find the core file. There is no any
> new files in the current, root and /usr/local/pdns directories.
> 
> There is no additional information in the server log files other
> than what I have already sent in my first letter.
> 
> Have you tried to reproduce the problem using the commands that I
> sent in the previous letter?
> 
> Aleksey
> 
>

Nope, I'll have to install debian6 virtual machine then. I'll get back to you. 

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/038a720d/attachment.sig>

From aleksey.chudov at gmail.com  Sat Mar  2 18:10:52 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Sat, 02 Mar 2013 20:10:52 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130302173707.GC13880@pi.ip.fi>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
	<20130302142809.GA12483@pi.ip.fi> <513237AC.5070705@gmail.com>
	<20130302173707.GC13880@pi.ip.fi>
Message-ID: <513240AC.1040305@gmail.com>

On 02.03.2013 19:37, Aki Tuomi wrote:
> On Sat, Mar 02, 2013 at 07:32:28PM +0200, Aleksey Chudov wrote:
>> Have you tried to reproduce the problem using the commands that I
>> sent in the previous letter?
> Nope, I'll have to install debian6 virtual machine then. I'll get back to you.

I tried to build PowerDNS dynamically rather than statically using the 
following command

CFLAGS="-g -O3" CXXFLAGS="-g -O3" ./configure --prefix=/usr/local/pdns 
--enable-pdns_server --disable-recursor --with-modules="pipe remote" 
--with-dynmodules=""

Actually I need a static binary because I plan to use it on my old 
server where I can't build PowerDNS directly because a lot of 
dependencies. But it does not matter for the test.

In this case PowerDNS process has crashed but there were more 
informative log messages.

Mar  2 21:59:54 srv1 pdns[18686]: Got a signal 6, attempting to print 
trace:
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance() [0x4c9490]
Mar  2 21:59:54 srv1 pdns[18686]: /lib/libc.so.6(+0x32230) [0x7ffd2efb7230]
Mar  2 21:59:54 srv1 pdns[18686]: /lib/libc.so.6(gsignal+0x35) 
[0x7ffd2efb71b5]
Mar  2 21:59:54 srv1 pdns[18686]: /lib/libc.so.6(abort+0x180) 
[0x7ffd2efb9fc0]
Mar  2 21:59:54 srv1 pdns[18686]: /lib/libc.so.6(__assert_fail+0xf1) 
[0x7ffd2efb0301]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN13RemoteBackend3getER17DNSResourceRecord+0x757) 
[0x45b5a7]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN10DNSBackend6getSOAERKSsR7SOADataP9DNSPacket+0xe2) 
[0x4ac1b2]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN12UeberBackend6getSOAERKSsR7SOADataP9DNSPacket+0xb1) 
[0x4d4f61]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN13PacketHandler7getAuthEP9DNSPacketP7SOADataRKSsPi+0x49) 
[0x480b79]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN13PacketHandler17questionOrRecurseEP9DNSPacketPb+0xb98) 
[0x48b3b8]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN13PacketHandler8questionEP9DNSPacket+0x65) 
[0x48d115]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN11DistributorI9DNSPacketS0_13PacketHandlerE10makeThreadEPv+0x194) 
[0x5106d4]
Mar  2 21:59:54 srv1 pdns[18686]: /lib/libpthread.so.0(+0x68ca) 
[0x7ffd2f2ed8ca]
Mar  2 21:59:54 srv1 pdns[18686]: /lib/libc.so.6(clone+0x6d) 
[0x7ffd2f054b6d]
Mar  2 21:59:54 srv1 pdns[18622]: Our pdns instance (18686) exited after 
signal 6
Mar  2 21:59:54 srv1 pdns[18622]: Respawning


Aleksey


From cmouse at youzen.ext.b2.fi  Sat Mar  2 18:46:09 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 20:46:09 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <513240AC.1040305@gmail.com>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
	<20130302142809.GA12483@pi.ip.fi> <513237AC.5070705@gmail.com>
	<20130302173707.GC13880@pi.ip.fi> <513240AC.1040305@gmail.com>
Message-ID: <20130302184609.GA14771@pi.ip.fi>

On Sat, Mar 02, 2013 at 08:10:52PM +0200, Aleksey Chudov wrote:
> On 02.03.2013 19:37, Aki Tuomi wrote:
> >On Sat, Mar 02, 2013 at 07:32:28PM +0200, Aleksey Chudov wrote:
> >>Have you tried to reproduce the problem using the commands that I
> >>sent in the previous letter?
> >Nope, I'll have to install debian6 virtual machine then. I'll get back to you.
> 
> I tried to build PowerDNS dynamically rather than statically using
> the following command
> 
> CFLAGS="-g -O3" CXXFLAGS="-g -O3" ./configure
> --prefix=/usr/local/pdns --enable-pdns_server --disable-recursor
> --with-modules="pipe remote" --with-dynmodules=""
> 
> Actually I need a static binary because I plan to use it on my old
> server where I can't build PowerDNS directly because a lot of
> dependencies. But it does not matter for the test.
> 
> In this case PowerDNS process has crashed but there were more
> informative log messages.
> 

This is a bug that has been fixed in svn, by ticket #697. I tried to use the
patch on the ticket but it seems not to go clean into pdns. If you want, you
can just use the remotebackend in svn head. Please download the relevant code
from http://cmouse.desteem.org/remotebackend-rev-3109.tar.bz2, I took this from
powerdns repository for you. I wasn't able to reproduce the bug after this. 

Aki Tuomi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/01090dd8/attachment.sig>

From peter.van.dijk at netherlabs.nl  Sat Mar  2 22:16:59 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Sat, 2 Mar 2013 23:16:59 +0100
Subject: [Pdns-users] Reverse DNS
In-Reply-To: <CAAWNVq9iw6y=inPfo-OAkgr4kTx3FifbJWTKqo7eObiWxugoew@mail.gmail.com>
References: <mailman.1.1362135601.15960.pdns-users@mailman.powerdns.com>
	<20130301135247.GA21435@usenet-verwaltung.de>
	<E9136540-2D6A-467A-814E-04834CE380DC@netherlabs.nl>
	<CAAWNVq9iw6y=inPfo-OAkgr4kTx3FifbJWTKqo7eObiWxugoew@mail.gmail.com>
Message-ID: <7259F6BA-244F-48BD-8098-08C23D7EECBE@netherlabs.nl>

Hello Peter,

On Mar 1, 2013, at 16:02 , Peter Gervai wrote:

> On Fri, Mar 1, 2013 at 3:50 PM, Peter van Dijk
> <peter.van.dijk at netherlabs.nl> wrote:
>> This 'common practice' is broken, ugly and unnecessary.
> 
> What are the alternatives?


Delegating at the /32 boundary.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From aleksey.chudov at gmail.com  Sun Mar  3 10:51:02 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Sun, 03 Mar 2013 12:51:02 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130302184609.GA14771@pi.ip.fi>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
	<20130302142809.GA12483@pi.ip.fi> <513237AC.5070705@gmail.com>
	<20130302173707.GC13880@pi.ip.fi> <513240AC.1040305@gmail.com>
	<20130302184609.GA14771@pi.ip.fi>
Message-ID: <51332B16.3030906@gmail.com>

On 02.03.2013 20:46, Aki Tuomi wrote:
> This is a bug that has been fixed in svn, by ticket #697. I tried to use the
> patch on the ticket but it seems not to go clean into pdns. If you want, you
> can just use the remotebackend in svn head. Please download the relevant code
> from http://cmouse.desteem.org/remotebackend-rev-3109.tar.bz2, I took this from
> powerdns repository for you. I wasn't able to reproduce the bug after this.

I built PowerDNS with fixed remote backend using the same commands as 
earlier.

This time the test is successful without program crash. But after a 
short time the process has used all available memory and swap.

Mem:   4063148k total,  4032560k used,    30588k free,      392k buffers
Swap:  1914872k total,  1437628k used,   477244k free,    10552k cached

   PID USER      PR  NI  VIRT  SHR SWAP  RES S %CPU %MEM    TIME+  COMMAND
  9811 pdns      20   0 5462m 1204 1.6g 3.7g S  201 96.0  18:10.02 
pdns_server

It is seems like a memory leak.

Aleksey



From cmouse at youzen.ext.b2.fi  Sun Mar  3 12:33:45 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sun, 3 Mar 2013 14:33:45 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <51332B16.3030906@gmail.com>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
	<20130302142809.GA12483@pi.ip.fi> <513237AC.5070705@gmail.com>
	<20130302173707.GC13880@pi.ip.fi> <513240AC.1040305@gmail.com>
	<20130302184609.GA14771@pi.ip.fi> <51332B16.3030906@gmail.com>
Message-ID: <20130303123345.GA20601@pi.ip.fi>

On Sun, Mar 03, 2013 at 12:51:02PM +0200, Aleksey Chudov wrote:
> On 02.03.2013 20:46, Aki Tuomi wrote:
> >This is a bug that has been fixed in svn, by ticket #697. I tried to use the
> >patch on the ticket but it seems not to go clean into pdns. If you want, you
> >can just use the remotebackend in svn head. Please download the relevant code
> >from http://cmouse.desteem.org/remotebackend-rev-3109.tar.bz2, I took this from
> >powerdns repository for you. I wasn't able to reproduce the bug after this.
> 
> I built PowerDNS with fixed remote backend using the same commands
> as earlier.
> 
> This time the test is successful without program crash. But after a
> short time the process has used all available memory and swap.
> 
> Mem:   4063148k total,  4032560k used,    30588k free,      392k buffers
> Swap:  1914872k total,  1437628k used,   477244k free,    10552k cached
> 
>   PID USER      PR  NI  VIRT  SHR SWAP  RES S %CPU %MEM    TIME+  COMMAND
>  9811 pdns      20   0 5462m 1204 1.6g 3.7g S  201 96.0  18:10.02
> pdns_server
> 
> It is seems like a memory leak.
> 
> Aleksey
> 
>

I'll run it against valgrind and see what I can find. Thanks. 

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130303/c52d7c64/attachment.sig>

From cmouse at youzen.ext.b2.fi  Sun Mar  3 17:05:12 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sun, 3 Mar 2013 19:05:12 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130303123345.GA20601@pi.ip.fi>
References: <20130302100514.GA9458@pi.ip.fi> <20130302111852.GA10522@pi.ip.fi>
	<51320938.5010906@gmail.com> <20130302142809.GA12483@pi.ip.fi>
	<513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
Message-ID: <20130303170512.GA22165@pi.ip.fi>

Ok. I found out the memory leak, it was due to way rapidjson behaves. I have
tested this patch extensively myself and was able to fix the memory leak
and did not observe crashes either. Can you, however, please try this out. 
If it works, I'll submit this patch to pdns. If you have opened a ticket, can
you please tell me the number?  

patch at http://cmouse.desteem.org/20130303_remotebackend_fix_memleak.patch

please apply it to the svn revision of remotebackend.

Regars,
Aki Tuomi

On Sun, Mar 03, 2013 at 02:33:45PM +0200, Aki Tuomi wrote:
> On Sun, Mar 03, 2013 at 12:51:02PM +0200, Aleksey Chudov wrote:
> > On 02.03.2013 20:46, Aki Tuomi wrote:
> > >This is a bug that has been fixed in svn, by ticket #697. I tried to use the
> > >patch on the ticket but it seems not to go clean into pdns. If you want, you
> > >can just use the remotebackend in svn head. Please download the relevant code
> > >from http://cmouse.desteem.org/remotebackend-rev-3109.tar.bz2, I took this from
> > >powerdns repository for you. I wasn't able to reproduce the bug after this.
> > 
> > I built PowerDNS with fixed remote backend using the same commands
> > as earlier.
> > 
> > This time the test is successful without program crash. But after a
> > short time the process has used all available memory and swap.
> > 
> > Mem:   4063148k total,  4032560k used,    30588k free,      392k buffers
> > Swap:  1914872k total,  1437628k used,   477244k free,    10552k cached
> > 
> >   PID USER      PR  NI  VIRT  SHR SWAP  RES S %CPU %MEM    TIME+  COMMAND
> >  9811 pdns      20   0 5462m 1204 1.6g 3.7g S  201 96.0  18:10.02
> > pdns_server
> > 
> > It is seems like a memory leak.
> > 
> > Aleksey
> > 
> >
> 
> I'll run it against valgrind and see what I can find. Thanks. 
> 
> Aki



> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130303/fd026012/attachment.sig>

From aleksey.chudov at gmail.com  Mon Mar  4 09:24:45 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Mon, 04 Mar 2013 11:24:45 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130303170512.GA22165@pi.ip.fi>
References: <20130302100514.GA9458@pi.ip.fi> <20130302111852.GA10522@pi.ip.fi>
	<51320938.5010906@gmail.com> <20130302142809.GA12483@pi.ip.fi>
	<513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi>
Message-ID: <5134685D.5030705@gmail.com>

On 03.03.2013 19:05, Aki Tuomi wrote:
> Ok. I found out the memory leak, it was due to way rapidjson behaves. I havethat's the ticket
> tested this patch extensively myself and was able to fix the memory leak
> and did not observe crashes either. Can you, however, please try this out.
> If it works, I'll submit this patch to pdns. If you have opened a ticket, can
> you please tell me the number?
>
> patch at http://cmouse.desteem.org/20130303_remotebackend_fix_memleak.patch
>
> please apply it to the svn revision of remotebackend.

Hi,

I tested PowerDNS with your patch and it seems that the problem is 
fixed. Thank you.

And here is the ticket http://wiki.powerdns.com/trac/ticket/712

Aleksey


From drabantus at gmail.com  Wed Mar  6 12:48:01 2013
From: drabantus at gmail.com (Fredrik Dahlberg)
Date: Wed, 6 Mar 2013 13:48:01 +0100
Subject: [Pdns-users] Problem with how PowerDNS answers when not
	authoritative.
Message-ID: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>

Hello,

I have a situation where PowerDNS Authoritative server answers queries
differently from how BIND does it, when it is not authoritative for a zone.

PowerDNS (3.2):
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59699
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

BIND (9.7.3):
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 16419
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

The problem is that resolvers seem to treat this as a final answer, and
won't proceed to the next server.

Microsoft DNS (6.1):
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42689
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

BIND (9.8.4):
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57604
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

This creates a lot of problems where for example zone transfers fail, and
for example customer mail bounces because the sending mail server believes
there is no MX record.

Any clues on how to solve this?

Thanks,
//Fredrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130306/384f1f38/attachment.html>

From bert.hubert at netherlabs.nl  Wed Mar  6 13:00:50 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Wed, 6 Mar 2013 14:00:50 +0100
Subject: [Pdns-users] Problem with how PowerDNS answers when not
 authoritative.
In-Reply-To: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>
References: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>
Message-ID: <20130306130050.GA9691@xs.powerdns.com>

On Wed, Mar 06, 2013 at 01:48:01PM +0100, Fredrik Dahlberg wrote:
> Hello,
> 
> I have a situation where PowerDNS Authoritative server answers queries
> differently from how BIND does it, when it is not authoritative for a zone.
> 
> PowerDNS (3.2):
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59699
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available

This is weird, and unlikely to be the whole story. PowerDNS will supply
different answers based on the 'send-root-referral' setting. This may help you, 

send-root-referral | --send-root-referral=yes | --send-root-referral=no |
--send-root-referral=lean
If set, PowerDNS will send out old-fashioned root-referrals when queried for
domains for which it is not authoritative. Wastes some bandwidth but may
solve incoming query floods if domains are delegated to you for which you
are not authoritative, but which are queried by broken recursors. Available
since version 2.9.19.

Since version 2.9.21, it is possible to specify 'lean' root referrals, which
waste less bandwidth.


> The problem is that resolvers seem to treat this as a final answer, and
> won't proceed to the next server.

You might want to double check if you don't have a '.' or '' zone in your
database which might be confusing PowerDNS.

	Bert



From aleksey.chudov at gmail.com  Wed Mar  6 14:01:47 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Wed, 06 Mar 2013 16:01:47 +0200
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <20130303170512.GA22165@pi.ip.fi>
References: <20130302100514.GA9458@pi.ip.fi> <20130302111852.GA10522@pi.ip.fi>
	<51320938.5010906@gmail.com> <20130302142809.GA12483@pi.ip.fi>
	<513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi>
Message-ID: <51374C4B.8000402@gmail.com>

Hello,

I have a custom written Java application which I would like to use as a 
PowerDNS backend. After examining documentation I have come to the 
conclusion that Pipe and Remote backends suitable for my needs.

Because of the java application architecture is difficult to use it 
through the pipe. So, to compare the performance of different backends, 
I asked our programmers to implement in our java application support for 
Pipe protocol over unix socket and Remote protocol over unix socket and 
Remote over http.

Unfortunately In the current implementation PowerDNS Pipe can not pass 
parameters to the application. So I had to change coprocess.cc code to 
connect from PowerDNS Pipe and Remote Pipe to the unix socket using 
socat binary.

--- pdns-3.2.orig/modules/pipebackend/coprocess.cc    2013-01-17 
13:16:53.000000000 +0400
+++ pdns-3.2/modules/pipebackend/coprocess.cc    2013-03-02 
15:12:04.415022452 +0400
@@ -9,12 +9,20 @@
  #include <sys/wait.h>
  #include <pdns/misc.hh>
  #include <pdns/ahuexception.hh>
+#include <boost/algorithm/string.hpp>
+#include <vector>

  CoProcess::CoProcess(const string &command,int timeout, int infd, int 
outfd)
  {
-  const char *argv[2];
-  argv[0]=strdup(command.c_str());
-  argv[1]=0;
+  vector <string> v;
+
+  split(v, command, is_any_of(" "));
+
+  const char *argv[v.size()+1];
+
+  for (size_t n = 0; n < v.size(); n++)
+    argv[n]=strdup(v[n].c_str());
+  argv[v.size()]=0;

    launch(argv,timeout,infd,outfd);
  }


After making these changes it is possible to set one of the following 
parameter in the configuration file to test different backends

# For remote backend
remote-connection-string=http:url=http://127.0.0.1:8090/dnsapi
remote-connection-string=unix:path=/var/run/pdns/remote.sock
remote-connection-string=pipe:command=/usr/bin/socat stdio 
unix-connect:/var/run/pdns/remote.sock

# For pipe backend
pipe-command=/usr/bin/socat stdio unix-connect:/var/run/pdns/pipe.sock


All tests were conducted on a dedicated physical server with the 
following configuration
ETegro Hyperion RS130 G3 / 2x Intel E5620 @ 2.40GHz / 16GB RAM / 
PowerDNS + Pipe or Remote backend

PowerDNS running with the following configuration
cache-ttl=0
distributor-threads=1/7 (maximum performance achieved with 
distributor-threads = 7)
launch=remote/pipe
query-cache-ttl=0

16 dedicated physical servers are used as DNS clients. Each server 
running two instances of dnsperf with the following parameters
dnsperf -d dnsperf1.txt -s 1.1.1.1
dnsperf -d dnsperf2.txt -s 1.1.1.1

Content of dnsperf1.txt
test1.example.com. A

Content of dnsperf2.txt
test2.example.com. A

Results
|PowerDNS Backend|Threads|Transaction rate|
|PowerDNS 3.2 + Remote HTTP|1|1700|
|PowerDNS 3.2 + Remote HTTP|7|8973|
|PowerDNS 3.2 + Remote Socket|1|7043|
|PowerDNS 3.2 + Remote Socket|7|28205|
|PowerDNS 3.2 + Remote Pipe + Socat|1|4215|
|PowerDNS 3.2 + Remote Pipe + Socat|7|15898|
|PowerDNS 3.2 + Pipe + Socat|1|4786|
|PowerDNS 3.2 + Pipe + Socat|7|25926|

As seen the fastest backend is Remote over unix socket.

If compare Pipe + Socat and Remote Pipe + Socat the second is much 
slower. It can be concluded that the Pipe protocol is the fastest. This 
is logical because Pipe protocol is simpler than Remote protocol.

In connection with the above, I have a few questions.

Can someone of PowerDNS developers implement support for passing 
parameters to pipe:command and pipe-command? (example above)
Can someone of PowerDNS developers implement support for pipe protocol 
over unix socket? (as already implemented for remote protocol)

Regards,
Aleksey


From cmouse at youzen.ext.b2.fi  Wed Mar  6 14:22:18 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 6 Mar 2013 16:22:18 +0200
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <51374C4B.8000402@gmail.com>
References: <51320938.5010906@gmail.com> <20130302142809.GA12483@pi.ip.fi>
	<513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
Message-ID: <20130306142218.GA11129@pi.ip.fi>

> --- pdns-3.2.orig/modules/pipebackend/coprocess.cc    2013-01-17
> 13:16:53.000000000 +0400
> +++ pdns-3.2/modules/pipebackend/coprocess.cc    2013-03-02
> 15:12:04.415022452 +0400
> @@ -9,12 +9,20 @@
>  #include <sys/wait.h>
>  #include <pdns/misc.hh>
>  #include <pdns/ahuexception.hh>
> +#include <boost/algorithm/string.hpp>
> +#include <vector>
> 
>  CoProcess::CoProcess(const string &command,int timeout, int infd,
> int outfd)
>  {
> -  const char *argv[2];
> -  argv[0]=strdup(command.c_str());
> -  argv[1]=0;
> +  vector <string> v;
> +
> +  split(v, command, is_any_of(" "));
> +
> +  const char *argv[v.size()+1];
> +
> +  for (size_t n = 0; n < v.size(); n++)
> +    argv[n]=strdup(v[n].c_str());
> +  argv[v.size()]=0;
> 
>    launch(argv,timeout,infd,outfd);
>  }
> 

Could you please open a ticket about the patch above so we could get it
included in to powerdns, it looks really useful to me. +1

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130306/f9232f4d/attachment.sig>

From aleksey.chudov at gmail.com  Wed Mar  6 15:42:54 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Wed, 06 Mar 2013 17:42:54 +0200
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <20130306142218.GA11129@pi.ip.fi>
References: <51320938.5010906@gmail.com> <20130302142809.GA12483@pi.ip.fi>
	<513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi>
Message-ID: <513763FE.8070405@gmail.com>

On 06.03.2013 16:22, Aki Tuomi wrote:
> Could you please open a ticket about the patch above so we could get 
> it included in to powerdns, it looks really useful to me. +1 Aki

Ticket opened http://wiki.powerdns.com/trac/ticket/714


And what do you think about the implementation of Pipe protocol over 
unix socket?

Aleksey


From bert.hubert at netherlabs.nl  Wed Mar  6 15:45:59 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Wed, 6 Mar 2013 16:45:59 +0100
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <513763FE.8070405@gmail.com>
References: <513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi> <513763FE.8070405@gmail.com>
Message-ID: <20130306154558.GB16745@xs.powerdns.com>

On Wed, Mar 06, 2013 at 05:42:54PM +0200, Aleksey Chudov wrote:
> On 06.03.2013 16:22, Aki Tuomi wrote:
> >Could you please open a ticket about the patch above so we could
> >get it included in to powerdns, it looks really useful to me. +1
> >Aki
> 
> Ticket opened http://wiki.powerdns.com/trac/ticket/714
> 
> 
> And what do you think about the implementation of Pipe protocol over
> unix socket?


Hi Aleksey,

We're looking into it right now, it seems a worthwhile idea that should not
be too hard to implement.

One thing I wonder about - why is it hard to do pipe to your java platform?
Is it hard to launch the JRE from PowerDNS?

Thank you for opening the ticket, it is the best way to get us to merge
things ;-)

	Bert

-- 
PowerDNS Website: http://www.powerdns.com/
PowerDNS Community Website: http://wiki.powerdns.com/
PowerDNS is supported and developed by Netherlabs: http://www.netherlabs.nl


From aleksey.chudov at gmail.com  Wed Mar  6 16:05:39 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Wed, 06 Mar 2013 18:05:39 +0200
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <20130306154558.GB16745@xs.powerdns.com>
References: <513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi> <513763FE.8070405@gmail.com>
	<20130306154558.GB16745@xs.powerdns.com>
Message-ID: <51376953.5040907@gmail.com>

On 06.03.2013 17:45, bert hubert wrote:
> On Wed, Mar 06, 2013 at 05:42:54PM +0200, Aleksey Chudov wrote:
>> And what do you think about the implementation of Pipe protocol over
>> unix socket?
> We're looking into it right now, it seems a worthwhile idea that should not
> be too hard to implement.
>
> One thing I wonder about - why is it hard to do pipe to your java platform?
> Is it hard to launch the JRE from PowerDNS?

I discussed it with our developers.

There is several problems if launch JVM directly from PowerDNS
1. multiple independent JVM processes consume much more memory
2. our application checks the status of the remote servers. So, when run 
multiple instances the number of tests increases respectively and/or we 
need to synchronize instances with each other. This complicates the program
3. currently we use the JVM stdout for logging. it is convenient and 
work for all our applications

I could probably think of some more examples of why we would like to use 
a single JVM application per server and unix socket for communication 
with PowerDNS :)

Aleksey


From drabantus at gmail.com  Wed Mar  6 16:33:04 2013
From: drabantus at gmail.com (Fredrik Dahlberg)
Date: Wed, 6 Mar 2013 17:33:04 +0100
Subject: [Pdns-users] Problem with how PowerDNS answers when not
	authoritative.
In-Reply-To: <20130306130050.GA9691@xs.powerdns.com>
References: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>
	<20130306130050.GA9691@xs.powerdns.com>
Message-ID: <CALyJE0a9DWdW4n_SHAAA8bFQ91H4N_rn8gUihoytUhbwc93HCw@mail.gmail.com>

On Wed, Mar 6, 2013 at 2:00 PM, bert hubert <bert.hubert at netherlabs.nl>wrote:

> send-root-referral | --send-root-referral=yes | --send-root-referral=no |
> --send-root-referral=lean
>

Thanks, this appears to have solved my problem.

>
>
> > The problem is that resolvers seem to treat this as a final answer, and
> > won't proceed to the next server.
>
> You might want to double check if you don't have a '.' or '' zone in your
> database which might be confusing PowerDNS.
>

Nothing like that in the database. Is PowerDNS supposed to answer with
NOERROR, or with REFUSED like BIND? Even if there may be nothing wrong with
PowerDNS's answer, it seems to me that a lot of common resolvers can't
handle it.

//Fredrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130306/1781bbb9/attachment.html>

From peter.van.dijk at netherlabs.nl  Thu Mar  7 09:02:29 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Thu, 7 Mar 2013 10:02:29 +0100
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <51374C4B.8000402@gmail.com>
References: <20130302100514.GA9458@pi.ip.fi> <20130302111852.GA10522@pi.ip.fi>
	<51320938.5010906@gmail.com> <20130302142809.GA12483@pi.ip.fi>
	<513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
Message-ID: <534C406A-12C0-429B-8564-19D8A5FE63BC@netherlabs.nl>

Hello,

On Mar 6, 2013, at 15:01 , Aleksey Chudov wrote:
> 
> Unfortunately In the current implementation PowerDNS Pipe can not pass parameters to the application. So I had to change coprocess.cc code to connect from PowerDNS Pipe and Remote Pipe to the unix socket using socat binary.


Just as a side note, you could point pipe-command at a shell script that does 'exec yourbackend arg1 arg2 arg3' - but of course we will merge your patch or something like it.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From bert.hubert at netherlabs.nl  Thu Mar  7 10:16:58 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Thu, 7 Mar 2013 11:16:58 +0100
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <51376953.5040907@gmail.com>
References: <513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi> <513763FE.8070405@gmail.com>
	<20130306154558.GB16745@xs.powerdns.com>
	<51376953.5040907@gmail.com>
Message-ID: <20130307101658.GA28448@xs.powerdns.com>

On Wed, Mar 06, 2013 at 06:05:39PM +0200, Aleksey Chudov wrote:
> There is several problems if launch JVM directly from PowerDNS

Indeed, these are all very convincing. In revision 3111 you'll find a
version of PowerDNS that can connect to a UNIX socket if you feed one as the
pipe-command.

It also merges your split argument patch.

Revision 3111 can be compiled as tar.gz, rpm or deb from:
https://autotest.powerdns.com/

Can you test?
	
	Bert

> 1. multiple independent JVM processes consume much more memory
> 2. our application checks the status of the remote servers. So, when
> run multiple instances the number of tests increases respectively
> and/or we need to synchronize instances with each other. This
> complicates the program
> 3. currently we use the JVM stdout for logging. it is convenient and
> work for all our applications
> 
> I could probably think of some more examples of why we would like to
> use a single JVM application per server and unix socket for
> communication with PowerDNS :)
> 
> Aleksey
> 


From caruso at tiscali.com  Thu Mar  7 11:19:21 2013
From: caruso at tiscali.com (Mario Caruso)
Date: Thu, 7 Mar 2013 12:19:21 +0100
Subject: [Pdns-users] dyndns webapp
Message-ID: <20130307121921.7841f2df@uptheirons.ws.tiscali.sys>

Hello,
I'm afraid that this is not 100% in topic, but I'll give it a try and
face the consequences, I'm currently administering a pdns with
mysql backend and I was asked to setup it in order to receive 
dynamic dns updates using dyndns2 protocol (so updates should
came via authenticated http), so first option I though was to write
some php web application to handle this, but I'm wondering if we 
really need to re-invent the wheel, so are you aware of an already
existing application ? (something like 'proutdns' for bind or 'Oh Jasmin
Dynamic DNS' for djbdns).

thank you

Mario
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130307/d4093066/attachment.sig>

From jpmens.dns at gmail.com  Thu Mar  7 11:42:28 2013
From: jpmens.dns at gmail.com (Jan-Piet Mens)
Date: Thu, 7 Mar 2013 12:42:28 +0100
Subject: [Pdns-users] dyndns webapp
In-Reply-To: <20130307121921.7841f2df@uptheirons.ws.tiscali.sys>
References: <20130307121921.7841f2df@uptheirons.ws.tiscali.sys>
Message-ID: <20130307114228.GA43467@jmbp.ww.mens.de>

> mysql backend and I was asked to setup it in order to receive 
> dynamic dns updates using dyndns2 protocol (so updates should
> came via authenticated http)

I'm not aware of anything good, but it's pretty trivial to accomplish,
as you probably know: obtain the (authentic) data and INSERT/UPDATE your
MySQL back-end tables. :)

        -JP


From caruso at tiscali.com  Thu Mar  7 11:49:48 2013
From: caruso at tiscali.com (Mario Caruso)
Date: Thu, 7 Mar 2013 12:49:48 +0100
Subject: [Pdns-users] dyndns webapp
In-Reply-To: <20130307114228.GA43467@jmbp.ww.mens.de>
References: <20130307121921.7841f2df@uptheirons.ws.tiscali.sys>
	<20130307114228.GA43467@jmbp.ww.mens.de>
Message-ID: <20130307124948.110e5ce6@uptheirons.ws.tiscali.sys>

Il Thu, 7 Mar 2013 12:42:28 +0100
Jan-Piet Mens <jpmens.dns at gmail.com> ha scritto:

> > mysql backend and I was asked to setup it in order to receive 
> > dynamic dns updates using dyndns2 protocol (so updates should
> > came via authenticated http)
> 
> I'm not aware of anything good, but it's pretty trivial to accomplish,
> as you probably know: obtain the (authentic) data and INSERT/UPDATE your
> MySQL back-end tables. :)
> 
>         -JP

thanks JP that's exactly what I'm doing (even if I'm not a php expert)
I was just wondering if I'm reinventing the wheel :)

Mario
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130307/5cc03290/attachment.sig>

From peter.van.dijk at netherlabs.nl  Thu Mar  7 14:45:41 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Thu, 7 Mar 2013 15:45:41 +0100
Subject: [Pdns-users] Problem with how PowerDNS answers when not
	authoritative.
In-Reply-To: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>
References: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>
Message-ID: <4E14ED4A-813A-496B-8141-4695AE1E4138@netherlabs.nl>

Hello Fredrik,

On Mar 6, 2013, at 13:48 , Fredrik Dahlberg wrote:

> I have a situation where PowerDNS Authoritative server answers queries differently from how BIND does it, when it is not authoritative for a zone.
> 
> PowerDNS (3.2):
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59699
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available

Note the lack of 'aa' and the lack of SOA records in the AUTHORITY section. Both of these things mean a resolver should not draw any conclusions from this answer.


> Microsoft DNS (6.1):
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42689
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> BIND (9.8.4):
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57604
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

I would love to see the full output for both of these, especially the ADDITIONAL record.

> This creates a lot of problems where for example zone transfers fail, and for example customer mail bounces because the sending mail server believes there is no MX record.
> 
> Any clues on how to solve this?


Either your MSDNS and BIND both have bugs (unlikely) or something weird is happening. The empty NOERROR from PowerDNS is not known to cause these issues.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From aleksey.chudov at gmail.com  Fri Mar  8 00:01:39 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Fri, 08 Mar 2013 02:01:39 +0200
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <20130306154558.GB16745@xs.powerdns.com>
References: <513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi> <513763FE.8070405@gmail.com>
	<20130306154558.GB16745@xs.powerdns.com>
Message-ID: <51392A63.3060609@gmail.com>

On 07.03.2013 11:16, bert hubert wrote:
> Revision 3111 can be compiled as tar.gz, rpm or deb from:
> https://autotest.powerdns.com/
>
> Can you test? 

I repeated all the tests again with a new revision of PowerDNS 
3.2.20130307.3111. All test conditions were the same as described in a 
previous letter 
http://mailman.powerdns.com/pipermail/pdns-users/2013-March/009705.html 
except for the additional Pipe over unix socket test that was launched 
with parameter pipe-command=/var/run/pdns/pipe.sock

Each test was run 3 times for 5 minutes. The table shows the average values.

||PowerDNS 3.2 Backend||Threads||Queries per second||
|Remote HTTP|1|1620|
|Remote HTTP|7|8357|
|Remote Unix Socket|1|7067|
|Remote Unix Socket|7|27150|
|Remote Pipe + Socat|1|3879|
|Remote Pipe + Socat|7|16765|
|Pipe Unix Socket|1|8343|
|Pipe Unix Socket|7|51180|
|Pipe + Socat|1|5009|
|Pipe + Socat|7|25856|

Pipe protocol over unix socket is really fast. Hope that the new 
features will be added in one of the next versions of PowerDNS. Thank 
you guys for a great work!

Aleksey


From bert.hubert at netherlabs.nl  Fri Mar  8 08:17:50 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Fri, 8 Mar 2013 09:17:50 +0100
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <51392A63.3060609@gmail.com>
References: <513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi> <513763FE.8070405@gmail.com>
	<20130306154558.GB16745@xs.powerdns.com>
	<51392A63.3060609@gmail.com>
Message-ID: <20130308081750.GA31832@xs.powerdns.com>

On Fri, Mar 08, 2013 at 02:01:39AM +0200, Aleksey Chudov wrote:
> On 07.03.2013 11:16, bert hubert wrote:
> |Pipe Unix Socket|7|51180|
> |Pipe + Socat|1|5009|
> |Pipe + Socat|7|25856|
> 
> Pipe protocol over unix socket is really fast. Hope that the new
> features will be added in one of the next versions of PowerDNS.
> Thank you guys for a great work!

Thanks for the rapid feedback, it is good to wake up to such positive news
;-) 

This feature will be part of the next release of the PowerDNS Authoritative
Server. If you are in a hurry, the patch can be applied to 3.2 mainline with
no side effects. 

Good luck!

-- 
PowerDNS Website: http://www.powerdns.com/
PowerDNS Community Website: http://wiki.powerdns.com/
PowerDNS is supported and developed by Netherlabs: http://www.netherlabs.nl


From drabantus at gmail.com  Fri Mar  8 14:42:41 2013
From: drabantus at gmail.com (Fredrik Dahlberg)
Date: Fri, 8 Mar 2013 15:42:41 +0100
Subject: [Pdns-users] Problem with how PowerDNS answers when not
	authoritative.
In-Reply-To: <4E14ED4A-813A-496B-8141-4695AE1E4138@netherlabs.nl>
References: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>
	<4E14ED4A-813A-496B-8141-4695AE1E4138@netherlabs.nl>
Message-ID: <CALyJE0Z7eWEkUBMSDZJMz5HFJ8i0eay+=Nzngu-4Z1j9zeb3+A@mail.gmail.com>

On Thu, Mar 7, 2013 at 3:45 PM, Peter van Dijk <peter.van.dijk at netherlabs.nl
> wrote:

> > Microsoft DNS (6.1):
> > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42689
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> >
> > BIND (9.8.4):
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57604
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> I would love to see the full output for both of these, especially the
> ADDITIONAL record.
>

I cut it down so as not to expose the customer. I believe the ADDITIONAL
was EDNS0, but I can't reproduce these answers now that we have made the
change in configuration. I'm going set up some test servers, both with the
exact version we used (
http://www.monshouwer.eu/download/3rd_party/pdns-server/el6/x86_64/) and
some other versions, and see if I can reproduce it.

Either your MSDNS and BIND both have bugs (unlikely) or something weird is
> happening. The empty NOERROR from PowerDNS is not known to cause these
> issues.
>  <http://mailman.powerdns.com/mailman/listinfo/pdns-users>


I guess I could delegate a test zone to someone else's PowerDNS server and
try this out for myself. Weird if it has been tested and didn't cause any
problems.

//Fredrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130308/ca1c0c13/attachment.html>

From pnunn at infoteq.com.au  Sat Mar  9 04:20:55 2013
From: pnunn at infoteq.com.au (Peter Nunn)
Date: Sat, 09 Mar 2013 15:20:55 +1100
Subject: [Pdns-users] Screwy pdns configuration.
Message-ID: <1508595.jbP86VWjOG@pnunn-latitude-e6510>

Hi Guys,

I'm pretty new to this DNS stuff, but I have had a pdns server running from my local domain for some time (using it to resolve internal address to hosts when I'm inside the network that resolve to external address when I'm outside).

This has been working for a while (I think) with no issues until yesterday when I discovered that the network was working at a snails pace (or so it seemed).

Turns out that its pdns causing the issues (if I remove it from my resolv.conf the problem goes away).

I've set it up to recurse to my isp's dns server and a dig to google.com indicates that this is working (and returns the result VERY quickly), however, when I try and ping google.com I get one ping about every 4-5 seconds with the pdns server in the loop, and about 2 a second without it.

Its odd that with the pdns server being used, the ping's only return an ip too, not the host name as they do when I'm not using pdns.

Any ideas what's going on here and how to trouble shoot it? I've restarted pdns a couple of times, to no avail.

I'm running version 3.1 on Ubuntu.

Thanks heaps

Peter Nunn

-- 
Director
InfoTeq Pty Ltd
0412 174 230
03 9017 2707
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130309/2f5d3050/attachment.html>

From admin at sysadmins.el.kg  Mon Mar 11 04:24:27 2013
From: admin at sysadmins.el.kg (admin at sysadmins.el.kg)
Date: Mon, 11 Mar 2013 10:24:27 +0600 (KGT)
Subject: [Pdns-users] dyndns webapp
In-Reply-To: <20130307121921.7841f2df@uptheirons.ws.tiscali.sys>
References: <20130307121921.7841f2df@uptheirons.ws.tiscali.sys>
Message-ID: <51310.158.181.196.111.1362975867.squirrel@176.126.165.28>

Hi! I have installed powerdns+poweradmin with PostgreSQL storage and it
works as DynamicDNS service for my domain (dyn.su). On server side I have
modified script from Poweradmin (dynamic_update.php), clients uses
inadyn-mt to send requests to server. I just changed the php-script to
work with PostgreSQL database and made it API like dynDNS's API. It works
fine.
> Hello,
> I'm afraid that this is not 100% in topic, but I'll give it a try and
> face the consequences, I'm currently administering a pdns with
> mysql backend and I was asked to setup it in order to receive
> dynamic dns updates using dyndns2 protocol (so updates should
> came via authenticated http), so first option I though was to write
> some php web application to handle this, but I'm wondering if we
> really need to re-invent the wheel, so are you aware of an already
> existing application ? (something like 'proutdns' for bind or 'Oh Jasmin
> Dynamic DNS' for djbdns).
>
> thank you
>
> Mario
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>




From peter.van.dijk at netherlabs.nl  Mon Mar 11 07:58:51 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Mon, 11 Mar 2013 08:58:51 +0100
Subject: [Pdns-users] Screwy pdns configuration.
In-Reply-To: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
References: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
Message-ID: <1E3FA13C-5445-4427-AA26-AC42CEF80C05@netherlabs.nl>

Hello Peter,

On Mar 9, 2013, at 5:20 , Peter Nunn wrote:

> This has been working for a while (I think) with no issues until yesterday when I discovered that the network was working at a snails pace (or so it seemed).
>  
> Turns out that its pdns causing the issues (if I remove it from my resolv.conf the problem goes away).
>  
> I've set it up to recurse to my isp's dns server and a dig to google.com indicates that this is working (and returns the result VERY quickly), however, when I try and ping google.com I get one ping about every 4-5 seconds with the pdns server in the loop, and about 2 a second without it.

Can you show the full output of ping for both, and your resolv.conf contents for both runs? Can you also share your full pdns.conf and your configured zones?

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From pnunn at infoteq.com.au  Mon Mar 11 09:10:37 2013
From: pnunn at infoteq.com.au (Peter Nunn)
Date: Mon, 11 Mar 2013 20:10:37 +1100
Subject: [Pdns-users] Screwy pdns configuration.
In-Reply-To: <1E3FA13C-5445-4427-AA26-AC42CEF80C05@netherlabs.nl>
References: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
	<1E3FA13C-5445-4427-AA26-AC42CEF80C05@netherlabs.nl>
Message-ID: <1481014.0fC1TAFfPd@pnunn-latitude-e6510>

Hi Peter,

Gladly provide the information, below...


resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.0.57
nameserver 192.231.203.132
nameserver 192.231.203.3
search infoteq.com.au

(192.168.0.57 being the internal name server).

Ping with this configuration.

ping google.com
PING google.com (74.125.237.68) 56(84) bytes of data.
64 bytes from 74.125.237.68: icmp_req=1 ttl=55 time=51.1 ms
64 bytes from 74.125.237.68: icmp_req=2 ttl=55 time=62.9 ms
64 bytes from 74.125.237.68: icmp_req=3 ttl=55 time=50.1 ms
64 bytes from 74.125.237.68: icmp_req=4 ttl=55 time=50.7 ms
64 bytes from 74.125.237.68: icmp_req=5 ttl=55 time=50.6 ms
^C64 bytes from 74.125.237.68: icmp_req=6 ttl=55 time=51.2 ms

--- google.com ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 25402ms
rtt min/avg/max/mdev = 50.167/52.820/62.992/4.572 ms

each ping responce takes about 4 seconds.

Without the internal NS

ping google.com
PING google.com (74.125.237.105) 56(84) bytes of data.
64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=1 ttl=55 time=189 ms
64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=2 ttl=55 time=180 ms
64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=3 ttl=55 time=195 ms
64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=4 ttl=55 time=56.4 ms
64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=5 ttl=55 time=78.1 ms
^C
--- google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 56.443/139.940/195.003/59.866 ms


I get about 2 ping returns per second.

pdns.conf

allow-recursion=127.0.0.1, 192.168.0.0/24
config-dir=/etc/powerdns
daemon=yes
disable-axfr=yes
guardian=yes
launch=gmysql
lazy-recursion=yes
local-address=192.168.0.57
local-port=53
loglevel=5
module-dir=/usr/lib/powerdns
recursor=192.231.203.3
setgid=pdns
setuid=pdns
socket-dir=/var/run
version-string=powerdns
launch=gmysql
gmysql-host=localhost
gmysql-port=
gmysql-dbname=powerdns
gmysql-user=pdns
gmysql-password=asdf123
gmysql-dnssec=no
include=/etc/powerdns/pdns.d


zones configured.

infoteq.com.au
intq.com.au
in-addr.arpa

Thanks for the help.

Peter Nunn
-- 
Director
InfoTeq Pty Ltd
0412 174 230
03 9017 2707
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130311/750ddff0/attachment.html>

From bert.hubert at netherlabs.nl  Mon Mar 11 18:44:39 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Mon, 11 Mar 2013 19:44:39 +0100
Subject: [Pdns-users] PowerDNS has a new phone number!
Message-ID: <20130311184439.GA4092@xs.powerdns.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everybody,

Although we usually communicate via email, we also have a phone, and our
phone number changed this week.

The new number is +31-15-7850372. 

This information can also be found on the websites PowerDNS and Netherlabs
below.

Thanks!

- -- 
PowerDNS Website: http://www.powerdns.com/
PowerDNS Community Website: http://wiki.powerdns.com/
PowerDNS is supported and developed by Netherlabs: http://www.netherlabs.nl
Contact us by phone on +31-15-7850372
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlE+JhcACgkQHF7pkNLnFXUBCQCfSsOAN2Rrvf5pVHzPzkTG4EpF
w90An1ywebhMGSclWdhnVRknhP4NI1Tl
=tWo1
-----END PGP SIGNATURE-----


From aleksey.chudov at gmail.com  Tue Mar 12 11:20:51 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Tue, 12 Mar 2013 13:20:51 +0200
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <20130306154558.GB16745@xs.powerdns.com>
References: <513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi> <513763FE.8070405@gmail.com>
	<20130306154558.GB16745@xs.powerdns.com>
Message-ID: <513F0F93.8000001@gmail.com>

Hello,

During the tests I have encountered the following problem. When 
restarting the backend application it deletes old socket file on stop 
and creates new socket file on start. But PowerDNS Pipe backend is not 
reconnected to the new socket until restart.

Below messages from the PowerDNS logs

Mar 12 13:41:06 srv1 pdns[9463]: Exception building answer packet 
(failed in writen2: Broken pipe) sending out servfail
Mar 12 13:41:11 srv1 pdns[9463]: Exception building answer packet 
(failed in writen2: Broken pipe) sending out servfail
Mar 12 14:05:47 srv1 pdns[9463]: Exception building answer packet 
(failed in writen2: Broken pipe) sending out servfail


Aleksey


From ihrwein at gmail.com  Tue Mar 12 13:01:06 2013
From: ihrwein at gmail.com (Tibor Benke)
Date: Tue, 12 Mar 2013 14:01:06 +0100
Subject: [Pdns-users] CNAME chain
Message-ID: <CA+PZNGVgbdthKUS-C=u5Tcye6BuB7c5H6F-wC1meVzKX8ZDt1A@mail.gmail.com>

Hi!

I want to make a CNAME chain with ~160 elements. I made it, the last record
is a TXT. When I'm doing a DNS query, the server gives me only 11 records
in the response. There aren't repetitions among the elements of the chain.
I use the pdns recursor as an authoritative server with one zone file. It's
version is 3.3-3 on a Debian Wheezy. I also tried the +tcp option with the
dig client but it didn't help.

What do you think, this is a bug or the length of CNAME chains are
restricted in the standards of DNS?

Yours faithfully,
Tibor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130312/3a81c92f/attachment.html>

From peter.van.dijk at netherlabs.nl  Tue Mar 12 13:18:59 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Tue, 12 Mar 2013 14:18:59 +0100
Subject: [Pdns-users] CNAME chain
In-Reply-To: <CA+PZNGVgbdthKUS-C=u5Tcye6BuB7c5H6F-wC1meVzKX8ZDt1A@mail.gmail.com>
References: <CA+PZNGVgbdthKUS-C=u5Tcye6BuB7c5H6F-wC1meVzKX8ZDt1A@mail.gmail.com>
Message-ID: <C30D3887-4D17-4773-8C4E-087DB7311D53@netherlabs.nl>

Hello Tibor,

On Mar 12, 2013, at 14:01 , Tibor Benke wrote:

> Hi!
> 
> I want to make a CNAME chain with ~160 elements. I made it, the last record is a TXT. When I'm doing a DNS query, the server gives me only 11 records in the response. There aren't repetitions among the elements of the chain. I use the pdns recursor as an authoritative server with one zone file. It's version is 3.3-3 on a Debian Wheezy. I also tried the +tcp option with the dig client but it didn't help.
> 
> What do you think, this is a bug or the length of CNAME chains are restricted in the standards of DNS?

PowerDNS limits the lengths of chains and other indirections. The limits do not follow directly from the DNS standards.

Why do you want to do this?

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From ihrwein at gmail.com  Tue Mar 12 13:38:40 2013
From: ihrwein at gmail.com (Tibor Benke)
Date: Tue, 12 Mar 2013 14:38:40 +0100
Subject: [Pdns-users] CNAME chain
In-Reply-To: <C30D3887-4D17-4773-8C4E-087DB7311D53@netherlabs.nl>
References: <CA+PZNGVgbdthKUS-C=u5Tcye6BuB7c5H6F-wC1meVzKX8ZDt1A@mail.gmail.com>
	<C30D3887-4D17-4773-8C4E-087DB7311D53@netherlabs.nl>
Message-ID: <CA+PZNGUKHwdvPPNm9iZDQ4DhA3DmBSh7az9j8tryjmYT5L3zSw@mail.gmail.com>

Hello Peter,

My answer is simple: just for fun :) I would like to do something with the
DNS which is similar to the Star Wars easter-egg traceroute story:

http://boingboing.net/2013/02/09/star-wars-easter-egg-hidden-in.html

So I need a DNS server which is able to resolve long CNAME chains as well.
Can you show me the constant/#define/etc. in the source code with which I
can control this parameter of the software?

Yours sincerely,
Tibor


2013/3/12 Peter van Dijk <peter.van.dijk at netherlabs.nl>

> Hello Tibor,
>
> On Mar 12, 2013, at 14:01 , Tibor Benke wrote:
>
> > Hi!
> >
> > I want to make a CNAME chain with ~160 elements. I made it, the last
> record is a TXT. When I'm doing a DNS query, the server gives me only 11
> records in the response. There aren't repetitions among the elements of the
> chain. I use the pdns recursor as an authoritative server with one zone
> file. It's version is 3.3-3 on a Debian Wheezy. I also tried the +tcp
> option with the dig client but it didn't help.
> >
> > What do you think, this is a bug or the length of CNAME chains are
> restricted in the standards of DNS?
>
> PowerDNS limits the lengths of chains and other indirections. The limits
> do not follow directly from the DNS standards.
>
> Why do you want to do this?
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130312/5f3cdcbe/attachment.html>

From peter.van.dijk at netherlabs.nl  Tue Mar 12 13:41:16 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Tue, 12 Mar 2013 14:41:16 +0100
Subject: [Pdns-users] CNAME chain
In-Reply-To: <CA+PZNGUKHwdvPPNm9iZDQ4DhA3DmBSh7az9j8tryjmYT5L3zSw@mail.gmail.com>
References: <CA+PZNGVgbdthKUS-C=u5Tcye6BuB7c5H6F-wC1meVzKX8ZDt1A@mail.gmail.com>
	<C30D3887-4D17-4773-8C4E-087DB7311D53@netherlabs.nl>
	<CA+PZNGUKHwdvPPNm9iZDQ4DhA3DmBSh7az9j8tryjmYT5L3zSw@mail.gmail.com>
Message-ID: <CBECB991-F019-4C16-A1F9-B7D73B837671@netherlabs.nl>

Hello Tibor,

On Mar 12, 2013, at 14:38 , Tibor Benke wrote:

> My answer is simple: just for fun :) I would like to do something with the DNS which is similar to the Star Wars easter-egg traceroute story:
> 
> http://boingboing.net/2013/02/09/star-wars-easter-egg-hidden-in.html
> 
> So I need a DNS server which is able to resolve long CNAME chains as well. Can you show me the constant/#define/etc. in the source code with which I can control this parameter of the software?

I believe either or both of the 'depth > 10' checks in syncres.cc are what you need to change. I did not test this.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From ihrwein at gmail.com  Tue Mar 12 14:44:09 2013
From: ihrwein at gmail.com (Tibor Benke)
Date: Tue, 12 Mar 2013 15:44:09 +0100
Subject: [Pdns-users] CNAME chain
In-Reply-To: <CBECB991-F019-4C16-A1F9-B7D73B837671@netherlabs.nl>
References: <CA+PZNGVgbdthKUS-C=u5Tcye6BuB7c5H6F-wC1meVzKX8ZDt1A@mail.gmail.com>
	<C30D3887-4D17-4773-8C4E-087DB7311D53@netherlabs.nl>
	<CA+PZNGUKHwdvPPNm9iZDQ4DhA3DmBSh7az9j8tryjmYT5L3zSw@mail.gmail.com>
	<CBECB991-F019-4C16-A1F9-B7D73B837671@netherlabs.nl>
Message-ID: <CA+PZNGW=QWZNW35nWLSTpq2RZ5tY1DX5kSxqYyOC_VMp0BtwiA@mail.gmail.com>

I've changed both of them and the server got a segfault during the query:

Mar 12 15:36:19 dbtest1 kernel: [417697.501449] pdns_recursor[8161]:
segfault at ffffffffffffffef ip 000000000045a280 sp 0000000001c58c20 error
4 in pdns_recursor[400000+ec000]

Maybe I should look for a less secure software :)

Regards,
Tibor


2013/3/12 Peter van Dijk <peter.van.dijk at netherlabs.nl>

> Hello Tibor,
>
> On Mar 12, 2013, at 14:38 , Tibor Benke wrote:
>
> > My answer is simple: just for fun :) I would like to do something with
> the DNS which is similar to the Star Wars easter-egg traceroute story:
> >
> > http://boingboing.net/2013/02/09/star-wars-easter-egg-hidden-in.html
> >
> > So I need a DNS server which is able to resolve long CNAME chains as
> well. Can you show me the constant/#define/etc. in the source code with
> which I can control this parameter of the software?
>
> I believe either or both of the 'depth > 10' checks in syncres.cc are what
> you need to change. I did not test this.
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130312/5e49a9c2/attachment.html>

From Luca at ninefold.com  Wed Mar 13 04:35:21 2013
From: Luca at ninefold.com (Luca Salvatore)
Date: Wed, 13 Mar 2013 15:35:21 +1100
Subject: [Pdns-users] SOA Serial Number format
Message-ID: <D16D8905A64EE64CA9FEA8B367EC1BED0679D469F6@MTVMEXM02.workgroup.macquarie.net.au>

Hi,

Is it possible to change the SOA serial number format to the YYYMMDDnn format?
I can't seem to see a setting in the pdns.conf file... Thanks.

Luca.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130313/22d1018f/attachment.html>

From cyclops at prof-x.net  Wed Mar 13 08:10:37 2013
From: cyclops at prof-x.net (Ruben d'Arco)
Date: Wed, 13 Mar 2013 09:10:37 +0100
Subject: [Pdns-users] SOA Serial Number format
In-Reply-To: <D16D8905A64EE64CA9FEA8B367EC1BED0679D469F6@MTVMEXM02.workgroup.macquarie.net.au>
References: <D16D8905A64EE64CA9FEA8B367EC1BED0679D469F6@MTVMEXM02.workgroup.macquarie.net.au>
Message-ID: <20130313081036.GB32194@prof-x.prof-x.net>

Hi Luca,

Normally, the SOA-serial is what you set in your database. If you've never set it, you might be using the auto-serial feature. It would be helpful if you provide some information about your powerdns setup (config files, etc).

You can also simply change the SOA record in your database to the value you would like.

The soa-edit option could also work very well for you: 
http://jpmens.net/2013/01/18/understanding-powerdns-soa-edit/
http://doc.powerdns.com/domainmetadata.html

Hope it helps,
	Ruben


On Wed, Mar 13, 2013 at 03:35:21PM +1100, Luca Salvatore wrote:
> Hi,
> 
> Is it possible to change the SOA serial number format to the YYYMMDDnn format?
> I can't seem to see a setting in the pdns.conf file... Thanks.
> 
> Luca.
> 

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



From peter.van.dijk at netherlabs.nl  Thu Mar 14 15:04:06 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Thu, 14 Mar 2013 16:04:06 +0100
Subject: [Pdns-users] Screwy pdns configuration.
In-Reply-To: <1481014.0fC1TAFfPd@pnunn-latitude-e6510>
References: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
	<1E3FA13C-5445-4427-AA26-AC42CEF80C05@netherlabs.nl>
	<1481014.0fC1TAFfPd@pnunn-latitude-e6510>
Message-ID: <B2991141-240B-4641-B8D2-B3F393F13492@netherlabs.nl>

Hello Peter,

On Mar 11, 2013, at 10:10 , Peter Nunn wrote:

> (192.168.0.57 being the internal name server).
>  
> Ping with this configuration.
>  
> ping google.com
> PING google.com (74.125.237.68) 56(84) bytes of data.
> 64 bytes from 74.125.237.68: icmp_req=1 ttl=55 time=51.1 ms
> 64 bytes from 74.125.237.68: icmp_req=2 ttl=55 time=62.9 ms
> 64 bytes from 74.125.237.68: icmp_req=3 ttl=55 time=50.1 ms
> 64 bytes from 74.125.237.68: icmp_req=4 ttl=55 time=50.7 ms
> 64 bytes from 74.125.237.68: icmp_req=5 ttl=55 time=50.6 ms
> ^C64 bytes from 74.125.237.68: icmp_req=6 ttl=55 time=51.2 ms
>  
> --- google.com ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 25402ms
> rtt min/avg/max/mdev = 50.167/52.820/62.992/4.572 ms
>  
> each ping responce takes about 4 seconds.
>  
> Without the internal NS
>  
> ping google.com
> PING google.com (74.125.237.105) 56(84) bytes of data.
> 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=1 ttl=55 time=189 ms
> 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=2 ttl=55 time=180 ms
> 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=3 ttl=55 time=195 ms
> 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=4 ttl=55 time=56.4 ms
> 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=5 ttl=55 time=78.1 ms
> ^C
> --- google.com ping statistics ---
> 5 packets transmitted, 5 received, 0% packet loss, time 4001ms
> rtt min/avg/max/mdev = 56.443/139.940/195.003/59.866 ms
>  
>  
> I get about 2 ping returns per second.

Ping should do one return per second. If you get more, your clock is broken!

> infoteq.com.au
> intq.com.au
> in-addr.arpa

This zone (in-addr.arpa) is overriding your reverse lookups. Remove it, or replace it with a more specific version if you really need to.

Note that presence of the zone only explains the lack of names in the ping output, not the delays you are experiencing. My best guess about the delays is that your in-addr.arpa zone is also broken. Try a 'dig ptr -x 74.125.237.68 @192.168.0.57' to see; if it says SERVFAIL, this might explain the delays.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From manishr78 at gmail.com  Thu Mar 14 18:17:05 2013
From: manishr78 at gmail.com (Manish Rane)
Date: Thu, 14 Mar 2013 23:47:05 +0530
Subject: [Pdns-users] Split horizon possible with powerdns
Message-ID: <CA+z6RjEs_ceoXKCKuoa083Hm6AGGFHWx0tOsEP-yHXhTgkWV=w@mail.gmail.com>

Hi there,

I sm wondering if split horizon can be configured with powercns so that
intetnal as well as external users can get a separate ips?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130314/60b6038f/attachment.html>

From jpmens.dns at gmail.com  Thu Mar 14 18:26:36 2013
From: jpmens.dns at gmail.com (Jan-Piet Mens)
Date: Thu, 14 Mar 2013 19:26:36 +0100
Subject: [Pdns-users] Split horizon possible with powerdns
In-Reply-To: <CA+z6RjEs_ceoXKCKuoa083Hm6AGGFHWx0tOsEP-yHXhTgkWV=w@mail.gmail.com>
References: <CA+z6RjEs_ceoXKCKuoa083Hm6AGGFHWx0tOsEP-yHXhTgkWV=w@mail.gmail.com>
Message-ID: <20130314182636.GA86912@jmbp.ww.mens.de>

> I sm wondering if split horizon can be configured with powercns so that
> intetnal as well as external users can get a separate ips?

If you're talking about PowerDNS Authoritative, the answer is 'no'. If
you mean PowerDNS Recursor, the answer is 'maybe': you could use its Lua
feature to fiddle with returning different values on a per/client basis.
(Note: I said 'could'. :)

        -JP


From mark at streamservice.nl  Thu Mar 14 20:12:23 2013
From: mark at streamservice.nl (Mark Scholten)
Date: Thu, 14 Mar 2013 21:12:23 +0100
Subject: [Pdns-users] Split horizon possible with powerdns
In-Reply-To: <20130314182636.GA86912@jmbp.ww.mens.de>
References: <CA+z6RjEs_ceoXKCKuoa083Hm6AGGFHWx0tOsEP-yHXhTgkWV=w@mail.gmail.com>
	<20130314182636.GA86912@jmbp.ww.mens.de>
Message-ID: <0a0501ce20f0$3d7bb380$b8731a80$@streamservice.nl>

> -----Original Message-----
> From: pdns-users-bounces at mailman.powerdns.com [mailto:pdns-users-
> bounces at mailman.powerdns.com] On Behalf Of Jan-Piet Mens
> Sent: 14 March, 2013 19:27
> To: pdns-users at mailman.powerdns.com
> Subject: Re: [Pdns-users] Split horizon possible with powerdns
> 
> > I sm wondering if split horizon can be configured with powercns so
> > that intetnal as well as external users can get a separate ips?
> 
> If you're talking about PowerDNS Authoritative, the answer is 'no'. If you
mean
> PowerDNS Recursor, the answer is 'maybe': you could use its Lua feature to
> fiddle with returning different values on a per/client basis.
> (Note: I said 'could'. :)

Isn't it possible to abuse the geo backend for this?

And PowerDNS auth also has some LUA options if you disable the cache (and
that makes it slow).

Regards, Mark



From pnunn at infoteq.com.au  Thu Mar 14 21:38:10 2013
From: pnunn at infoteq.com.au (Peter Nunn)
Date: Fri, 15 Mar 2013 08:38:10 +1100
Subject: [Pdns-users] Screwy pdns configuration.
In-Reply-To: <B2991141-240B-4641-B8D2-B3F393F13492@netherlabs.nl>
References: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
	<1481014.0fC1TAFfPd@pnunn-latitude-e6510>
	<B2991141-240B-4641-B8D2-B3F393F13492@netherlabs.nl>
Message-ID: <1637739.zzUGbJ63Uf@pnunn-latitude-e6510>

Hi again Peter, again thanks for your help.

The reverse lookup seems to work (atleast with dig) 

dig ptr -x 74.125.237.68 @192.168.0.57

; <<>> DiG 9.8.1-P1 <<>> ptr -x 74.125.237.68 @192.168.0.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47736
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;68.237.125.74.in-addr.arpa.    IN      PTR

;; AUTHORITY SECTION:
in-addr.arpa.           86400   IN      SOA     ns1.infoteq.com.au. hostmaster.infoteq.com.au. 2012123102 28800 7200 604800 86400

;; Query time: 6 msec
;; SERVER: 192.168.0.57#53(192.168.0.57)
;; WHEN: Fri Mar 15 08:18:34 2013
;; MSG SIZE  rcvd: 109


I've removed the zone anyway, and am now getting...

ping google.com.au
PING google.com.au (74.125.237.88) 56(84) bytes of data.
>From UbuntuDev.local (192.168.0.57): icmp_seq=1 Redirect Host(New nexthop: 192.168.0.1)
64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=1 ttl=54 time=48.1 ms
>From UbuntuDev.local (192.168.0.57): icmp_seq=2 Redirect Host(New nexthop: 192.168.0.1)
64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=2 ttl=55 time=48.4 ms
>From UbuntuDev.local (192.168.0.57): icmp_seq=3 Redirect Host(New nexthop: 192.168.0.1)
64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=3 ttl=54 time=48.0 ms
>From UbuntuDev.local (192.168.0.57): icmp_seq=4 Redirect Host(New nexthop: 192.168.0.1)
64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=4 ttl=55 time=48.0 ms
>From UbuntuDev.local (192.168.0.57): icmp_seq=5 Redirect Host(New nexthop: 192.168.0.1)

however, this is still slow.

Peter.

On Thu, 14 Mar 2013 04:04:06 PM Peter van Dijk wrote:
> Hello Peter,
> 
> On Mar 11, 2013, at 10:10 , Peter Nunn wrote:
> 
> > (192.168.0.57 being the internal name server).
> >  
> > Ping with this configuration.
> >  
> > ping google.com
> > PING google.com (74.125.237.68) 56(84) bytes of data.
> > 64 bytes from 74.125.237.68: icmp_req=1 ttl=55 time=51.1 ms
> > 64 bytes from 74.125.237.68: icmp_req=2 ttl=55 time=62.9 ms
> > 64 bytes from 74.125.237.68: icmp_req=3 ttl=55 time=50.1 ms
> > 64 bytes from 74.125.237.68: icmp_req=4 ttl=55 time=50.7 ms
> > 64 bytes from 74.125.237.68: icmp_req=5 ttl=55 time=50.6 ms
> > ^C64 bytes from 74.125.237.68: icmp_req=6 ttl=55 time=51.2 ms
> >  
> > --- google.com ping statistics ---
> > 6 packets transmitted, 6 received, 0% packet loss, time 25402ms
> > rtt min/avg/max/mdev = 50.167/52.820/62.992/4.572 ms
> >  
> > each ping responce takes about 4 seconds.
> >  
> > Without the internal NS
> >  
> > ping google.com
> > PING google.com (74.125.237.105) 56(84) bytes of data.
> > 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=1 ttl=55 time=189 ms
> > 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=2 ttl=55 time=180 ms
> > 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=3 ttl=55 time=195 ms
> > 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=4 ttl=55 time=56.4 ms
> > 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=5 ttl=55 time=78.1 ms
> > ^C
> > --- google.com ping statistics ---
> > 5 packets transmitted, 5 received, 0% packet loss, time 4001ms
> > rtt min/avg/max/mdev = 56.443/139.940/195.003/59.866 ms
> >  
> >  
> > I get about 2 ping returns per second.
> 
> Ping should do one return per second. If you get more, your clock is broken!
> 
> > infoteq.com.au
> > intq.com.au
> > in-addr.arpa
> 
> This zone (in-addr.arpa) is overriding your reverse lookups. Remove it, or replace it with a more specific version if you really need to.
> 
> Note that presence of the zone only explains the lack of names in the ping output, not the delays you are experiencing. My best guess about the delays is that your in-addr.arpa zone is also broken. Try a 'dig ptr -x 74.125.237.68 @192.168.0.57' to see; if it says SERVFAIL, this might explain the delays.
> 
> Kind regards,
> 
-- 
Director
InfoTeq Pty Ltd
0412 174 230
03 9017 2707
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130315/ded5a3c0/attachment.html>

From peter.van.dijk at netherlabs.nl  Fri Mar 15 06:52:30 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Fri, 15 Mar 2013 07:52:30 +0100
Subject: [Pdns-users] Screwy pdns configuration.
In-Reply-To: <1637739.zzUGbJ63Uf@pnunn-latitude-e6510>
References: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
	<1481014.0fC1TAFfPd@pnunn-latitude-e6510>
	<B2991141-240B-4641-B8D2-B3F393F13492@netherlabs.nl>
	<1637739.zzUGbJ63Uf@pnunn-latitude-e6510>
Message-ID: <9F78F01A-079B-4327-84C9-C63BF3A01DE8@netherlabs.nl>

Hello Peter,

On Mar 14, 2013, at 22:38 , Peter Nunn wrote:

> The reverse lookup seems to work (atleast with dig) 
>  
> dig ptr -x 74.125.237.68 @192.168.0.57
>  
> ; <<>> DiG 9.8.1-P1 <<>> ptr -x 74.125.237.68 @192.168.0.57
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47736
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>  
> ;; QUESTION SECTION:
> ;68.237.125.74.in-addr.arpa.    IN      PTR
>  
> ;; AUTHORITY SECTION:
> in-addr.arpa.           86400   IN      SOA     ns1.infoteq.com.au. hostmaster.infoteq.com.au. 2012123102 28800 7200 604800 86400
>  
> ;; Query time: 6 msec
> ;; SERVER: 192.168.0.57#53(192.168.0.57)
> ;; WHEN: Fri Mar 15 08:18:34 2013
> ;; MSG SIZE  rcvd: 109

Ok - it is not returning the actual name of that IP on the Internet, but it's fast and not a SERVFAIL. So, it should not cause the issues you are seeing with ping.

> ping google.com.au
> PING google.com.au (74.125.237.88) 56(84) bytes of data.
> From UbuntuDev.local (192.168.0.57): icmp_seq=1 Redirect Host(New nexthop: 192.168.0.1)
> 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=1 ttl=54 time=48.1 ms
> From UbuntuDev.local (192.168.0.57): icmp_seq=2 Redirect Host(New nexthop: 192.168.0.1)
> 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=2 ttl=55 time=48.4 ms
> From UbuntuDev.local (192.168.0.57): icmp_seq=3 Redirect Host(New nexthop: 192.168.0.1)
> 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=3 ttl=54 time=48.0 ms
> From UbuntuDev.local (192.168.0.57): icmp_seq=4 Redirect Host(New nexthop: 192.168.0.1)
> 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=4 ttl=55 time=48.0 ms
> From UbuntuDev.local (192.168.0.57): icmp_seq=5 Redirect Host(New nexthop: 192.168.0.1)
>  
> however, this is still slow.

The ICMP redirects suggest a networking misconfiguration - unrelated to PowerDNS.


Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From cyclops at prof-x.net  Fri Mar 15 07:38:57 2013
From: cyclops at prof-x.net (Ruben d'Arco)
Date: Fri, 15 Mar 2013 08:38:57 +0100
Subject: [Pdns-users] Split horizon possible with powerdns
In-Reply-To: <0a0501ce20f0$3d7bb380$b8731a80$@streamservice.nl>
References: <CA+z6RjEs_ceoXKCKuoa083Hm6AGGFHWx0tOsEP-yHXhTgkWV=w@mail.gmail.com>
	<20130314182636.GA86912@jmbp.ww.mens.de>
	<0a0501ce20f0$3d7bb380$b8731a80$@streamservice.nl>
Message-ID: <20130315073856.GC32194@prof-x.prof-x.net>


Hi,

Another appraoch would be to run two instances of pdns. Every instance would run on a specific ip which corresponds
to the subnet that you want to use. For internal/external scenario's this will probably work.
The small downside of this is that you have to maintain two zones and two powerdns databases.

Regards,
	Ruben




On Thu, Mar 14, 2013 at 09:12:23PM +0100, Mark Scholten wrote:
> > -----Original Message-----
> > From: pdns-users-bounces at mailman.powerdns.com [mailto:pdns-users-
> > bounces at mailman.powerdns.com] On Behalf Of Jan-Piet Mens
> > Sent: 14 March, 2013 19:27
> > To: pdns-users at mailman.powerdns.com
> > Subject: Re: [Pdns-users] Split horizon possible with powerdns
> > 
> > > I sm wondering if split horizon can be configured with powercns so
> > > that intetnal as well as external users can get a separate ips?
> > 
> > If you're talking about PowerDNS Authoritative, the answer is 'no'. If you
> mean
> > PowerDNS Recursor, the answer is 'maybe': you could use its Lua feature to
> > fiddle with returning different values on a per/client basis.
> > (Note: I said 'could'. :)
> 
> Isn't it possible to abuse the geo backend for this?
> 
> And PowerDNS auth also has some LUA options if you disable the cache (and
> that makes it slow).
> 
> Regards, Mark
> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users


From pnunn at infoteq.com.au  Fri Mar 15 11:01:40 2013
From: pnunn at infoteq.com.au (Peter Nunn)
Date: Fri, 15 Mar 2013 22:01:40 +1100
Subject: [Pdns-users] Screwy pdns configuration.
In-Reply-To: <9F78F01A-079B-4327-84C9-C63BF3A01DE8@netherlabs.nl>
References: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
	<1637739.zzUGbJ63Uf@pnunn-latitude-e6510>
	<9F78F01A-079B-4327-84C9-C63BF3A01DE8@netherlabs.nl>
Message-ID: <2066466.o3EodtaZVq@pnunn-latitude-e6510>

Peter you are a champion.

Turns out to have been an openvpn connection that had partly come up giving me a default route back to the host that happened to have pdns running on it (also the vpn end point).

Get rid of that route and all is now good again.


THANKYOU.

Would never have twigged without your help

Peter.


On Fri, 15 Mar 2013 07:52:30 AM Peter van Dijk wrote:
> Hello Peter,
> 
> On Mar 14, 2013, at 22:38 , Peter Nunn wrote:
> 
> > The reverse lookup seems to work (atleast with dig) 
> >  
> > dig ptr -x 74.125.237.68 @192.168.0.57
> >  
> > ; <<>> DiG 9.8.1-P1 <<>> ptr -x 74.125.237.68 @192.168.0.57
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47736
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> >  
> > ;; QUESTION SECTION:
> > ;68.237.125.74.in-addr.arpa.    IN      PTR
> >  
> > ;; AUTHORITY SECTION:
> > in-addr.arpa.           86400   IN      SOA     ns1.infoteq.com.au. hostmaster.infoteq.com.au. 2012123102 28800 7200 604800 86400
> >  
> > ;; Query time: 6 msec
> > ;; SERVER: 192.168.0.57#53(192.168.0.57)
> > ;; WHEN: Fri Mar 15 08:18:34 2013
> > ;; MSG SIZE  rcvd: 109
> 
> Ok - it is not returning the actual name of that IP on the Internet, but it's fast and not a SERVFAIL. So, it should not cause the issues you are seeing with ping.
> 
> > ping google.com.au
> > PING google.com.au (74.125.237.88) 56(84) bytes of data.
> > From UbuntuDev.local (192.168.0.57): icmp_seq=1 Redirect Host(New nexthop: 192.168.0.1)
> > 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=1 ttl=54 time=48.1 ms
> > From UbuntuDev.local (192.168.0.57): icmp_seq=2 Redirect Host(New nexthop: 192.168.0.1)
> > 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=2 ttl=55 time=48.4 ms
> > From UbuntuDev.local (192.168.0.57): icmp_seq=3 Redirect Host(New nexthop: 192.168.0.1)
> > 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=3 ttl=54 time=48.0 ms
> > From UbuntuDev.local (192.168.0.57): icmp_seq=4 Redirect Host(New nexthop: 192.168.0.1)
> > 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=4 ttl=55 time=48.0 ms
> > From UbuntuDev.local (192.168.0.57): icmp_seq=5 Redirect Host(New nexthop: 192.168.0.1)
> >  
> > however, this is still slow.
> 
> The ICMP redirects suggest a networking misconfiguration - unrelated to PowerDNS.
> 
> 
> Kind regards,
> 
-- 
Director
InfoTeq Pty Ltd
0412 174 230
03 9017 2707
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130315/054bb3bb/attachment.html>

From dmiller at amfes.com  Fri Mar 15 18:16:22 2013
From: dmiller at amfes.com (Daniel L. Miller)
Date: Fri, 15 Mar 2013 11:16:22 -0700
Subject: [Pdns-users] Split horizon possible with powerdns
In-Reply-To: <20130314182636.GA86912@jmbp.ww.mens.de>
References: <CA+z6RjEs_ceoXKCKuoa083Hm6AGGFHWx0tOsEP-yHXhTgkWV=w@mail.gmail.com>
	<20130314182636.GA86912@jmbp.ww.mens.de>
Message-ID: <assp.178619f522.51436576.4020507@amfes.com>

On 3/14/2013 11:26 AM, Jan-Piet Mens wrote:
>> I sm wondering if split horizon can be configured with powercns so that
>> intetnal as well as external users can get a separate ips?
> If you're talking about PowerDNS Authoritative, the answer is 'no'. If
> you mean PowerDNS Recursor, the answer is 'maybe': you could use its Lua
> feature to fiddle with returning different values on a per/client basis.
> (Note: I said 'could'. :)

Could and do - as I don't have a better option for my current setup.

Authoritative server listening on private port - Internet firewall 
forwards requests via NAT.
Recursor listening on :53 on LAN address - provides DNS for local hosts 
and rewrites as needed via lua or forwards to authoritative.

-- 
Daniel


From cloos at jhcloos.com  Sat Mar 16 00:19:32 2013
From: cloos at jhcloos.com (James Cloos)
Date: Fri, 15 Mar 2013 20:19:32 -0400
Subject: [Pdns-users] tsig keys
Message-ID: <m3k3p8nqky.fsf@carbon.jhcloos.org>

Should the tsigkeys.secret column have any structure?

Or is it just base64-encoded random bits?

-JimC
-- 
James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6


From jpmens.dns at gmail.com  Sat Mar 16 09:07:45 2013
From: jpmens.dns at gmail.com (Jan-Piet Mens)
Date: Sat, 16 Mar 2013 10:07:45 +0100
Subject: [Pdns-users] tsig keys
In-Reply-To: <m3k3p8nqky.fsf@carbon.jhcloos.org>
References: <m3k3p8nqky.fsf@carbon.jhcloos.org>
Message-ID: <20130316090745.GA861@jmbp.ww.mens.de>

> Should the tsigkeys.secret column have any structure?

It's just the Base64-encoded blob, e.g.:

        INSERT INTO tsigkeys (name, algorithm, secret) VALUES ('k01', 'hmac-md5', '4imFLvMHKDmtc2oJldCaJg==');

Regards,

        -JP


From cloos at jhcloos.com  Sat Mar 16 17:38:33 2013
From: cloos at jhcloos.com (James Cloos)
Date: Sat, 16 Mar 2013 13:38:33 -0400
Subject: [Pdns-users] tsig keys
In-Reply-To: <20130316090745.GA861@jmbp.ww.mens.de> (Jan-Piet Mens's message
	of "Sat, 16 Mar 2013 10:07:45 +0100")
References: <m3k3p8nqky.fsf@carbon.jhcloos.org>
	<20130316090745.GA861@jmbp.ww.mens.de>
Message-ID: <m3a9q3meh9.fsf@carbon.jhcloos.org>

>>>>> "JM" == Jan-Piet Mens <jpmens.dns at gmail.com> writes:

JM> It's just the Base64-encoded blob, e.g.:

'the blob' doesn't answer my question.

Is it just random bits or the result of running hmac-md5 on something?

-JimC
-- 
James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6


From chieff7 at gmail.com  Sat Mar 16 18:56:25 2013
From: chieff7 at gmail.com (Ron Tsoref)
Date: Sat, 16 Mar 2013 20:56:25 +0200
Subject: [Pdns-users] PowerDNS capabilities
Message-ID: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>

Hi.

I'm just checking out PowerDNS' capabilities and I'm not sure about
something --

Is it possible to serve DNS queries with PowerDNS this way? :

PowerDNS checks for the requester's IP.  If its IP range is found - serve a
certain record from a MySQL database.  If not - PowerDNS will serve a
general, country-based answer from the MySQL database (simple Geo
resolution).

Thanks

Ron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130316/4956a7cf/attachment.html>

From bycn82 at gmail.com  Sun Mar 17 02:24:28 2013
From: bycn82 at gmail.com (Bill Yuan)
Date: Sun, 17 Mar 2013 10:24:28 +0800
Subject: [Pdns-users] my pdns does'nt use my recursor
Message-ID: <CAC+JH2z9LnY8yc6ZpXX-77zw7XZGDM1een15Bm5K-bfhBO+zoA@mail.gmail.com>

hi
I configured two ip addresses on my local linux for pdns, 1.1.1.1 for
the pdns, and 2.2.2.2 for it's recursor.

and I have another laptop using xp,

I found when dns set to 1.1.1.1, my xp laptop can resolve the local
domain which configured in the pdns,

when dns set to 2.2.2.2 , my xp laptop can resole the domain like
www.google.com,

So that means the pdns and the recursor are working.

But when i set the dns to 1.1.1.1 and quering www.google.com it will fail,

So it there any way to check why the pdns did not invoke my recursor?


I have configured "recursor=2.2.2.2:53" in the pdns.conf


From bycn82 at gmail.com  Sun Mar 17 08:44:43 2013
From: bycn82 at gmail.com (Bill Yuan)
Date: Sun, 17 Mar 2013 16:44:43 +0800
Subject: [Pdns-users] my pdns does'nt use my recursor
In-Reply-To: <CAC+JH2z9LnY8yc6ZpXX-77zw7XZGDM1een15Bm5K-bfhBO+zoA@mail.gmail.com>
References: <CAC+JH2z9LnY8yc6ZpXX-77zw7XZGDM1een15Bm5K-bfhBO+zoA@mail.gmail.com>
Message-ID: <CAC+JH2zNSO0XDBFPaHveAYmhwRnX8eHi_Ptc8YotKQk3iOrVhA@mail.gmail.com>

Sorry , I just found actually it is using the 2.2.2.2 , It is not
working properly because 2.2.2.2 is an public ip which located in
France.



On Sun, Mar 17, 2013 at 10:24 AM, Bill Yuan <bycn82 at gmail.com> wrote:
> hi
> I configured two ip addresses on my local linux for pdns, 1.1.1.1 for
> the pdns, and 2.2.2.2 for it's recursor.
>
> and I have another laptop using xp,
>
> I found when dns set to 1.1.1.1, my xp laptop can resolve the local
> domain which configured in the pdns,
>
> when dns set to 2.2.2.2 , my xp laptop can resole the domain like
> www.google.com,
>
> So that means the pdns and the recursor are working.
>
> But when i set the dns to 1.1.1.1 and quering www.google.com it will fail,
>
> So it there any way to check why the pdns did not invoke my recursor?
>
>
> I have configured "recursor=2.2.2.2:53" in the pdns.conf


From jpmens.dns at gmail.com  Sun Mar 17 09:57:00 2013
From: jpmens.dns at gmail.com (Jan-Piet Mens)
Date: Sun, 17 Mar 2013 10:57:00 +0100
Subject: [Pdns-users] tsig keys
In-Reply-To: <m3a9q3meh9.fsf@carbon.jhcloos.org>
References: <m3k3p8nqky.fsf@carbon.jhcloos.org>
	<20130316090745.GA861@jmbp.ww.mens.de>
	<m3a9q3meh9.fsf@carbon.jhcloos.org>
Message-ID: <20130317095700.GA23302@jmbp.ww.mens.de>

> >>>>> "JM" == Jan-Piet Mens <jpmens.dns at gmail.com> writes:

"JP", by the way ;-)

> 'the blob' doesn't answer my question.
> 
> Is it just random bits or the result of running hmac-md5 on something?

It's the rdata taken from the KEY RR after running `dnssec-keygen -a HMAC-MD5 -n HOST -b nnnn xxx`

        -JP


From peter.van.dijk at netherlabs.nl  Sun Mar 17 14:20:01 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Sun, 17 Mar 2013 15:20:01 +0100
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
Message-ID: <1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>

Hello Ron,

On Mar 16, 2013, at 19:56 , Ron Tsoref wrote:

> I'm just checking out PowerDNS' capabilities and I'm not sure about something --
> 
> Is it possible to serve DNS queries with PowerDNS this way? :
> 
> PowerDNS checks for the requester's IP.  If its IP range is found - serve a certain record from a MySQL database.  If not - PowerDNS will serve a general, country-based answer from the MySQL database (simple Geo resolution).

The BIND and SQL backends cannot do this. The Geobackend can do this natively (but it has some limitations). The Lua, Pipe and Remote backends can do this if you write a script. A Google search might give you a couple.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From bycn82 at gmail.com  Sun Mar 17 14:20:53 2013
From: bycn82 at gmail.com (Bill Yuan)
Date: Sun, 17 Mar 2013 22:20:53 +0800
Subject: [Pdns-users] my pdns does'nt use my recursor
In-Reply-To: <CAC+JH2zNSO0XDBFPaHveAYmhwRnX8eHi_Ptc8YotKQk3iOrVhA@mail.gmail.com>
References: <CAC+JH2z9LnY8yc6ZpXX-77zw7XZGDM1een15Bm5K-bfhBO+zoA@mail.gmail.com>
	<CAC+JH2zNSO0XDBFPaHveAYmhwRnX8eHi_Ptc8YotKQk3iOrVhA@mail.gmail.com>
Message-ID: <CAC+JH2zcMd_j-oTJ2wnsEP_BeDZ4P170pUmZQo+dSrVc8zmyvQ@mail.gmail.com>

finally copy all the files into my linux, now the recursor can trigger
the lua script already,

but is still did not return the correct result for the nxdomains, I
have a function like below, no matter what domain it is , i just
always return a ip for it ,  but the function is not working properly!

function nxdomain ( remoteip, domain, qtype )
return 0, {
{qtype="1", content="1.2.3.4", ttl=3600, place="1"},
}
end

On Sun, Mar 17, 2013 at 4:44 PM, Bill Yuan <bycn82 at gmail.com> wrote:
> Sorry , I just found actually it is using the 2.2.2.2 , It is not
> working properly because 2.2.2.2 is an public ip which located in
> France.
>
>
>
> On Sun, Mar 17, 2013 at 10:24 AM, Bill Yuan <bycn82 at gmail.com> wrote:
>> hi
>> I configured two ip addresses on my local linux for pdns, 1.1.1.1 for
>> the pdns, and 2.2.2.2 for it's recursor.
>>
>> and I have another laptop using xp,
>>
>> I found when dns set to 1.1.1.1, my xp laptop can resolve the local
>> domain which configured in the pdns,
>>
>> when dns set to 2.2.2.2 , my xp laptop can resole the domain like
>> www.google.com,
>>
>> So that means the pdns and the recursor are working.
>>
>> But when i set the dns to 1.1.1.1 and quering www.google.com it will fail,
>>
>> So it there any way to check why the pdns did not invoke my recursor?
>>
>>
>> I have configured "recursor=2.2.2.2:53" in the pdns.conf


From odhiambo at gmail.com  Sun Mar 17 15:03:44 2013
From: odhiambo at gmail.com (Odhiambo Washington)
Date: Sun, 17 Mar 2013 18:03:44 +0300
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
Message-ID: <CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>

On 17 March 2013 17:20, Peter van Dijk <peter.van.dijk at netherlabs.nl> wrote:

> Hello Ron,
>
> On Mar 16, 2013, at 19:56 , Ron Tsoref wrote:
>
> > I'm just checking out PowerDNS' capabilities and I'm not sure about
> something --
> >
> > Is it possible to serve DNS queries with PowerDNS this way? :
> >
> > PowerDNS checks for the requester's IP.  If its IP range is found -
> serve a certain record from a MySQL database.  If not - PowerDNS will serve
> a general, country-based answer from the MySQL database (simple Geo
> resolution).
>
> The BIND and SQL backends cannot do this. The Geobackend can do this
> natively (but it has some limitations). The Lua, Pipe and Remote backends
> can do this if you write a script. A Google search might give you a couple.
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
>

Just curious. Isn't the question closely similar to how "views" work in
BIND?

Does PowerDNS support "views", in some way?



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130317/7fd143fb/attachment.html>

From cloos at jhcloos.com  Sun Mar 17 21:12:53 2013
From: cloos at jhcloos.com (James Cloos)
Date: Sun, 17 Mar 2013 17:12:53 -0400
Subject: [Pdns-users] tsig keys
In-Reply-To: <20130317095700.GA23302@jmbp.ww.mens.de> (Jan-Piet Mens's message
	of "Sun, 17 Mar 2013 10:57:00 +0100")
References: <m3k3p8nqky.fsf@carbon.jhcloos.org>
	<20130316090745.GA861@jmbp.ww.mens.de>
	<m3a9q3meh9.fsf@carbon.jhcloos.org>
	<20130317095700.GA23302@jmbp.ww.mens.de>
Message-ID: <m3d2uxlogh.fsf@carbon.jhcloos.org>

>>>>> "JM" == Jan-Piet Mens <jpmens.dns at gmail.com> writes:

JM> It's the rdata [from] running dnssec-keygen ...

OK.  Thanks!

-JimC
-- 
James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6




From jigneshmpatel at gmail.com  Sun Mar 17 22:43:38 2013
From: jigneshmpatel at gmail.com (Jignesh Patel)
Date: Sun, 17 Mar 2013 18:43:38 -0400
Subject: [Pdns-users] installing ldap as backend
Message-ID: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>

I am trying to run powerdns on amazon server with openldap integration.
I have installed following two packages
sudo yum list | grep pdns
pdns.x86_64                           3.1-2.el6                    @epel

pdns-backend-ldap.x86_64              3.1-2.el6                    @epel

openldap is running efficiently.

However when I am trying to run powerdns with ldap by putting following
parameters in /etc/pdns/pdns.conf
#allow-recursion-override=on
#irecursor=127.0.0.1
#lazy-recursion=yes
launch=ldap
ldap-host = ldap://127.0.0.1:389/
ldap-basedn = ""
ldap-binddn=""
ldap-starttls=no
ldap-secret=groupmd123
ldap-method=simple
#ldap-filter-axfr="(:target:)"
#ldap-filter-lookup="(:target:)"

after a while I see following message in /var/log/messages file

Mar 17 22:39:32 ip-10-190-102-20 pdns[19195]: Respawning
Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Guardian is launching an
instance
Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Reading random entropy from
'/dev/urandom'
Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: This is a guarded instance of
pdns
Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Fatal error: Trying to set
unexisting parameter 'ldap-host '

So how to set LDAP parameter. I have not configured powerdns manually but I
used yum to install pens-backend-ldap and by default it installed powerdns.

Please suggest me how to make pdns working with openldap.

And is it possible to configure powerdns-webinterface with openldap as
backend.
http://code.google.com/p/powerdns-webinterface/downloads/list

-Jignesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130317/49a4c97a/attachment.html>

From bycn82 at gmail.com  Mon Mar 18 00:38:58 2013
From: bycn82 at gmail.com (Bill Yuan)
Date: Mon, 18 Mar 2013 08:38:58 +0800
Subject: [Pdns-users] pdns lua script to handle the nxdomain
Message-ID: <CAC+JH2z9u5zzw5PrVOh=SQWqmJYJX5dkkdy58-3F-oNkxuDq+Q@mail.gmail.com>

Hi all,

I am using pdns as a local dns server to hijack all the nxdomain, If the
visitor key-in a typo domain, we want to redirect them to our own website.
But I met this two error message on the xp client,

"*** No address (A) records available for XXXX"

"*** UnKnown can't find XXXX: Non-existent domain"

What is the difference between this two error message? Currently I am using
the lua script(
http://wiki.powerdns.com/trac/browser/trunk/pdns/pdns/powerdns-example-script.lua)
but seem the nxdomain is not functioning!

thanks,
Bill82
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130318/43c7681c/attachment.html>

From peter.van.dijk at netherlabs.nl  Mon Mar 18 06:23:24 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Mon, 18 Mar 2013 07:23:24 +0100
Subject: [Pdns-users] my pdns does'nt use my recursor
In-Reply-To: <CAC+JH2zcMd_j-oTJ2wnsEP_BeDZ4P170pUmZQo+dSrVc8zmyvQ@mail.gmail.com>
References: <CAC+JH2z9LnY8yc6ZpXX-77zw7XZGDM1een15Bm5K-bfhBO+zoA@mail.gmail.com>
	<CAC+JH2zNSO0XDBFPaHveAYmhwRnX8eHi_Ptc8YotKQk3iOrVhA@mail.gmail.com>
	<CAC+JH2zcMd_j-oTJ2wnsEP_BeDZ4P170pUmZQo+dSrVc8zmyvQ@mail.gmail.com>
Message-ID: <05EF9821-D3FF-4B6E-835F-6753E9240375@netherlabs.nl>

Hello Bill,

On Mar 17, 2013, at 15:20 , Bill Yuan wrote:

> finally copy all the files into my linux, now the recursor can trigger
> the lua script already,
> 
> but is still did not return the correct result for the nxdomains, I
> have a function like below, no matter what domain it is , i just
> always return a ip for it ,  but the function is not working properly!
> 
> function nxdomain ( remoteip, domain, qtype )
> return 0, {
> {qtype="1", content="1.2.3.4", ttl=3600, place="1"},
> }
> end


You have not actually told us what is going wrong. Can you show us some output? Also, we'd prefer it if you did not obscure your IPs like this.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From peter.van.dijk at netherlabs.nl  Mon Mar 18 06:25:46 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Mon, 18 Mar 2013 07:25:46 +0100
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
Message-ID: <B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>

Hello Jignesh,

On Mar 17, 2013, at 23:43 , Jignesh Patel wrote:

> after a while I see following message in /var/log/messages file
> 
> Mar 17 22:39:32 ip-10-190-102-20 pdns[19195]: Respawning
> Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Guardian is launching an instance
> Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Reading random entropy from '/dev/urandom'
> Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: This is a guarded instance of pdns
> Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Fatal error: Trying to set unexisting parameter 'ldap-host '
> 
> So how to set LDAP parameter. I have not configured powerdns manually but I used yum to install pens-backend-ldap and by default it installed powerdns.

Is it possible there is another launch= line further down in your config? You can only have one - if you have multiple, PowerDNS will use the last one.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From mh+pdns-users at zugschlus.de  Mon Mar 18 10:56:06 2013
From: mh+pdns-users at zugschlus.de (Marc Haber)
Date: Mon, 18 Mar 2013 11:56:06 +0100
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
Message-ID: <20130318105606.GC14649@torres.zugschlus.de>

On Sun, Mar 17, 2013 at 06:03:44PM +0300, Odhiambo Washington wrote:
> Does PowerDNS support "views", in some way?

If you look for something that is the same as bind views, the answer
is no, unfortunately. Same goes for ACLs.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062


From bycn82 at gmail.com  Mon Mar 18 12:59:11 2013
From: bycn82 at gmail.com (Bill Yuan)
Date: Mon, 18 Mar 2013 20:59:11 +0800
Subject: [Pdns-users] some basic question for master
Message-ID: <CAC+JH2ymLLQJ+-P+yQYcxmCB8AYXMYo9OWM1CcUPmfu0bQitVA@mail.gmail.com>

hi

i have some question, i tried to google the answer, but for a newbie as me
,i think how to key-in the right keyword also a big problem,

1, the zone-file,   how come the recursor know whether to query and resolve
the domain ?  i think it is configured in the forward-zone-file, and
currently i configured "*.=8.8.8.8" in the zone-file, so does it mean that
for all domains , the recursor will use 8.8.8.8

2, how can i resolve the server name?  when i run command nslookup on my
windows xp, i saw the info below

Server:    1.1.168.192.in-addr.arpa
Address:  192.168.1.1

Non-authoritative-answer:
Name:www.google.com
.......

My question is how can i change the server name, the name here
1.1.168.192.in-addr.arpa looks wired.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130318/d352ea8c/attachment.html>

From zaphodb at zaphods.net  Mon Mar 18 14:02:10 2013
From: zaphodb at zaphods.net (Stefan Schmidt)
Date: Mon, 18 Mar 2013 15:02:10 +0100
Subject: [Pdns-users] some basic question for master
In-Reply-To: <CAC+JH2ymLLQJ+-P+yQYcxmCB8AYXMYo9OWM1CcUPmfu0bQitVA@mail.gmail.com>
References: <CAC+JH2ymLLQJ+-P+yQYcxmCB8AYXMYo9OWM1CcUPmfu0bQitVA@mail.gmail.com>
Message-ID: <CAFoxyLUT6k5aBLonk6HX4=0Um6=qsxhQQTy8mk5D5OYvLtynuw@mail.gmail.com>

On Mon, Mar 18, 2013 at 1:59 PM, Bill Yuan <bycn82 at gmail.com> wrote:

> hi
>

Hi,


> i have some question, i tried to google the answer, but for a newbie as me
> ,i think how to key-in the right keyword also a big problem,
>

Not confusing terminology is always a good start to ask the right questions.
In the subject of this email you have a "question for master" which will
lead experienced DNS operators in the direction that you might have a
question about the workings of an authoritative DNS server operating as a
master for some zone whereas it seems to me reading on that your interest
actually is with PowerDNS recursor. So a totally different beast. Let me
point you to the excellent wikipedia article about DNS for working out the
correct terms for most things DNS.
http://en.wikipedia.org/wiki/Domain_Name_System


> 1, the zone-file,   how come the recursor know whether to query and
> resolve the domain ?  i think it is configured in the forward-zone-file,
> and currently i configured "*.=8.8.8.8" in the zone-file, so does it mean
> that for all domains , the recursor will use 8.8.8.8
>

It actually is forward-zones-file where zone is in the plural. It is a file
where you specify which zones will get forwarded to which authoritative
Nameserver IPs.
As is documented at
http://doc.powerdns.com/built-in-recursor.html#recursor-settings .
Calling the mentioned file a zonefile however is misleading at best as this
name is commonly used to refer to a file holding the actual data that
authoritative Nameservers such as BIND serve. See
http://en.wikipedia.org/wiki/Zone_file .
You will find that it is also documented that the forward-zones-file option
will not set the recursion desired bit when forwarding the queries, so if
your destination nameserver is a recursive one the forward-zones-recurse
option is what you will want to use instead.

For forwarding all queries to a recursive Nameserver the single dot without
any asterisks will denote the DNS root and hence by specifying .=8.8.8.8
all your queries will be forwarded to 8.8.8.8 unless they can be answered
by the configured backends.
However please read http://cr.yp.to/djbdns/separation.html on why doing
this is usually a bad idea.


>
> 2, how can i resolve the server name?  when i run command nslookup on my
> windows xp, i saw the info below
>
> Server:    1.1.168.192.in-addr.arpa
> Address:  192.168.1.1
>
> Non-authoritative-answer:
> Name:www.google.com
> .......
>
> My question is how can i change the server name, the name here
> 1.1.168.192.in-addr.arpa looks wired.
>

I am not a windows professional but my guess is that Windows tries to
resolve the configured Nameservers name and that your home router which is
likely 192.168.1.1 resolves itself like that. The DNS Address 192.168.1.1
will most likely be automatically assigned via DHCP, you should be able to
override that.
For actually testing DNS responses however dig is a tool much better suited
for that than nslookup. You should be able to get it from ISCs BIND for
Windows suite i think.

 Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130318/f57d8241/attachment.html>

From bert.hubert at netherlabs.nl  Mon Mar 18 18:56:08 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Mon, 18 Mar 2013 19:56:08 +0100
Subject: [Pdns-users] New website, certified consultants,
	new third party registries!
Message-ID: <20130318185608.GA26776@xs.powerdns.com>

Hi everybody,

Today we're proud to present our revamped homepage, http://www.powerdns.com/
In addition, as of today, our homepage can be reached over IPv6 too.

We've worked hard to make this site a useful resource both for our open
source community (which helped extensively in proofreading the site!) as
well as for our supported users (customers).

Your feedback is welcome as we are still working on the finishing touches.

Three further things of note:

1) http://www.powerdns.com/third-party.html has a list of 'third party open
source products' that go well with PowerDNS. We want to make this a
comprehensive list, so if you have a PowerDNS-related open source product,
please let us know!

2) http://www.powerdns.com/hosted.html has a list of 'third party PowerDNS
hosted service providers'. If you offer hosted PowerDNS services, please let
us know so we can list you. 

3) http://www.powerdns.com/certified-consultants.html describes how we
cooperate with currently five members of the open source community that can
provide professional services for PowerDNS users that need them. If you too
want to become a 'certified consultant', please let us know. The bar for
becoming a certified consultant is high, and we should probably know you
already.

Thank you for your attention & we hope to hear from you!

-- 
PowerDNS Website: http://www.powerdns.com/
Contact us by phone on +31-15-7850372


From miguel.mirandag at gmail.com  Mon Mar 18 20:24:49 2013
From: miguel.mirandag at gmail.com (Miguel Miranda)
Date: Mon, 18 Mar 2013 14:24:49 -0600
Subject: [Pdns-users] backend time out errors
Message-ID: <CAGwP77NmS3i=XKe4mB8_dwWGL-YRCU_RXTu0mBMAmeN3Enk17g@mail.gmail.com>

Hello to all, im getting several timeout errors in a recenly installed
powerdns 3.1 server, this is autoritative/resolver server, pns running in
public interface and resolver running in localhost, this is the error:

Recursive query for remote x.x.x.x:1044 with internal id 180 was not
answered by backend within timeout, reusing id

im using mysql backend. this is a powerfull server, 2 x quad core running
centos 64 bit, 32 gb ram.

i tunned mysql using the my-huge example, so i dont think this is a db
problem, but may be im wring, what should i check to isolate the problem?

this is my pdns.conf file:
setuid=pdns
setgid=pdns
allow-recursion=127.0.0.0/8 \
y.y.y.y \
z.z.z.z
cache-ttl=300
daemon=yes
disable-tcp=yes
distributor-threads=25
guardian=yes
launch=gmysql
gmysql-host=127.0.0.1
gmysql-dbname=powerdns
gmysql-user=pdns
gmysql-password=xxx
lazy-recursion=yes
local-address=x.x.x.x
local-port=53
log-dns-details=no
log-dns-queries=no
log-failed-updates=no
max-cache-entries=2000000
negquery-cache-ttl=0
query-cache-ttl=300
query-logging=no
receiver-threads=25
recursive-cache-ttl=300
recursor=127.0.0.1
webserver=yes
webserver-address=x.x.x.x

and this is the recursor.conf file:
setuid=pdns-recursor
setgid=pdns-recursor
daemon=yes
dont-query=127.0.0.0/8
local-address=127.0.0.1
local-port=53
log-common-errors=no
max-cache-entries=3000000
max-negative-ttl=0
max-packetcache-entries=3000000
packetcache-servfail-ttl=0
quiet=yes
threads=25

regards,
---Miguel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130318/6abacd90/attachment.html>

From jigneshmpatel at gmail.com  Mon Mar 18 20:37:07 2013
From: jigneshmpatel at gmail.com (Jignesh Patel)
Date: Mon, 18 Mar 2013 16:37:07 -0400
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
Message-ID: <CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>

Peter
This is not a problem. Is there any good documentation for setting up
powerdns with ldap?

-Jignesh

On Mon, Mar 18, 2013 at 2:25 AM, Peter van Dijk <
peter.van.dijk at netherlabs.nl> wrote:

> Hello Jignesh,
>
> On Mar 17, 2013, at 23:43 , Jignesh Patel wrote:
>
> > after a while I see following message in /var/log/messages file
> >
> > Mar 17 22:39:32 ip-10-190-102-20 pdns[19195]: Respawning
> > Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Guardian is launching an
> instance
> > Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Reading random entropy
> from '/dev/urandom'
> > Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: This is a guarded instance
> of pdns
> > Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Fatal error: Trying to set
> unexisting parameter 'ldap-host '
> >
> > So how to set LDAP parameter. I have not configured powerdns manually
> but I used yum to install pens-backend-ldap and by default it installed
> powerdns.
>
> Is it possible there is another launch= line further down in your config?
> You can only have one - if you have multiple, PowerDNS will use the last
> one.
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130318/b94bd2c3/attachment.html>

From nmilas at admin.noa.gr  Mon Mar 18 22:23:55 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Tue, 19 Mar 2013 00:23:55 +0200
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
	<CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
Message-ID: <514793FB.9010800@admin.noa.gr>

On 18/3/2013 10:37 ΌΌ, Jignesh Patel wrote:

> ...Is there any good documentation for setting up
> powerdns with ldap?
>

Official support has been dropped for LDAP backend by its former 
maintainer and, as a result, by PowerDNS too. v2.9.22 is the last 
working version, even with some limitations
(see: http://comments.gmane.org/gmane.network.dns.powerdns.devel/1371)

Documentation is available here (by the former maintainer): 
http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend

Thanks to a recent ldap-backend fork, development has restarted, but 
needs testing - no official releases yet. Read here about the fork: 
http://marc.info/?l=pdns-users&m=135534915929068&w=2

Here is the latest call for testing, after adding master support for the 
first time:
http://sequanux.org/pipermail/pdns-ldap-backend/2013-March/000011.html

Subscribe to:
http://sequanux.org/cgi-bin/mailman/listinfo/pdns-ldap-backend
to keep updated about all progress regarding ldap backend.

If you can help with testing or otherwise, it will certainly make a 
difference. Pdns ldap backend had been largely neglected (despite my 
efforts to keep it alive).

I'm gonna test the latest version in the next few days.

Regards,
Nick


From jigneshmpatel at gmail.com  Tue Mar 19 01:15:04 2013
From: jigneshmpatel at gmail.com (Jignesh Patel)
Date: Mon, 18 Mar 2013 21:15:04 -0400
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <514793FB.9010800@admin.noa.gr>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
	<CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
	<514793FB.9010800@admin.noa.gr>
Message-ID: <CAHTx_0yoeeZiVkJ3D5d40TEi4gxGhHkSQNyQ-h2Yq=sWiz4W8A@mail.gmail.com>

Looks like pdns works with LDAP. Thanks to Beñat for his kind assistance to
suggest removing white spaces after "=".
Now I am seeing for efficient UI to view content.

-jignesh

Mar 19 01:00:41 ip-10-190-102-20 pdns[9902]: Listening on controlsocket in
'/var/run/pdns.controlsocket'
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: Guardian is launching an
instance
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: Reading random entropy from
'/dev/urandom'
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: This is a guarded instance of
pdns
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: UDP server bound to
10.190.102.20:53
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: TCP server bound to
10.190.102.20:53
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: PowerDNS 3.1 (C) 2001-2012
PowerDNS.COM <http://powerdns.com/> BV (Oct 28 2012, 17:20:44, gcc 4.4.6
20120305 (Red Hat 4.4.6-4)) starting up
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: PowerDNS comes with ABSOLUTELY
NO WARRANTY. This is free software, and you are welcome to redistribute it
according to the terms of the GPL version 2.
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: DNS Proxy launched, local port
38045, remote 127.0.0.1:53
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: Creating backend connection
for TCP
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: About to create 3 backend
threads for UDP
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: Done launching threads, ready
to distribute questions

On Mon, Mar 18, 2013 at 6:23 PM, Nikolaos Milas <nmilas at admin.noa.gr> wrote:

> On 18/3/2013 10:37 μμ, Jignesh Patel wrote:
>
>  ...Is there any good documentation for setting up
>> powerdns with ldap?
>>
>>
> Official support has been dropped for LDAP backend by its former
> maintainer and, as a result, by PowerDNS too. v2.9.22 is the last working
> version, even with some limitations
> (see: http://comments.gmane.org/**gmane.network.dns.powerdns.**devel/1371<http://comments.gmane.org/gmane.network.dns.powerdns.devel/1371>
> )
>
> Documentation is available here (by the former maintainer):
> http://www.linuxnetworks.de/**doc/index.php/PowerDNS_LDAP_**Backend<http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend>
>
> Thanks to a recent ldap-backend fork, development has restarted, but needs
> testing - no official releases yet. Read here about the fork:
> http://marc.info/?l=pdns-**users&m=135534915929068&w=2<http://marc.info/?l=pdns-users&m=135534915929068&w=2>
>
> Here is the latest call for testing, after adding master support for the
> first time:
> http://sequanux.org/pipermail/**pdns-ldap-backend/2013-March/**000011.html<http://sequanux.org/pipermail/pdns-ldap-backend/2013-March/000011.html>
>
> Subscribe to:
> http://sequanux.org/cgi-bin/**mailman/listinfo/pdns-ldap-**backend<http://sequanux.org/cgi-bin/mailman/listinfo/pdns-ldap-backend>
> to keep updated about all progress regarding ldap backend.
>
> If you can help with testing or otherwise, it will certainly make a
> difference. Pdns ldap backend had been largely neglected (despite my
> efforts to keep it alive).
>
> I'm gonna test the latest version in the next few days.
>
> Regards,
> Nick
>
> ______________________________**_________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.**com <Pdns-users at mailman.powerdns.com>
> http://mailman.powerdns.com/**mailman/listinfo/pdns-users<http://mailman.powerdns.com/mailman/listinfo/pdns-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130318/70ec337f/attachment.html>

From vinh.ho2110 at gmail.com  Tue Mar 19 02:35:58 2013
From: vinh.ho2110 at gmail.com (=?UTF-8?B?xJDhu6ljIFZpbmggSOG7kw==?=)
Date: Tue, 19 Mar 2013 09:35:58 +0700
Subject: [Pdns-users] Upgrade PowerDNS Authoritative from 3.0.1 to the
	lastest version
Message-ID: <CAHd=_-OaJ91ip1CAp_Myb+-snL-e9-z-YwxFF+3rNWLUkN_Cdg@mail.gmail.com>

Dear everyone,
I'm using PowerDNS Authoritative version 3.0.1. Now, i want to upgrade it
to the lastest version, because i hear that lastest version of PowerDNS
Authoritative support ENDS which is configured like this "disable-edns=no"
EDNS with help me to solve my trouble of heavy UDP Packet size. Can some
one show me how to do that
Thanks you !

Vinh Ho
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/592d3f00/attachment.html>

From nmilas at admin.noa.gr  Tue Mar 19 07:46:52 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Tue, 19 Mar 2013 09:46:52 +0200
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <CAHTx_0yoeeZiVkJ3D5d40TEi4gxGhHkSQNyQ-h2Yq=sWiz4W8A@mail.gmail.com>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
	<CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
	<514793FB.9010800@admin.noa.gr>
	<CAHTx_0yoeeZiVkJ3D5d40TEi4gxGhHkSQNyQ-h2Yq=sWiz4W8A@mail.gmail.com>
Message-ID: <514817EC.8030404@admin.noa.gr>

On 19/3/2013 3:15 πΌ, Jignesh Patel wrote:

> Looks like pdns works with LDAP. Thanks to Beñat for his kind 
> assistance to suggest removing white spaces after "=".

Please report here how it behaves (errors etc.).

> Now I am seeing for efficient UI to view content.

Besides JXplorer and phpLDAPadmin, we are using a custom php-based 
application (which is tailored to our zones, so it's not suitable for 
general use).

Best regards,
Nick


From peter.van.dijk at netherlabs.nl  Tue Mar 19 07:59:29 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Tue, 19 Mar 2013 08:59:29 +0100
Subject: [Pdns-users] backend time out errors
In-Reply-To: <CAGwP77NmS3i=XKe4mB8_dwWGL-YRCU_RXTu0mBMAmeN3Enk17g@mail.gmail.com>
References: <CAGwP77NmS3i=XKe4mB8_dwWGL-YRCU_RXTu0mBMAmeN3Enk17g@mail.gmail.com>
Message-ID: <46E2C096-367F-4305-9A83-934CE509E58D@netherlabs.nl>

Hello Miguel,

On Mar 18, 2013, at 21:24 , Miguel Miranda wrote:

> Hello to all, im getting several timeout errors in a recenly installed powerdns 3.1 server, this is autoritative/resolver server, pns running in public interface and resolver running in localhost, this is the error:
> 
> Recursive query for remote x.x.x.x:1044 with internal id 180 was not answered by backend within timeout, reusing id

This is about a forwarded recursive query. Recursive queries time out all the time, because various name servers on the Internet are down or slow.

> im using mysql backend. this is a powerfull server, 2 x quad core running centos 64 bit, 32 gb ram.
> 
> i tunned mysql using the my-huge example, so i dont think this is a db problem, but may be im wring, what should i check to isolate the problem?

This is not a MySQL issue - this is for queries that were -not- answered from your database.

Unless you are actually having trouble resolving various names via the recursor, and think this is not okay, there is no problem.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From margus.kiting at gmail.com  Tue Mar 19 11:51:20 2013
From: margus.kiting at gmail.com (Margus Kiting)
Date: Tue, 19 Mar 2013 13:51:20 +0200
Subject: [Pdns-users] pdns-3.2 AXFR per domain ACL's problem
Message-ID: <CAFRaUvb2eptHWzmPap5cThTUOw=QfHKF+syTtv3uaPo1Mft2tg@mail.gmail.com>

Hi,

I'm new to this list and this is the first time I encountered a problem
using powerdns authoritative DNS server, so I hope I find solution for this
problem from here.

The problem is in AXFR per domain ACL's. They are just nor working for me.
Below is configuration and test outputs.

Master DNS: pdns-master 192.168.1.10
Slave DNS: pdns-slave 192.168.1.11
Test server: pdns-test 192.168.1.13

PowerDNS Version 3.2, compiled on Mar 12 2013, 10:19:57 with gcc version
4.1.2 20080704 (Red Hat 4.1.2-51)


pdns-master pdns.conf

setuid=daemon
setgid=daemon
cache-ttl=60
daemon=yes
disable-tcp=no
distributor-threads=10

launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=powerdns
gmysql-password=password
gmysql-dbname=powerdns
logging-facility=1
loglevel=4
master=yes
query-cache-ttl=60
recursive-cache-ttl=60
recursor=127.0.0.1
query-local-address6=

NB! recursor is not running.

pdns-master mysql information:

mysql> select * from domains;
id      name    master  last_check      type    notified_serial account
1       test.com        NULL    NULL    MASTER  1363693953      NULL

mysql> select * from records;
id      domain_id       name    type    content ttl     prio
change_date    ordername        auth
1       1       test.com        SOA     dns1.test.com root at test.com 0
86400  NULL     NULL    NULL    NULL
2       1       test.com        NS      dns1.test.com   86400   NULL
1363693952      NULL    NULL
3       1       test.com        NS      dns2.test.com   86400   NULL
1363693952      NULL    NULL
4       1       www.test.com    A       192.168.1.12    120     NULL
1363693952      NULL    NULL
5       1       mail.test.com   A       192.168.1.12    120     NULL
1363693952      NULL    NULL
6       1       dns1.test.com   A       192.168.1.11    120     NULL
1363693952      NULL    NULL
7       1       dns2.test.com   A       192.168.1.10    120     NULL
1363693952      NULL    NULL
8       1       test.com        MX      mail.test.com   120     25
1363693953      NULL    NULL

mysql> select * from domainmetadata;
id      domain_id       kind    content
1       1       ALLOW-AXFR-FROM AUTO-NS
AXFR queries should be allowd onlly from server, which are in
test.comdomain NS records.
I will AXFR query from pdns-slave, which has IP 192.168.1.11 and it is
configured as NS record in test.ccom domain and it should get correct axfr
query answer.
I also try AXFR query from pdns-test, which has IP 192.168.1.12 and it's
not configured as NS record in test.com domain and this server should get
transfer failure message from pdns-master server. powerdns daemon is
running with monitor flag, which gives debug output from servers side.

AXFR query from pdns-slave 192.168.1.11 server:

[root at pdns-slave ~]# dig axfr test.com @192.168.1.10

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> axfr test.com @
192.168.1.10
;; global options:  printcmd
test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
1363693953 10800 3600 604800 3600
test.com.               86400   IN      NS      dns1.test.com.
test.com.               86400   IN      NS      dns2.test.com.
www.test.com.           120     IN      A       192.168.1.12
mail.test.com.          120     IN      A       192.168.1.12
dns1.test.com.          120     IN      A       192.168.1.11
dns2.test.com.          120     IN      A       192.168.1.10
test.com.               120     IN      MX      25 mail.test.com.
test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
1363693953 10800 3600 604800 3600
;; Query time: 12 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Tue Mar 19 13:24:06 2013
;; XFR size: 9 records (messages 3)

Powerdns log output in pdns-master server:

Mar 19 13:24:06 AXFR of domain 'test.com' initiated by 192.168.1.11
Mar 19 13:24:06 AXFR of domain 'test.com' allowed: client IP 192.168.1.11
is in allow-axfr-ips
Mar 19 13:24:06 gmysql Connection successful
Mar 19 13:24:06 gmysql Connection successful
Mar 19 13:24:06 AXFR of domain 'test.com' to 192.168.1.11 finished

AXFR query from pdns-test 192.168.1.12 server:

[root at pdns-test ~]# dig axfr test.com @192.168.1.10

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> axfr test.com @
192.168.1.10
;; global options:  printcmd
test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
1363693953 10800 3600 604800 3600
test.com.               86400   IN      NS      dns1.test.com.
test.com.               86400   IN      NS      dns2.test.com.
www.test.com.           120     IN      A       192.168.1.12
mail.test.com.          120     IN      A       192.168.1.12
dns1.test.com.          120     IN      A       192.168.1.11
dns2.test.com.          120     IN      A       192.168.1.10
test.com.               120     IN      MX      25 mail.test.com.
test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
1363693953 10800 3600 604800 3600
;; Query time: 17 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Tue Mar 19 13:25:50 2013
;; XFR size: 9 records (messages 3)


Powerdns log output in pdns-master server:

Mar 19 13:25:50 AXFR of domain 'test.com' initiated by 192.168.1.12
Mar 19 13:25:50 AXFR of domain 'test.com' allowed: client IP 192.168.1.12
is in allow-axfr-ips
Mar 19 13:25:50 gmysql Connection successful
Mar 19 13:25:50 gmysql Connection successful
Mar 19 13:25:50 AXFR of domain 'test.com' to 192.168.1.12 finished

As seen from abowe, AXFR ACL's per domain is not working. Am I missing some
configuration or I'm doing something very wrong?
Please help.

NB! English is not my native language, so appologies if there are mistakes.

Thanks in advance!
Margus Kiting
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/90a630ff/attachment.html>

From cyclops at prof-x.net  Tue Mar 19 12:05:14 2013
From: cyclops at prof-x.net (Ruben d'Arco)
Date: Tue, 19 Mar 2013 13:05:14 +0100
Subject: [Pdns-users] pdns-3.2 AXFR per domain ACL's problem
In-Reply-To: <CAFRaUvb2eptHWzmPap5cThTUOw=QfHKF+syTtv3uaPo1Mft2tg@mail.gmail.com>
References: <CAFRaUvb2eptHWzmPap5cThTUOw=QfHKF+syTtv3uaPo1Mft2tg@mail.gmail.com>
Message-ID: <20130319120514.GA23454@prof-x.prof-x.net>

Hi,

This ia bit of a gues, but:
The AUTO-NS feature seems to use a normal getaddrinfo(). This might have a different result than you expect on your system.
Can you check what's in your resolv.conf and see what that replied when you ask for dns1.test.com and dns2.test.com?

Regards,
	Ruben



On Tue, Mar 19, 2013 at 01:51:20PM +0200, Margus Kiting wrote:
> Hi,
> 
> I'm new to this list and this is the first time I encountered a problem
> using powerdns authoritative DNS server, so I hope I find solution for this
> problem from here.
> 
> The problem is in AXFR per domain ACL's. They are just nor working for me.
> Below is configuration and test outputs.
> 
> Master DNS: pdns-master 192.168.1.10
> Slave DNS: pdns-slave 192.168.1.11
> Test server: pdns-test 192.168.1.13
> 
> PowerDNS Version 3.2, compiled on Mar 12 2013, 10:19:57 with gcc version
> 4.1.2 20080704 (Red Hat 4.1.2-51)
> 
> 
> pdns-master pdns.conf
> 
> setuid=daemon
> setgid=daemon
> cache-ttl=60
> daemon=yes
> disable-tcp=no
> distributor-threads=10
> 
> launch=gmysql
> gmysql-host=127.0.0.1
> gmysql-user=powerdns
> gmysql-password=password
> gmysql-dbname=powerdns
> logging-facility=1
> loglevel=4
> master=yes
> query-cache-ttl=60
> recursive-cache-ttl=60
> recursor=127.0.0.1
> query-local-address6=
> 
> NB! recursor is not running.
> 
> pdns-master mysql information:
> 
> mysql> select * from domains;
> id      name    master  last_check      type    notified_serial account
> 1       test.com        NULL    NULL    MASTER  1363693953      NULL
> 
> mysql> select * from records;
> id      domain_id       name    type    content ttl     prio
> change_date    ordername        auth
> 1       1       test.com        SOA     dns1.test.com root at test.com 0
> 86400  NULL     NULL    NULL    NULL
> 2       1       test.com        NS      dns1.test.com   86400   NULL
> 1363693952      NULL    NULL
> 3       1       test.com        NS      dns2.test.com   86400   NULL
> 1363693952      NULL    NULL
> 4       1       www.test.com    A       192.168.1.12    120     NULL
> 1363693952      NULL    NULL
> 5       1       mail.test.com   A       192.168.1.12    120     NULL
> 1363693952      NULL    NULL
> 6       1       dns1.test.com   A       192.168.1.11    120     NULL
> 1363693952      NULL    NULL
> 7       1       dns2.test.com   A       192.168.1.10    120     NULL
> 1363693952      NULL    NULL
> 8       1       test.com        MX      mail.test.com   120     25
> 1363693953      NULL    NULL
> 
> mysql> select * from domainmetadata;
> id      domain_id       kind    content
> 1       1       ALLOW-AXFR-FROM AUTO-NS
> AXFR queries should be allowd onlly from server, which are in
> test.comdomain NS records.
> I will AXFR query from pdns-slave, which has IP 192.168.1.11 and it is
> configured as NS record in test.ccom domain and it should get correct axfr
> query answer.
> I also try AXFR query from pdns-test, which has IP 192.168.1.12 and it's
> not configured as NS record in test.com domain and this server should get
> transfer failure message from pdns-master server. powerdns daemon is
> running with monitor flag, which gives debug output from servers side.
> 
> AXFR query from pdns-slave 192.168.1.11 server:
> 
> [root at pdns-slave ~]# dig axfr test.com @192.168.1.10
> 
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> axfr test.com @
> 192.168.1.10
> ;; global options:  printcmd
> test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
> 1363693953 10800 3600 604800 3600
> test.com.               86400   IN      NS      dns1.test.com.
> test.com.               86400   IN      NS      dns2.test.com.
> www.test.com.           120     IN      A       192.168.1.12
> mail.test.com.          120     IN      A       192.168.1.12
> dns1.test.com.          120     IN      A       192.168.1.11
> dns2.test.com.          120     IN      A       192.168.1.10
> test.com.               120     IN      MX      25 mail.test.com.
> test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
> 1363693953 10800 3600 604800 3600
> ;; Query time: 12 msec
> ;; SERVER: 192.168.1.10#53(192.168.1.10)
> ;; WHEN: Tue Mar 19 13:24:06 2013
> ;; XFR size: 9 records (messages 3)
> 
> Powerdns log output in pdns-master server:
> 
> Mar 19 13:24:06 AXFR of domain 'test.com' initiated by 192.168.1.11
> Mar 19 13:24:06 AXFR of domain 'test.com' allowed: client IP 192.168.1.11
> is in allow-axfr-ips
> Mar 19 13:24:06 gmysql Connection successful
> Mar 19 13:24:06 gmysql Connection successful
> Mar 19 13:24:06 AXFR of domain 'test.com' to 192.168.1.11 finished
> 
> AXFR query from pdns-test 192.168.1.12 server:
> 
> [root at pdns-test ~]# dig axfr test.com @192.168.1.10
> 
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> axfr test.com @
> 192.168.1.10
> ;; global options:  printcmd
> test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
> 1363693953 10800 3600 604800 3600
> test.com.               86400   IN      NS      dns1.test.com.
> test.com.               86400   IN      NS      dns2.test.com.
> www.test.com.           120     IN      A       192.168.1.12
> mail.test.com.          120     IN      A       192.168.1.12
> dns1.test.com.          120     IN      A       192.168.1.11
> dns2.test.com.          120     IN      A       192.168.1.10
> test.com.               120     IN      MX      25 mail.test.com.
> test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
> 1363693953 10800 3600 604800 3600
> ;; Query time: 17 msec
> ;; SERVER: 192.168.1.10#53(192.168.1.10)
> ;; WHEN: Tue Mar 19 13:25:50 2013
> ;; XFR size: 9 records (messages 3)
> 
> 
> Powerdns log output in pdns-master server:
> 
> Mar 19 13:25:50 AXFR of domain 'test.com' initiated by 192.168.1.12
> Mar 19 13:25:50 AXFR of domain 'test.com' allowed: client IP 192.168.1.12
> is in allow-axfr-ips
> Mar 19 13:25:50 gmysql Connection successful
> Mar 19 13:25:50 gmysql Connection successful
> Mar 19 13:25:50 AXFR of domain 'test.com' to 192.168.1.12 finished
> 
> As seen from abowe, AXFR ACL's per domain is not working. Am I missing some
> configuration or I'm doing something very wrong?
> Please help.
> 
> NB! English is not my native language, so appologies if there are mistakes.
> 
> Thanks in advance!
> Margus Kiting

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



From jigneshmpatel at gmail.com  Tue Mar 19 12:17:38 2013
From: jigneshmpatel at gmail.com (Jignesh Patel)
Date: Tue, 19 Mar 2013 08:17:38 -0400
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <514817EC.8030404@admin.noa.gr>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
	<CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
	<514793FB.9010800@admin.noa.gr>
	<CAHTx_0yoeeZiVkJ3D5d40TEi4gxGhHkSQNyQ-h2Yq=sWiz4W8A@mail.gmail.com>
	<514817EC.8030404@admin.noa.gr>
Message-ID: <CAHTx_0wgbVpcU9_T6ago0knLBh7xUZqu7DTZHv3PLQcPHBK6aA@mail.gmail.com>

Nick,

For the UI my question is in the context of PDNS, not for LDAP UI.
Is there any UI which can work PDNS(with LDAP). I am definitely going to
install phpLDAPAdmin, but is that sufficient?
Also how to setup DNS SRV recrod in LDAP and link with PDNS.
Like my email id jignehsmpatel at gmail.com, now when I create a certificate
for me, how do insert SRV record for the same.

-jigensh

On Tue, Mar 19, 2013 at 3:46 AM, Nikolaos Milas <nmilas at admin.noa.gr> wrote:

> On 19/3/2013 3:15 πμ, Jignesh Patel wrote:
>
>  Looks like pdns works with LDAP. Thanks to Beñat for his kind assistance
>> to suggest removing white spaces after "=".
>>
>
> Please report here how it behaves (errors etc.).
>
>
>  Now I am seeing for efficient UI to view content.
>>
>
> Besides JXplorer and phpLDAPadmin, we are using a custom php-based
> application (which is tailored to our zones, so it's not suitable for
> general use).
>
> Best regards,
>
> Nick
> ______________________________**_________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.**com <Pdns-users at mailman.powerdns.com>
> http://mailman.powerdns.com/**mailman/listinfo/pdns-users<http://mailman.powerdns.com/mailman/listinfo/pdns-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/e6d4775e/attachment.html>

From jigneshmpatel at gmail.com  Tue Mar 19 12:23:01 2013
From: jigneshmpatel at gmail.com (Jignesh Patel)
Date: Tue, 19 Mar 2013 08:23:01 -0400
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <CAHTx_0wgbVpcU9_T6ago0knLBh7xUZqu7DTZHv3PLQcPHBK6aA@mail.gmail.com>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
	<CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
	<514793FB.9010800@admin.noa.gr>
	<CAHTx_0yoeeZiVkJ3D5d40TEi4gxGhHkSQNyQ-h2Yq=sWiz4W8A@mail.gmail.com>
	<514817EC.8030404@admin.noa.gr>
	<CAHTx_0wgbVpcU9_T6ago0knLBh7xUZqu7DTZHv3PLQcPHBK6aA@mail.gmail.com>
Message-ID: <CAHTx_0wi+yPbFLCi0nr8+p6C2DzB+CJXPaoNiTsttbCNsyPUxw@mail.gmail.com>

Nick,

The question is updated as inlined.

-Jignesh

On Tue, Mar 19, 2013 at 8:17 AM, Jignesh Patel <jigneshmpatel at gmail.com>wrote:

> Nick,
>
> For the UI my question is in the context of PDNS, not for LDAP UI.
> Is there any UI which can work PDNS(with LDAP). I am definitely going to
> install phpLDAPAdmin, but is that sufficient?
> Also how to setup DNS SRV recrod in LDAP and link with PDNS.
> Like my email id jignehsmpatel at gmail.com, now when I create a certificate
> for me, how do insert SRV record for the same.
>

Also instead of
 BDB --> LDAP --> PDNS

can I make following structure working?

  Postgres --> LDAP
  Postgres --> PDNS

-Jignesh

>
> -jigensh
>
> On Tue, Mar 19, 2013 at 3:46 AM, Nikolaos Milas <nmilas at admin.noa.gr>wrote:
>
>> On 19/3/2013 3:15 πμ, Jignesh Patel wrote:
>>
>>  Looks like pdns works with LDAP. Thanks to Beñat for his kind assistance
>>> to suggest removing white spaces after "=".
>>>
>>
>> Please report here how it behaves (errors etc.).
>>
>>
>>  Now I am seeing for efficient UI to view content.
>>>
>>
>> Besides JXplorer and phpLDAPadmin, we are using a custom php-based
>> application (which is tailored to our zones, so it's not suitable for
>> general use).
>>
>> Best regards,
>>
>> Nick
>> ______________________________**_________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.**com <Pdns-users at mailman.powerdns.com>
>> http://mailman.powerdns.com/**mailman/listinfo/pdns-users<http://mailman.powerdns.com/mailman/listinfo/pdns-users>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/caf43751/attachment.html>

From bert.hubert at netherlabs.nl  Tue Mar 19 16:02:51 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Tue, 19 Mar 2013 17:02:51 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <5148841C.7050100@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>
Message-ID: <20130319160251.GA2335@xs.powerdns.com>

On Tue, Mar 19, 2013 at 05:28:28PM +0200, Nikolaos Milas wrote:
>     CXXFLAGS="${CXXFLAGS} -I/usr/local/openldap/include"
>     LDFLAGS="${LDFLAGS} -L/usr/local/openldap/lib64 -lldap -llber"

Can you try LIBS=-L/usr/local/openldap/lib64 ./configure ...
?

And can you double check a libldap.so lives there?

	Bert

-- 
PowerDNS Website: http://www.powerdns.com/
Contact us by phone on +31-15-7850372



From nmilas at admin.noa.gr  Tue Mar 19 16:08:21 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Tue, 19 Mar 2013 18:08:21 +0200
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
	libraries/headers
In-Reply-To: <5148841C.7050100@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>
Message-ID: <51488D75.5050903@admin.noa.gr>

On 19/3/2013 5:28 μμ, Nikolaos Milas wrote:

> Can you please guide me on how to adapt the spec file so as to build 
> correctly using the custom ldap libraries / headers?

Hmm, actually now that I tried to build using even the standard CentOS 6 
RPMs/libs/headers/, it still fails at the same point.

So, am I doing something wrong? Please advise.

Thanks,
Nick



From nmilas at admin.noa.gr  Tue Mar 19 18:13:12 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Tue, 19 Mar 2013 20:13:12 +0200
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
	libraries/headers
In-Reply-To: <20130319160251.GA2335@xs.powerdns.com>
References: <5148841C.7050100@admin.noa.gr>
	<20130319160251.GA2335@xs.powerdns.com>
Message-ID: <5148AAB8.80605@admin.noa.gr>

On 19/3/2013 6:02 μμ, bert hubert wrote:

> Can you try LIBS=-L/usr/local/openldap/lib64 ./configure ...
> ?
>
> And can you double check a libldap.so lives there?

Thanks,

I just tried:

    LIBS="-L/usr/local/openldap/lib64"

and (just in case):

    LIBS="${LIBS} -L/usr/local/openldap/lib64"

but it always fails:

    checking ldap.h usability... yes
    checking ldap.h presence... yes
    checking for ldap.h... yes
    checking lber.h usability... yes
    checking lber.h presence... yes
    checking for lber.h... yes
    checking for ldap_set_option in -lldap_r... no
    checking for ldap_set_option in -lldap... no
    configure: error: ldap library (libldap) not found
    error: Bad exit status from /var/tmp/rpm-tmp.Ng5O8F (%build)


    RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.Ng5O8F (%build)

although:

    $ ls -la /usr/local/openldap/lib64
    total 4368
    drwxr-xr-x. 2 ldap ldap 4096 Sep 21 23:20 .
    drwxr-xr-x. 10 ldap ldap 4096 Sep 21 23:20 ..
    lrwxrwxrwx. 1 ldap ldap 20 Sep 21 23:20 liblber-2.4.so.2 ->
    liblber-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 160919 Sep 21 23:14 liblber-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 101556 Sep 21 23:15 liblber.a
    -rw-r--r--. 1 ldap ldap 864 Sep 21 23:14 liblber.la
    lrwxrwxrwx. 1 ldap ldap 20 Sep 21 23:20 liblber.so ->
    liblber-2.4.so.2.8.4
    lrwxrwxrwx. 1 ldap ldap 20 Sep 21 23:20 libldap-2.4.so.2 ->
    libldap-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 1121334 Sep 21 23:14 libldap-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 543372 Sep 21 23:15 libldap.a
    -rw-r--r--. 1 ldap ldap 924 Sep 21 23:14 libldap.la
    lrwxrwxrwx. 1 ldap ldap 22 Sep 21 23:20 libldap_r-2.4.so.2 ->
    libldap_r-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 1230174 Sep 21 23:14 libldap_r-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 602292 Sep 21 23:15 libldap_r.a
    -rw-r--r--. 1 ldap ldap 947 Sep 21 23:14 libldap_r.la
    lrwxrwxrwx. 1 ldap ldap 22 Sep 21 23:20 libldap_r.so ->
    libldap_r-2.4.so.2.8.4
    lrwxrwxrwx. 1 ldap ldap 20 Sep 21 23:20 libldap.so ->
    libldap-2.4.so.2.8.4
    lrwxrwxrwx. 1 ldap ldap 21 Sep 21 23:20 libslapi-2.4.so.2 ->
    libslapi-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 464586 Sep 21 23:14 libslapi-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 207304 Sep 21 23:15 libslapi.a
    -rw-r--r--. 1 ldap ldap 862 Sep 21 23:14 libslapi.la
    lrwxrwxrwx. 1 ldap ldap 21 Sep 21 23:20 libslapi.so ->
    libslapi-2.4.so.2.8.4

But, as I mentioned, it even fails without any change in the spec file, 
simply trying to build with the standard CentOS 6 OpenLDAP packages. In 
that case, it should be using the default system lib dir:

    $ ls -la /usr/lib64/ | grep ldap
    drwxr-xr-x. 4 root root 4096 Mar 11 16:06 evolution-openldap
    lrwxrwxrwx. 1 root root 10 Sep 21 15:16 libldap-2.4.so.2 -> libldap.so
    lrwxrwxrwx. 1 root root 12 Sep 21 15:16 libldap_r-2.4.so.2 ->
    libldap_r.so
    lrwxrwxrwx 1 root root 29 Mar 11 16:06 libldap_r.so ->
    /lib64/libldap_r-2.4.so.2.5.6
    lrwxrwxrwx 1 root root 27 Mar 11 16:06 libldap.so ->
    /lib64/libldap-2.4.so.2.5.6
    -rwxr-xr-x 1 root root 40320 Feb 22 09:49 libsmbldap.so.0

Any other ideas?

Thanks,
Nick



From chieff7 at gmail.com  Tue Mar 19 21:41:08 2013
From: chieff7 at gmail.com (Ron Tsoref)
Date: Tue, 19 Mar 2013 23:41:08 +0200
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <20130318105606.GC14649@torres.zugschlus.de>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
	<20130318105606.GC14649@torres.zugschlus.de>
Message-ID: <CAEFjY2txpUKROQihn926YTX8C=aNVgVe68HzD2EarxvNbiRbqQ@mail.gmail.com>

The PipeBackend seems easy to implement.  Does anyone actually use a
PipeBackend in production and can share some general performance
information? Is it much slower than other backends?


On Mon, Mar 18, 2013 at 12:56 PM, Marc Haber <mh+pdns-users at zugschlus.de>wrote:

> On Sun, Mar 17, 2013 at 06:03:44PM +0300, Odhiambo Washington wrote:
> > Does PowerDNS support "views", in some way?
>
> If you look for something that is the same as bind views, the answer
> is no, unfortunately. Same goes for ACLs.
>
> Greetings
> Marc
>
> --
>
> -----------------------------------------------------------------------------
> Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
> Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
> Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/02f11470/attachment.html>

From anthonyeden at gmail.com  Tue Mar 19 21:48:40 2013
From: anthonyeden at gmail.com (Anthony Eden)
Date: Tue, 19 Mar 2013 22:48:40 +0100
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <CAEFjY2txpUKROQihn926YTX8C=aNVgVe68HzD2EarxvNbiRbqQ@mail.gmail.com>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
	<20130318105606.GC14649@torres.zugschlus.de>
	<CAEFjY2txpUKROQihn926YTX8C=aNVgVe68HzD2EarxvNbiRbqQ@mail.gmail.com>
Message-ID: <CABcU2EH9XgNk_FW=23s1hbEZ1G0CumnwmxKrttvxX0q7WZdosw@mail.gmail.com>

We use it at DNSimple, with Ruby. Since it's run as a coprocess we get
quite good performance out of it. Definitely will be slower than other
backends if you're using an interpreted language with a relatively slow
runtime, but still quite usable. Keep scripts simple and short circuit
returns as often as possible is the most important advice.

I'm actually thinking I'd like to try a pipe backend with Go at some point
to see how that works out.

-Anthony

On Tue, Mar 19, 2013 at 10:41 PM, Ron Tsoref <chieff7 at gmail.com> wrote:

> The PipeBackend seems easy to implement.  Does anyone actually use a
> PipeBackend in production and can share some general performance
> information? Is it much slower than other backends?
>
>
> On Mon, Mar 18, 2013 at 12:56 PM, Marc Haber <mh+pdns-users at zugschlus.de>wrote:
>
>> On Sun, Mar 17, 2013 at 06:03:44PM +0300, Odhiambo Washington wrote:
>> > Does PowerDNS support "views", in some way?
>>
>> If you look for something that is the same as bind views, the answer
>> is no, unfortunately. Same goes for ACLs.
>>
>> Greetings
>> Marc
>>
>> --
>>
>> -----------------------------------------------------------------------------
>> Marc Haber         | "I don't trust Computers. They | Mailadresse im
>> Header
>> Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621
>> 31958061
>> Nordisch by Nature |  How to make an American Quilt | Fax: *49 621
>> 31958062
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>


-- 
http://anthonyeden.com | twitter: @aeden | skype: anthonyeden
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/32f3d603/attachment.html>

From bert.hubert at netherlabs.nl  Tue Mar 19 21:56:32 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Tue, 19 Mar 2013 22:56:32 +0100
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <CAEFjY2txpUKROQihn926YTX8C=aNVgVe68HzD2EarxvNbiRbqQ@mail.gmail.com>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
	<20130318105606.GC14649@torres.zugschlus.de>
	<CAEFjY2txpUKROQihn926YTX8C=aNVgVe68HzD2EarxvNbiRbqQ@mail.gmail.com>
Message-ID: <082A5E85-6FD8-49CF-9C18-9CCF81112AA3@netherlabs.nl>

On Mar 19, 2013, at 10:41 PM, Ron Tsoref wrote:

> The PipeBackend seems easy to implement.  Does anyone actually use a PipeBackend in production and can share some general performance information? Is it much slower than other backends?
> 

We've been able to squeeze 50000 qps out of a pipe backend. On a philosophical note, pipes are likely to be faster than TCP/IP, and SQL marshalling/unmarshaling is not free either.

People associate 'text based' with slow, but most SQL protocols are just as parsed, or even more so.

The pipe backend does have a performance bottleneck in 3.2 if you specify a timeout, see http://wiki.powerdns.com/trac/ticket/661

	Bert

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/85280ad8/attachment.html>

From nmilas at admin.noa.gr  Wed Mar 20 09:09:52 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Wed, 20 Mar 2013 11:09:52 +0200
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
	libraries/headers
In-Reply-To: <5148AAB8.80605@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>
	<20130319160251.GA2335@xs.powerdns.com>
	<5148AAB8.80605@admin.noa.gr>
Message-ID: <51497CE0.50100@admin.noa.gr>

On 19/3/2013 8:13 μμ, Nikolaos Milas wrote:

> But, as I mentioned, it even fails without any change in the spec
> file, simply trying to build with the standard CentOS 6 OpenLDAP
> packages. In that case, it should be using the default system lib dir:

In the meantime, I tried building PowerDNS 3.2 on CentOS 5.9 x86_64 
using 
http://www.monshouwer.eu/download/3rd_party/pdns-server/el5/SRPMS/pdns-server-3.2-1.el5.MIND.src.rpm 
and this worked fine with the standard CentOS OpenLDAP libs.

However, building using:

    LIBS="-L/usr/local/openldap/lib64"

    %build
    %configure \
         --sysconfdir=%{_sysconfdir}/powerdns \
         --libdir=%{_libdir} \
         --with-sqlite3 \
         --with-socketdir=/var/run/pdns-server \
         --with-modules="" \
         --with-dynmodules="pipe gmysql gpgsql gsqlite3 ldap"
    %{__make}

I am not sure it produces the required result:
...
/bin/sh ../../libtool --tag=CXX   --mode=link g++  -D_GNU_SOURCE -O2 -g 
-pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic -module -avoid-version 
-lrt -o libldapbackend.la -rpath /usr/lib64 ldapbackend.lo powerldap.lo 
-lldap_r -lz
...

I understand that the compiler probably still uses: /usr/lib64/ for ldap 
libs, although we instructed (?) it to use ldap libs from 
/usr/local/openldap/lib64.

So, there remain two questions:

1. How to build properly with custom LDAP libs?
2. Why we can't build correctly under CentOS 6, but only under CentOS 5?

Regards,
Nick



From miguel.mirandag at gmail.com  Wed Mar 20 15:03:03 2013
From: miguel.mirandag at gmail.com (Miguel Miranda)
Date: Wed, 20 Mar 2013 09:03:03 -0600
Subject: [Pdns-users] backend time out errors
In-Reply-To: <46E2C096-367F-4305-9A83-934CE509E58D@netherlabs.nl>
References: <CAGwP77NmS3i=XKe4mB8_dwWGL-YRCU_RXTu0mBMAmeN3Enk17g@mail.gmail.com>
	<46E2C096-367F-4305-9A83-934CE509E58D@netherlabs.nl>
Message-ID: <CAGwP77PT0zg5Enjt05xY-F=JKu9PnZRw_t4o9UY40=11eVUvTQ@mail.gmail.com>

Ok thanks Peter, im was curious about the error because  i dont have any
complaints from my customers.
.

On Tue, Mar 19, 2013 at 1:59 AM, Peter van Dijk <
peter.van.dijk at netherlabs.nl> wrote:

> Hello Miguel,
>
> On Mar 18, 2013, at 21:24 , Miguel Miranda wrote:
>
> > Hello to all, im getting several timeout errors in a recenly installed
> powerdns 3.1 server, this is autoritative/resolver server, pns running in
> public interface and resolver running in localhost, this is the error:
> >
> > Recursive query for remote x.x.x.x:1044 with internal id 180 was not
> answered by backend within timeout, reusing id
>
> This is about a forwarded recursive query. Recursive queries time out all
> the time, because various name servers on the Internet are down or slow.
>
> > im using mysql backend. this is a powerfull server, 2 x quad core
> running centos 64 bit, 32 gb ram.
> >
> > i tunned mysql using the my-huge example, so i dont think this is a db
> problem, but may be im wring, what should i check to isolate the problem?
>
> This is not a MySQL issue - this is for queries that were -not- answered
> from your database.
>
> Unless you are actually having trouble resolving various names via the
> recursor, and think this is not okay, there is no problem.
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130320/960230d9/attachment.html>

From tripivceta at hotmail.com  Wed Mar 20 18:25:36 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 20 Mar 2013 19:25:36 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <51497CE0.50100@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>,
	<20130319160251.GA2335@xs.powerdns.com>,
	<5148AAB8.80605@admin.noa.gr>, <51497CE0.50100@admin.noa.gr>
Message-ID: <DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>

>     LIBS="-L/usr/local/openldap/lib64"

What makes you believe that anything would pay attention to $LIBS? Did you see this in the code or documentation somewhere?
>     %build
>     %configure \
>          --sysconfdir=%{_sysconfdir}/powerdns \
>          --libdir=%{_libdir} \
>          --with-sqlite3 \
>          --with-socketdir=/var/run/pdns-server \
>          --with-modules="" \
>          --with-dynmodules="pipe gmysql gpgsql gsqlite3 ldap"
>     %{__make}
> 
> I am not sure it produces the required result:
> ...
> /bin/sh ../../libtool --tag=CXX   --mode=link g++  -D_GNU_SOURCE -O2 -g 
> -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
> --param=ssp-buffer-size=4 -m64 -mtune=generic -module -avoid-version 
> -lrt -o libldapbackend.la -rpath /usr/lib64 ldapbackend.lo powerldap.lo 
> -lldap_r -lz
> ...
> 
> I understand that the compiler probably still uses: /usr/lib64/ for ldap 
> libs, although we instructed (?) it to use ldap libs from 
> /usr/local/openldap/lib64.
> 
> So, there remain two questions:
> 
> 1. How to build properly with custom LDAP libs?
You need to pass --libdir=/usr/local/openldap/lib64 on the %configure line.
By the way, the correct place to put 3rd party and unbundled applications, even on GNU/Linux and especially on CentOS is /opt, in your case /opt/openldap. Configuration should go in /etc/opt/openldap, and data in /var/opt/openldap. These are controlled by --prefix=/opt/openldap --sysconfdir=/etc/opt/openldap --datadir=/var/opt/openldap when OpenLDAP is being built. OpenLDAP's ./configure might have additional switches for this.
Reference:
http://www.pathname.com/fhs/pub/fhs-2.3.html 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130320/d3d20301/attachment.html>

From tripivceta at hotmail.com  Wed Mar 20 18:38:59 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 20 Mar 2013 19:38:59 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <51488D75.5050903@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>,<51488D75.5050903@admin.noa.gr>
Message-ID: <DUB109-W4900A087F9E2CAF0F9BECBDCEA0@phx.gbl>

> Hmm, actually now that I tried to build using even the standard CentOS 6 
> RPMs/libs/headers/, it still fails at the same point.
> 
> So, am I doing something wrong? Please advise.

What does "config.log" say regarding ldap? 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130320/8fe9566e/attachment.html>

From nmilas at admin.noa.gr  Thu Mar 21 07:49:55 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Thu, 21 Mar 2013 09:49:55 +0200
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <CAHTx_0zckGX3rXQ8NHkxeCVzBaMy4Mu2ZNuyEK1xDnOhQZRMZQ@mail.gmail.com>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
	<CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
	<514793FB.9010800@admin.noa.gr>
	<CAHTx_0yoeeZiVkJ3D5d40TEi4gxGhHkSQNyQ-h2Yq=sWiz4W8A@mail.gmail.com>
	<514817EC.8030404@admin.noa.gr>
	<CAHTx_0wgbVpcU9_T6ago0knLBh7xUZqu7DTZHv3PLQcPHBK6aA@mail.gmail.com>
	<CAHTx_0wi+yPbFLCi0nr8+p6C2DzB+CJXPaoNiTsttbCNsyPUxw@mail.gmail.com>
	<51485C1E.4010504@admin.noa.gr>
	<CAHTx_0zckGX3rXQ8NHkxeCVzBaMy4Mu2ZNuyEK1xDnOhQZRMZQ@mail.gmail.com>
Message-ID: <514ABBA3.5010700@admin.noa.gr>

On 19/3/2013 3:21 μμ, Jignesh Patel wrote:

>
>     This
>     <http://www.ossramblings.com/creating-srv-records-powerdns> talks
>     about creating SRV records at org level, I would like to create an
>     individual user level(i.e. ou=people).
>
>

Sorry, I don't know about that.

>
>     You mean you would want to use PostgreSQL as backend for OpenLDAP
>     and PDNS? The latter is possible, the former I doubt. Yet, I am
>     not an expert on the issue.
>
>
> Thanks. The former is default setup as LDAP by default uses BDB.

True. If you have your primary data in an SQL db and you want to use 
LDAP as well (or the opposite), you may want to check the LDAP 
Synchronization Connector: http://lsc-project.org/

Your OpenLDAP would use any backend (these days preferably MDB).

Nick



From nmilas at admin.noa.gr  Thu Mar 21 08:46:20 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Thu, 21 Mar 2013 10:46:20 +0200
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
	libraries/headers
In-Reply-To: <DUB109-W4900A087F9E2CAF0F9BECBDCEA0@phx.gbl>
References: <5148841C.7050100@admin.noa.gr>, <51488D75.5050903@admin.noa.gr>
	<DUB109-W4900A087F9E2CAF0F9BECBDCEA0@phx.gbl>
Message-ID: <514AC8DC.6070306@admin.noa.gr>

On 20/3/2013 8:38 μμ, a b wrote:

> What does "config.log" say regarding ldap?

Thanks for the reply.

Please, see below.

Thanks,
Nick

=======================================================
...
configure:18499: checking ldap.h usability
configure:18499: g++ -c -D_GNU_SOURCE -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic conftest.cpp >&5
configure:18499: $? = 0
configure:18499: result: yes
configure:18499: checking ldap.h presence
configure:18499: g++ -E conftest.cpp
configure:18499: $? = 0
configure:18499: result: yes
configure:18499: checking for ldap.h
configure:18499: result: yes
configure:18513: checking lber.h usability
configure:18513: g++ -c -D_GNU_SOURCE -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic conftest.cpp >&5
configure:18513: $? = 0
configure:18513: result: yes
configure:18513: checking lber.h presence
configure:18513: g++ -E conftest.cpp
configure:18513: $? = 0
configure:18513: result: yes
configure:18513: checking for lber.h
configure:18513: result: yes
configure:18526: checking for ldap_set_option in -lldap_r
configure:18551: g++ -o conftest -D_GNU_SOURCE -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic -lrt c$
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../lib64/libldap_r.so: 
undefined reference to `ber_sockbuf_io_udp'
collect2: ld returned 1 exit status
configure:18551: $? = 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE_URL ""
| #define PACKAGE "pdns"
| #define VERSION "3.2"
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define YYTEXT_POINTER 1
| #define HAVE_DLFCN_H 1
| #define LT_OBJDIR ".libs/"
| #define HAVE_BOOST 1
| #define HAVE_BOOST_FOREACH_HPP 1
| #define HAVE_BOOST_PROGRAM_OPTIONS_HPP 1
| #define HAVE_BOOST_ARCHIVE_TEXT_OARCHIVE_HPP 1
| #define HAVE_LUA 1
| #define HAVE_LUA_H 1
| #define STDC_HEADERS 1
| #define HAVE_FCNTL_H 1
| #define HAVE_GETOPT_H 1
| #define HAVE_LIMITS_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_SYS_TIME_H 1
| #define HAVE_SYSLOG_H 1
| #define HAVE_UNISTD_H 1
| #define TIME_WITH_SYS_TIME 1
| #define RETSIGTYPE void
| #define HAVE_GETHOSTNAME 1
| #define HAVE_GETTIMEOFDAY 1
| #define HAVE_MKDIR 1
| #define HAVE_MKTIME 1
| #define HAVE_SELECT 1
| #define HAVE_SOCKET 1
| #define HAVE_STRERROR 1
| #define HAVE_STRCASESTR 1
| #define HAVE_LIBDL 1
| #define HAVE_LIBCRYPT 1
| #define HAVE_IPV6 1
| #define HAVE_LDAP_H 1
| #define HAVE_LBER_H 1
| /* end confdefs.h. */
|
| /* Override any GCC internal prototype to avoid an error.
| Use char because int might match the return type of a GCC
| builtin and then its argument prototype would still apply. */
| #ifdef __cplusplus
| extern "C"
| #endif
| char ldap_set_option ();
| int
| main ()
| {
| return ldap_set_option ();
| ;
| return 0;
| }
configure:18560: result: no
configure:18567: checking for ldap_set_option in -lldap
configure:18592: g++ -o conftest -D_GNU_SOURCE -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic -lrt c$
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../lib64/libldap.so: 
undefined reference to `ber_sockbuf_io_udp'
collect2: ld returned 1 exit status
configure:18592: $? = 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE_URL ""
| #define PACKAGE "pdns"
| #define VERSION "3.2"
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define YYTEXT_POINTER 1
| #define HAVE_DLFCN_H 1
| #define LT_OBJDIR ".libs/"
| #define HAVE_BOOST 1
| #define HAVE_BOOST_FOREACH_HPP 1
| #define HAVE_BOOST_PROGRAM_OPTIONS_HPP 1
| #define HAVE_BOOST_ARCHIVE_TEXT_OARCHIVE_HPP 1
| #define HAVE_LUA 1
| #define HAVE_LUA_H 1
| #define STDC_HEADERS 1
| #define HAVE_FCNTL_H 1
| #define HAVE_GETOPT_H 1
| #define HAVE_LIMITS_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_SYS_TIME_H 1
| #define HAVE_SYSLOG_H 1
| #define HAVE_UNISTD_H 1
| #define TIME_WITH_SYS_TIME 1
| #define RETSIGTYPE void
| #define HAVE_GETHOSTNAME 1
| #define HAVE_GETTIMEOFDAY 1
| #define HAVE_MKDIR 1
| #define HAVE_MKTIME 1
| #define HAVE_SELECT 1
| #define HAVE_SOCKET 1
| #define HAVE_STRERROR 1
| #define HAVE_STRCASESTR 1
| #define HAVE_LIBDL 1
| #define HAVE_LIBCRYPT 1
| #define HAVE_IPV6 1
| #define HAVE_LDAP_H 1
| #define HAVE_LBER_H 1
| /* end confdefs.h. */
|
| /* Override any GCC internal prototype to avoid an error.
| Use char because int might match the return type of a GCC
| builtin and then its argument prototype would still apply. */
| #ifdef __cplusplus
| extern "C"
| #endif
| char ldap_set_option ();
| int
| main ()
| {
| return ldap_set_option ();
| ;
| return 0;
| }
configure:18601: result: no
configure:18608: error: ldap library (libldap) not found




From nmilas at admin.noa.gr  Thu Mar 21 10:36:18 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Thu, 21 Mar 2013 12:36:18 +0200
Subject: [Pdns-users] Testing master functionality on ldap backend
Message-ID: <514AE2A2.4010305@admin.noa.gr>

Hello,

I am testing the new ldap backend 
(http://repo.or.cz/w/pdns-ldap-backend.git) under pdns v3.2 on CentOS 
6.4 x86_64

I have a question: It seems the master is sending duplicate 
notifications to the slave, both at the IPv4 and at the IPv6 address.

Is this expected behavior? Please explain.

Test details follow.

The test master server is vmres.noa.gr with:

    ...
    local-address=127.0.0.1 194.177.195.158
    local-ipv6=::1 2001:648:2011:14::158
    ...

The slave runs at:

    vdev.noa.gr
    195.251.204.232
    2001:648:2011:10::232

Here is the master zone, as queried:

# dig ANY 204.251.195.in-addr.arpa @194.177.195.158

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6.3 <<>> ANY 
204.251.195.in-addr.arpa @194.177.195.158
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39168
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;204.251.195.in-addr.arpa.      IN      ANY

;; ANSWER SECTION:
204.251.195.in-addr.arpa. 86400 IN      NS      vdev.noa.gr.
204.251.195.in-addr.arpa. 86400 IN      NS      vmres.noa.gr.
204.251.195.in-addr.arpa. 86400 IN      SOA     vmres.noa.gr. 
sysadmin.noa.gr. 2013032002 86400 180 1209600 3600

;; ADDITIONAL SECTION:
vdev.noa.gr.            86400   IN      A       195.251.204.232
vdev.noa.gr.            86400   IN      AAAA    2001:648:2011:10::232

;; Query time: 2 msec
;; SERVER: 194.177.195.158#53(194.177.195.158)
;; WHEN: Thu Mar 21 12:21:55 2013
;; MSG SIZE  rcvd: 176

Some logs after zone change, for reference:

Mar 20 20:21:28 vmres pdns[9128]: 1 domain for which we are master needs 
notifications
Mar 20 20:21:28 vmres pdns[9128]: Queued notification of domain 
'204.251.195.in-addr.arpa' to 195.251.204.232
Mar 20 20:21:28 vmres pdns[9128]: Queued notification of domain 
'204.251.195.in-addr.arpa' to 2001:648:2011:10::232
...
Mar 20 20:21:28 vmres pdns[9128]: AXFR of domain 
'204.251.195.in-addr.arpa' initiated by 195.251.204.232
Mar 20 20:21:28 vmres pdns[9128]: AXFR of domain 
'204.251.195.in-addr.arpa' allowed: client IP 195.251.204.232 is in 
allow-axfr-ips
...
Mar 20 20:21:28 vmres pdns[9128]: AXFR of domain 
'204.251.195.in-addr.arpa' to 195.251.204.232 finished
...
Mar 20 20:21:29 vmres pdns[9128]: Removed from notification list: 
'204.251.195.in-addr.arpa' to 195.251.204.232:53 (was acknowledged)

Thanks and Regards,
Nick



From nmilas at admin.noa.gr  Thu Mar 21 12:36:35 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Thu, 21 Mar 2013 14:36:35 +0200
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
	libraries/headers
In-Reply-To: <DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>
References: <5148841C.7050100@admin.noa.gr>,
	<20130319160251.GA2335@xs.powerdns.com>,
	<5148AAB8.80605@admin.noa.gr>, <51497CE0.50100@admin.noa.gr>
	<DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>
Message-ID: <514AFED3.2030804@admin.noa.gr>

On 20/3/2013 8:25 μμ, a b wrote:

> You need to pass --libdir=/usr/local/openldap/lib64 on the %configure 
> line.

Tried that, but the same error occurred.

    %configure \
    --sysconfdir=%{_sysconfdir}/powerdns \
    --libdir=/usr/local/openldap/lib64 \
    --with-sqlite3 \
    --with-socketdir=/var/run/pdns-server \
    --with-modules="" \
    --with-dynmodules="pipe gmysql gpgsql gsqlite3 ldap"
    %{__make}

Due to the fact that in the beginning it was:

    --libdir=%{_libdir}

...I am thinking I should use multiple paths, like:

    --libdir=%{_libdir},/usr/local/openldap/lib64

Is it supported?

But ideally I would like to force the use of /usr/local/openldap/lib64 
ONLY for LDAP libs. Can't I declare that explicitly somehow?

Thanks,
Nick




From margus.kiting at gmail.com  Thu Mar 21 14:18:49 2013
From: margus.kiting at gmail.com (Margus Kiting)
Date: Thu, 21 Mar 2013 16:18:49 +0200
Subject: [Pdns-users] pdns-3.2 AXFR per domain ACL's problem
In-Reply-To: <20130319120514.GA23454@prof-x.prof-x.net>
References: <CAFRaUvb2eptHWzmPap5cThTUOw=QfHKF+syTtv3uaPo1Mft2tg@mail.gmail.com>
	<20130319120514.GA23454@prof-x.prof-x.net>
Message-ID: <CAFRaUvbk5S8DtYPt3K4qHv7Rbeg-JzQ+gwZNx1=p5uiqE1B5MQ@mail.gmail.com>

Hi all!

I found out what was missing in my configuration.

I just did not read documentation properly and did not find dnssec enabling
flag.

http://doc.powerdns.com/html/domainmetadata.html

I just added gmysql-dnssec to pdns.conf and restarted service.

AXFR ACL's are working now.

Thank You all who helped.

Best Regards,
Margus Kiting

On 19 March 2013 14:05, Ruben d'Arco <cyclops at prof-x.net> wrote:

> Hi,
>
> This ia bit of a gues, but:
> The AUTO-NS feature seems to use a normal getaddrinfo(). This might have a
> different result than you expect on your system.
> Can you check what's in your resolv.conf and see what that replied when
> you ask for dns1.test.com and dns2.test.com?
>
> Regards,
>         Ruben
>
>
>
> On Tue, Mar 19, 2013 at 01:51:20PM +0200, Margus Kiting wrote:
> > Hi,
> >
> > I'm new to this list and this is the first time I encountered a problem
> > using powerdns authoritative DNS server, so I hope I find solution for
> this
> > problem from here.
> >
> > The problem is in AXFR per domain ACL's. They are just nor working for
> me.
> > Below is configuration and test outputs.
> >
> > Master DNS: pdns-master 192.168.1.10
> > Slave DNS: pdns-slave 192.168.1.11
> > Test server: pdns-test 192.168.1.13
> >
> > PowerDNS Version 3.2, compiled on Mar 12 2013, 10:19:57 with gcc version
> > 4.1.2 20080704 (Red Hat 4.1.2-51)
> >
> >
> > pdns-master pdns.conf
> >
> > setuid=daemon
> > setgid=daemon
> > cache-ttl=60
> > daemon=yes
> > disable-tcp=no
> > distributor-threads=10
> >
> > launch=gmysql
> > gmysql-host=127.0.0.1
> > gmysql-user=powerdns
> > gmysql-password=password
> > gmysql-dbname=powerdns
> > logging-facility=1
> > loglevel=4
> > master=yes
> > query-cache-ttl=60
> > recursive-cache-ttl=60
> > recursor=127.0.0.1
> > query-local-address6=
> >
> > NB! recursor is not running.
> >
> > pdns-master mysql information:
> >
> > mysql> select * from domains;
> > id      name    master  last_check      type    notified_serial account
> > 1       test.com        NULL    NULL    MASTER  1363693953      NULL
> >
> > mysql> select * from records;
> > id      domain_id       name    type    content ttl     prio
> > change_date    ordername        auth
> > 1       1       test.com        SOA     dns1.test.com root at test.com 0
> > 86400  NULL     NULL    NULL    NULL
> > 2       1       test.com        NS      dns1.test.com   86400   NULL
> > 1363693952      NULL    NULL
> > 3       1       test.com        NS      dns2.test.com   86400   NULL
> > 1363693952      NULL    NULL
> > 4       1       www.test.com    A       192.168.1.12    120     NULL
> > 1363693952      NULL    NULL
> > 5       1       mail.test.com   A       192.168.1.12    120     NULL
> > 1363693952      NULL    NULL
> > 6       1       dns1.test.com   A       192.168.1.11    120     NULL
> > 1363693952      NULL    NULL
> > 7       1       dns2.test.com   A       192.168.1.10    120     NULL
> > 1363693952      NULL    NULL
> > 8       1       test.com        MX      mail.test.com   120     25
> > 1363693953      NULL    NULL
> >
> > mysql> select * from domainmetadata;
> > id      domain_id       kind    content
> > 1       1       ALLOW-AXFR-FROM AUTO-NS
> > AXFR queries should be allowd onlly from server, which are in
> > test.comdomain NS records.
> > I will AXFR query from pdns-slave, which has IP 192.168.1.11 and it is
> > configured as NS record in test.ccom domain and it should get correct
> axfr
> > query answer.
> > I also try AXFR query from pdns-test, which has IP 192.168.1.12 and it's
> > not configured as NS record in test.com domain and this server should
> get
> > transfer failure message from pdns-master server. powerdns daemon is
> > running with monitor flag, which gives debug output from servers side.
> >
> > AXFR query from pdns-slave 192.168.1.11 server:
> >
> > [root at pdns-slave ~]# dig axfr test.com @192.168.1.10
> >
> > ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> axfr test.com @
> > 192.168.1.10
> > ;; global options:  printcmd
> > test.com.               86400   IN      SOA     dns1.test.com.
> root.test.com.
> > 1363693953 10800 3600 604800 3600
> > test.com.               86400   IN      NS      dns1.test.com.
> > test.com.               86400   IN      NS      dns2.test.com.
> > www.test.com.           120     IN      A       192.168.1.12
> > mail.test.com.          120     IN      A       192.168.1.12
> > dns1.test.com.          120     IN      A       192.168.1.11
> > dns2.test.com.          120     IN      A       192.168.1.10
> > test.com.               120     IN      MX      25 mail.test.com.
> > test.com.               86400   IN      SOA     dns1.test.com.
> root.test.com.
> > 1363693953 10800 3600 604800 3600
> > ;; Query time: 12 msec
> > ;; SERVER: 192.168.1.10#53(192.168.1.10)
> > ;; WHEN: Tue Mar 19 13:24:06 2013
> > ;; XFR size: 9 records (messages 3)
> >
> > Powerdns log output in pdns-master server:
> >
> > Mar 19 13:24:06 AXFR of domain 'test.com' initiated by 192.168.1.11
> > Mar 19 13:24:06 AXFR of domain 'test.com' allowed: client IP
> 192.168.1.11
> > is in allow-axfr-ips
> > Mar 19 13:24:06 gmysql Connection successful
> > Mar 19 13:24:06 gmysql Connection successful
> > Mar 19 13:24:06 AXFR of domain 'test.com' to 192.168.1.11 finished
> >
> > AXFR query from pdns-test 192.168.1.12 server:
> >
> > [root at pdns-test ~]# dig axfr test.com @192.168.1.10
> >
> > ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> axfr test.com @
> > 192.168.1.10
> > ;; global options:  printcmd
> > test.com.               86400   IN      SOA     dns1.test.com.
> root.test.com.
> > 1363693953 10800 3600 604800 3600
> > test.com.               86400   IN      NS      dns1.test.com.
> > test.com.               86400   IN      NS      dns2.test.com.
> > www.test.com.           120     IN      A       192.168.1.12
> > mail.test.com.          120     IN      A       192.168.1.12
> > dns1.test.com.          120     IN      A       192.168.1.11
> > dns2.test.com.          120     IN      A       192.168.1.10
> > test.com.               120     IN      MX      25 mail.test.com.
> > test.com.               86400   IN      SOA     dns1.test.com.
> root.test.com.
> > 1363693953 10800 3600 604800 3600
> > ;; Query time: 17 msec
> > ;; SERVER: 192.168.1.10#53(192.168.1.10)
> > ;; WHEN: Tue Mar 19 13:25:50 2013
> > ;; XFR size: 9 records (messages 3)
> >
> >
> > Powerdns log output in pdns-master server:
> >
> > Mar 19 13:25:50 AXFR of domain 'test.com' initiated by 192.168.1.12
> > Mar 19 13:25:50 AXFR of domain 'test.com' allowed: client IP
> 192.168.1.12
> > is in allow-axfr-ips
> > Mar 19 13:25:50 gmysql Connection successful
> > Mar 19 13:25:50 gmysql Connection successful
> > Mar 19 13:25:50 AXFR of domain 'test.com' to 192.168.1.12 finished
> >
> > As seen from abowe, AXFR ACL's per domain is not working. Am I missing
> some
> > configuration or I'm doing something very wrong?
> > Please help.
> >
> > NB! English is not my native language, so appologies if there are
> mistakes.
> >
> > Thanks in advance!
> > Margus Kiting
>
> > _______________________________________________
> > Pdns-users mailing list
> > Pdns-users at mailman.powerdns.com
> > http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130321/8899e76e/attachment.html>

From cyclops at prof-x.net  Fri Mar 22 07:11:11 2013
From: cyclops at prof-x.net (Ruben d'Arco)
Date: Fri, 22 Mar 2013 08:11:11 +0100
Subject: [Pdns-users] Testing master functionality on ldap backend
In-Reply-To: <514AE2A2.4010305@admin.noa.gr>
References: <514AE2A2.4010305@admin.noa.gr>
Message-ID: <20130322071110.GC28926@prof-x.prof-x.net>

Hi,

This is by design and not specific to the ldap backend.
Powerdns simply receives the nameservers from the backend and starts resolving the name to ip addresses.
If that name has multiple ip addresses (v6 or v4), notifies will be send to all of them.

There is a ticket open for this and a patch:
http://wiki.powerdns.com/trac/ticket/454 

Regards,
	Ruben



On Thu, Mar 21, 2013 at 12:36:18PM +0200, Nikolaos Milas wrote:
> Hello,
> 
> I am testing the new ldap backend
> (http://repo.or.cz/w/pdns-ldap-backend.git) under pdns v3.2 on
> CentOS 6.4 x86_64
> 
> I have a question: It seems the master is sending duplicate
> notifications to the slave, both at the IPv4 and at the IPv6
> address.
> 
> Is this expected behavior? Please explain.
> 
> Test details follow.
> 
> The test master server is vmres.noa.gr with:
> 
>    ...
>    local-address=127.0.0.1 194.177.195.158
>    local-ipv6=::1 2001:648:2011:14::158
>    ...
> 
> The slave runs at:
> 
>    vdev.noa.gr
>    195.251.204.232
>    2001:648:2011:10::232
> 
> Here is the master zone, as queried:
> 
> # dig ANY 204.251.195.in-addr.arpa @194.177.195.158
> 
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6.3 <<>> ANY
> 204.251.195.in-addr.arpa @194.177.195.158
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39168
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;204.251.195.in-addr.arpa.      IN      ANY
> 
> ;; ANSWER SECTION:
> 204.251.195.in-addr.arpa. 86400 IN      NS      vdev.noa.gr.
> 204.251.195.in-addr.arpa. 86400 IN      NS      vmres.noa.gr.
> 204.251.195.in-addr.arpa. 86400 IN      SOA     vmres.noa.gr.
> sysadmin.noa.gr. 2013032002 86400 180 1209600 3600
> 
> ;; ADDITIONAL SECTION:
> vdev.noa.gr.            86400   IN      A       195.251.204.232
> vdev.noa.gr.            86400   IN      AAAA    2001:648:2011:10::232
> 
> ;; Query time: 2 msec
> ;; SERVER: 194.177.195.158#53(194.177.195.158)
> ;; WHEN: Thu Mar 21 12:21:55 2013
> ;; MSG SIZE  rcvd: 176
> 
> Some logs after zone change, for reference:
> 
> Mar 20 20:21:28 vmres pdns[9128]: 1 domain for which we are master
> needs notifications
> Mar 20 20:21:28 vmres pdns[9128]: Queued notification of domain
> '204.251.195.in-addr.arpa' to 195.251.204.232
> Mar 20 20:21:28 vmres pdns[9128]: Queued notification of domain
> '204.251.195.in-addr.arpa' to 2001:648:2011:10::232
> ...
> Mar 20 20:21:28 vmres pdns[9128]: AXFR of domain
> '204.251.195.in-addr.arpa' initiated by 195.251.204.232
> Mar 20 20:21:28 vmres pdns[9128]: AXFR of domain
> '204.251.195.in-addr.arpa' allowed: client IP 195.251.204.232 is in
> allow-axfr-ips
> ...
> Mar 20 20:21:28 vmres pdns[9128]: AXFR of domain
> '204.251.195.in-addr.arpa' to 195.251.204.232 finished
> ...
> Mar 20 20:21:29 vmres pdns[9128]: Removed from notification list:
> '204.251.195.in-addr.arpa' to 195.251.204.232:53 (was acknowledged)
> 
> Thanks and Regards,
> Nick
> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



From nmilas at admin.noa.gr  Fri Mar 22 12:32:57 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Fri, 22 Mar 2013 14:32:57 +0200
Subject: [Pdns-users] Testing master functionality on ldap backend
In-Reply-To: <20130322071110.GC28926@prof-x.prof-x.net>
References: <514AE2A2.4010305@admin.noa.gr>
	<20130322071110.GC28926@prof-x.prof-x.net>
Message-ID: <514C4F79.3050606@admin.noa.gr>

On 22/3/2013 9:11 πμ, Ruben d'Arco wrote:

> This is by design and not specific to the ldap backend.
> Powerdns simply receives the nameservers from the backend and starts resolving the name to ip addresses.
> If that name has multiple ip addresses (v6 or v4), notifies will be send to all of them.
>
> There is a ticket open for this and a patch:
> http://wiki.powerdns.com/trac/ticket/454
>
>

Thanks,

The tracker appears to indicate 3.2 as a target version for:

    http://wiki.powerdns.com/trac/ticket/454

and for the related:

    http://wiki.powerdns.com/trac/ticket/468

but apparently neither was included therein.

I guess they are planned to be included in the next version?

Regards,
Nick



From tripivceta at hotmail.com  Fri Mar 22 16:06:30 2013
From: tripivceta at hotmail.com (a b)
Date: Fri, 22 Mar 2013 17:06:30 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <514AC8DC.6070306@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>,<51488D75.5050903@admin.noa.gr>
	<DUB109-W4900A087F9E2CAF0F9BECBDCEA0@phx.gbl>,
	<514AC8DC.6070306@admin.noa.gr>
Message-ID: <DUB109-W502988A535B684BAA69561DCD40@phx.gbl>

> Thanks for the reply.
> 
> Please, see below.
> /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../lib64/libldap_r.so: > undefined reference to `ber_sockbuf_io_udp'
As suspected, the link editor is not finding the symbols (function definitions) it needs to resolve bindings in the object file(s).
What does your ~/.rpmmacros file looks like?
While technically not necessary, CFLAGS must often contain -L and -R switches to work around buggy or incorrectly coded ./configure files.Ditto for LDFLAGS.Do you set CFLAGS and LDFLAGS? What do they look like? 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130322/27a56004/attachment.html>

From tripivceta at hotmail.com  Fri Mar 22 16:23:33 2013
From: tripivceta at hotmail.com (a b)
Date: Fri, 22 Mar 2013 17:23:33 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <514AFED3.2030804@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>,
	<20130319160251.GA2335@xs.powerdns.com>, <5148AAB8.80605@admin.noa.gr>, 
	<51497CE0.50100@admin.noa.gr>
	<DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>,
	<514AFED3.2030804@admin.noa.gr>
Message-ID: <DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>

> > You need to pass --libdir=/usr/local/openldap/lib64 on the %configure 
> > line.
> 
> Tried that, but the same error occurred.

I did not mean that literally, sorry for the confusion. What I meant is that you muss pass the equivalent of --libdir=/usr/local/openldap/lib64 by using --libdir=%{_libdir}, which is a special RPM built-in macro.
What this means is that your ~/.rpmmacros file is either incorrect or non-existent.
~/.rpmmacros must exist before attempting to (re)build RPM packages, and it must be correct. That is not optional.
Sample, working .rpmmacros file:%HOME           %{expand:%%(echo $HOME)}%_topdir        %{HOME}/devel/rpms%__printf       /usr/bin/printf%MY_BASE        opt/openldap%__python       /%{MY_BASE}/bin/python%_defaultdocdir /%{MY_BASE}/share/doc%_prefix        /%{MY_BASE}%_sysconfdir    /etc/%{MY_BASE}%_mandir        /%{MY_BASE}/share/man%_infodir       /%{MY_BASE}/share/info%_localstatedir /var/%{MY_BASE}
The above .rpmmacros file is configured to comply with the Linux Standards Base ("LSB") Filesystem Hierachy Standard ("FHS") I mentioned earlier.
You should rebuild openldap RPM with the above .rpmmacros file sitting in your home directory. With it, the %{_libdir} macro should be set correctly by RPM, and it will be passed on the %configure line correctly; however, you might still need to append to, or override CFLAGS, CXXFLAGS, CPPFLAGS, and LDFLAGS, depending on whether the ./configure script works correctly or not. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130322/4370bf5e/attachment.html>

From tripivceta at hotmail.com  Fri Mar 22 16:34:54 2013
From: tripivceta at hotmail.com (a b)
Date: Fri, 22 Mar 2013 17:34:54 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>
References: <5148841C.7050100@admin.noa.gr>, ,
	<20130319160251.GA2335@xs.powerdns.com>, 
	<5148AAB8.80605@admin.noa.gr>, , <51497CE0.50100@admin.noa.gr>,
	<DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>, ,
	<514AFED3.2030804@admin.noa.gr>,
	<DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>
Message-ID: <DUB109-W75040A32CC30509DCA1FBDDCD40@phx.gbl>

> %_prefix        /%{MY_BASE}
I should also add that you should pick a top-level directory in opt, like for example "blabla" or some other generic name (usually your organization's name, acronym, or most preferrably, lower case version of your organization's stock symbol, if you have one), and all RPM's you build should end up in the following hierachy, I am using a made-up name "blabla" in the example:
/opt/blabla/sbin/opt/blabla/bin/opt/blabla/lib/opt/blabla/lib64/opt/blabla/libexec/etc/opt/blabla/openldap/etc/opt/blabla/pdns/var/opt/blabla/openldap/var/opt/blabla/pdns
With %MY_BASE (or more appropriately to this example, %BLABLA_BASE) being set to opt/blabla, all SRPM's one (re)builds from that point on should be able to correctly find their files under the /opt/blabla/ hierarchy. This includes libraries. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130322/663bccd0/attachment.html>

From nmilas at admin.noa.gr  Fri Mar 22 20:08:41 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Fri, 22 Mar 2013 22:08:41 +0200
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
	libraries/headers
In-Reply-To: <DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>
References: <5148841C.7050100@admin.noa.gr>,
	<20130319160251.GA2335@xs.powerdns.com>,
	<5148AAB8.80605@admin.noa.gr>, <51497CE0.50100@admin.noa.gr>
	<DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>,
	<514AFED3.2030804@admin.noa.gr>
	<DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>
Message-ID: <514CBA49.4050306@admin.noa.gr>

On 22/3/2013 6:23 pm, a b wrote:

> I did not mean that literally, sorry for the confusion. What I meant
> is that you muss pass the equivalent of
> --libdir=/usr/local/openldap/lib64 by using --libdir=%{_libdir}, which
> is a special RPM built-in macro.
>

Thanks for your assistance.

Sorry, I am not a specialist in building apps, so instructions should be 
clear otherwise I have to experiment. :-(

> What this means is that your ~/.rpmmacros file is either incorrect or
> non-existent.

Until now, I always use a simple:

    $ cat .rpmmacros
    %_topdir %(echo $HOME)/rpmbuild

which has worked fine in many builds I have, and it works fine when I 
build pdns-server on CentOS 5.

However, I see your point: I should set (in .rpmmacros) something like:

    %_libdir /usr/local/openldap/lib64

Yet, my earlier question remains: Can I set multiple paths, like:

    %_libdir /usr/lib64,/usr/local/openldap/lib64

...? Is it supported?

On 22/3/2013 6:06 pm, a b wrote:

> While technically not necessary, CFLAGS must often contain -L and -R
 > switches to work around buggy or incorrectly coded ./configure files.
> Ditto for LDFLAGS.
> Do you set CFLAGS and LDFLAGS? What do they look like?

I don't see any CFLAGS or LDFLAGS specified in the spec file.

When I build (as an example) Dovecot, I use in the spec file (before 
./configure):

export CPPFLAGS="${CPPFLAGS} -I/usr/local/openldap/include"
export LDFLAGS="${LDFLAGS} -L/usr/local/openldap/lib64 -lldap -llber"

Should I try the same here?

>
>  You should rebuild openldap RPM with the above .rpmmacros file
 >  sitting in your home directory.
>

I understand, however I don't want to mess around with this package, 
although I see your point and I think it's valid. I'll pass your 
suggestions to the LTB project maintainers as they are responsible for 
these builds.

Thanks again and regards,
Nick



From tripivceta at hotmail.com  Fri Mar 22 20:46:14 2013
From: tripivceta at hotmail.com (a b)
Date: Fri, 22 Mar 2013 21:46:14 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <514CBA19.1060808@noa.gr>
References: <5148841C.7050100@admin.noa.gr>,
	<20130319160251.GA2335@xs.powerdns.com>, <5148AAB8.80605@admin.noa.gr>, 
	<51497CE0.50100@admin.noa.gr>
	<DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>,
	<514AFED3.2030804@admin.noa.gr>
	<DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>, <514CBA19.1060808@noa.gr>
Message-ID: <DUB109-W766F72007CEEAC0DA20BFCDCD40@phx.gbl>

> Thanks for your assistance.

You are welcome.

> Until now, I always use a simple:
>
> $ cat .rpmmacros
> %_topdir %(echo $HOME)/rpmbuild
>
> which has worked fine in many builds I have, and it works fine when I
> build pdns-server on CentOS 5.

This works because you are redefining the top build directory to be your own account, and because it builds the RPM linked with default libraries in /usr/lib or /usr/lib64, depending on whether one is building on a 32- or 64-bit system (and what the compilers' switches are).

> However, I see your point: I should set (in .rpmmacros) something like:
>
> %_libdir /usr/local/openldap/lib64

Unfortunately, no. You should configure your .rpmmacros file with at least %prefix as in the earlier example .rpmmacros file.

rpmbuild(1) will then automatically set %_libdir macro to /something/something/lib64 or /something/something/lib depending on whether one is building 32- or 64-bit.

Since the SRPM, by definition, must build without changes on both 32- and 64-bit architectures, %_libdir must not be modified directly; in order to have it correctly set to /usr/local/openldap/lib64, %MY_BASE in the earlier example would have to be set to /usr/local/openldap.

As you can see, this is not necessarily what you want in the long term, because it implies that any and all software would have to end up in /usr/local/openldap.

> Yet, my earlier question remains: Can I set multiple paths, like:
>
> %_libdir /usr/lib64,/usr/local/openldap/lib64
>
> ...? Is it supported?

As far as I am aware, no. Also, one is never supposed to pass /usr/lib, /usr/lib64, /lib, or /lib64 to the link editor. These paths are hard coded inside of the link editor binary, and providing them on the link line or anywhere else during compilation has undefined results.

> I don't see any CFLAGS or LDFLAGS specified in the spec file.

What about %_smpflags or %optflags macros, are they referenced anywhere in the .spec file?

> When I build (as an example) Dovecot, I use in the spec file (before
> ./configure):
>
> export CPPFLAGS="${CPPFLAGS} -I/usr/local/openldap/include"
> export LDFLAGS="${LDFLAGS} -L/usr/local/openldap/lib64 -lldap -llber"
>
> Should I try the same here?

You can; sometimes that works, sometime it does not. It is a hit-and-miss.

Actually, you could try the following in the .spec file; this assumes %_prefix=/usr/local/openldap in your .rpmmacros, since you wrote that you would rather not change it:

O='$$O'; export O
ORIGIN='$ORIGIN'; export ORIGIN

CPPFLAGS="${CPPFLAGS} -I%{_prefix}/include"; export CPPFLAGS
LDFLAGS="${LDFLAGS} -L%{_libdir} -R${ORIGIN}:${ORIGIN}/../%{_lib}:${ORIGIN}/../../%{_lib}:%{_libdir}"; export LDFLAGS
CFLAGS="${CFLAGS} -Wl,-L%{_libdir},-R${ORIGIN}:${ORIGIN}/../%{_lib}:${ORIGIN}/../../%{_lib}:%{_libdir}"; export CFLAGS
CXXFLAGS="${CXXFLAGS} -Wl,-L%{_libdir},-R${ORIGIN}:${ORIGIN}/../%{_lib}:${ORIGIN}/../../%{_lib}:%{_libdir}"; export CXXFLAGS

%configure ... 		 	   		  


From tripivceta at hotmail.com  Fri Mar 22 20:50:24 2013
From: tripivceta at hotmail.com (a b)
Date: Fri, 22 Mar 2013 21:50:24 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <DUB109-W766F72007CEEAC0DA20BFCDCD40@phx.gbl>
References: <5148841C.7050100@admin.noa.gr>, ,
	<20130319160251.GA2335@xs.powerdns.com>, 
	<5148AAB8.80605@admin.noa.gr>, , <51497CE0.50100@admin.noa.gr>,
	<DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>, ,
	<514AFED3.2030804@admin.noa.gr>,
	<DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>,
	<514CBA19.1060808@noa.gr>,
	<DUB109-W766F72007CEEAC0DA20BFCDCD40@phx.gbl>
Message-ID: <DUB109-W35BB02F33B119BFBC50E79DCD40@phx.gbl>

> CPPFLAGS="${CPPFLAGS} -I%{_prefix}/include"; export CPPFLAGS
> LDFLAGS="${LDFLAGS} -L%{_libdir} -R${ORIGIN}:${ORIGIN}/../%{_lib}:${ORIGIN}/../../%{_lib}:%{_libdir}"; export LDFLAGS
> CFLAGS="${CFLAGS} -Wl,-L%{_libdir},-R${ORIGIN}:${ORIGIN}/../%{_lib}:${ORIGIN}/../../%{_lib}:%{_libdir}"; export CFLAGS
> CXXFLAGS="${CXXFLAGS} -Wl,-L%{_libdir},-R${ORIGIN}:${ORIGIN}/../%{_lib}:${ORIGIN}/../../%{_lib}:%{_libdir}"; export CXXFLAGS

I forgot, you are probably using GCC, are you not? If so, replace "-R" with "-rpath". GNU of course has to be differ from any and all standards, just because it can! 		 	   		  


From chieff7 at gmail.com  Sat Mar 23 18:05:33 2013
From: chieff7 at gmail.com (Ron Tsoref)
Date: Sat, 23 Mar 2013 20:05:33 +0200
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <082A5E85-6FD8-49CF-9C18-9CCF81112AA3@netherlabs.nl>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
	<20130318105606.GC14649@torres.zugschlus.de>
	<CAEFjY2txpUKROQihn926YTX8C=aNVgVe68HzD2EarxvNbiRbqQ@mail.gmail.com>
	<082A5E85-6FD8-49CF-9C18-9CCF81112AA3@netherlabs.nl>
Message-ID: <CAEFjY2v=uyUv6kSMGKi+-QHH-Y4ScEzKbAmg1HNiR66JNkHbsQ@mail.gmail.com>

Thanks for sharing this information guys!  We'll test the PipeBackend
capabilities in the coming days.

Ron


On Tue, Mar 19, 2013 at 11:56 PM, bert hubert <bert.hubert at netherlabs.nl>wrote:

> On Mar 19, 2013, at 10:41 PM, Ron Tsoref wrote:
>
> The PipeBackend seems easy to implement.  Does anyone actually use a
> PipeBackend in production and can share some general performance
> information? Is it much slower than other backends?
>
>
> We've been able to squeeze 50000 qps out of a pipe backend. On a
> philosophical note, pipes are likely to be faster than TCP/IP, and SQL
> marshalling/unmarshaling is not free either.
>
> People associate 'text based' with slow, but most SQL protocols are just
> as parsed, or even more so.
>
> The pipe backend does have a performance bottleneck in 3.2 if you specify
> a timeout, see http://wiki.powerdns.com/trac/ticket/661
>
> Bert
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130323/48f2bc0f/attachment.html>

From miesi at pc-h.de  Tue Mar 26 07:47:05 2013
From: miesi at pc-h.de (Thomas Mieslinger)
Date: Tue, 26 Mar 2013 08:47:05 +0100
Subject: [Pdns-users] asking a-k.cctld.us Servers for MX Records
Message-ID: <51515279.8020800@pc-h.de>

Hi,

am I the only one having trouble to resolve MX records for .us Domains? 
When doing a dig MX soderman.us @a.cctld.us in Europe  I get no answer 
at all. In the US I get a referral to the nameservers which are 
authoritative for this domain. To make this even more strange dig AAAA 
soderman.us @a.cctld.us or any other record type except for MX just 
gives the referral.

Can you just try it yourself?

Regards Thomas



From peter.van.dijk at netherlabs.nl  Tue Mar 26 08:00:08 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Tue, 26 Mar 2013 09:00:08 +0100
Subject: [Pdns-users] asking a-k.cctld.us Servers for MX Records
In-Reply-To: <51515279.8020800@pc-h.de>
References: <51515279.8020800@pc-h.de>
Message-ID: <48690EFD-483E-4D6F-BDD1-AD0761398815@netherlabs.nl>

Hello Thomas,

On Mar 26, 2013, at 8:47 , Thomas Mieslinger wrote:

> am I the only one having trouble to resolve MX records for .us Domains? When doing a dig MX soderman.us @a.cctld.us in Europe  I get no answer at all. In the US I get a referral to the nameservers which are authoritative for this domain. To make this even more strange dig AAAA soderman.us @a.cctld.us or any other record type except for MX just gives the referral.

I see the same, testing from one location in Europe (inside UPCs network) and one location in the US (inside Softlayer's network). No answer for the MX, referral for the AAAA. You might want to take this to https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/




From peter.van.dijk at netherlabs.nl  Tue Mar 26 08:11:40 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Tue, 26 Mar 2013 09:11:40 +0100
Subject: [Pdns-users] asking a-k.cctld.us Servers for MX Records
In-Reply-To: <48690EFD-483E-4D6F-BDD1-AD0761398815@netherlabs.nl>
References: <51515279.8020800@pc-h.de>
	<48690EFD-483E-4D6F-BDD1-AD0761398815@netherlabs.nl>
Message-ID: <15BE53CD-761E-4685-8B89-9033B5C8E528@netherlabs.nl>

Hello Thomas,

On Mar 26, 2013, at 9:00 , Peter van Dijk wrote:

> On Mar 26, 2013, at 8:47 , Thomas Mieslinger wrote:
> 
>> am I the only one having trouble to resolve MX records for .us Domains? When doing a dig MX soderman.us @a.cctld.us in Europe  I get no answer at all. In the US I get a referral to the nameservers which are authoritative for this domain. To make this even more strange dig AAAA soderman.us @a.cctld.us or any other record type except for MX just gives the referral.
> 
> I see the same, testing from one location in Europe (inside UPCs network) and one location in the US (inside Softlayer's network). No answer for the MX, referral for the AAAA. You might want to take this to https://lists.dns-oarc.net/mailman/listinfo/dns-operations


A more extensive test from 191 nodes at ring.nlnog.net shows similar results. AAAA gets referral on all of them, MX only on 42, and those 42 are indeed mostly in the US.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/




From miesi at pc-h.de  Tue Mar 26 08:19:48 2013
From: miesi at pc-h.de (Thomas Mieslinger)
Date: Tue, 26 Mar 2013 09:19:48 +0100
Subject: [Pdns-users] asking a-k.cctld.us Servers for MX Records
In-Reply-To: <15BE53CD-761E-4685-8B89-9033B5C8E528@netherlabs.nl>
References: <51515279.8020800@pc-h.de>
	<48690EFD-483E-4D6F-BDD1-AD0761398815@netherlabs.nl>
	<15BE53CD-761E-4685-8B89-9033B5C8E528@netherlabs.nl>
Message-ID: <51515A24.5000807@pc-h.de>

Hi Peter,

thanks for sharing your deep knowledge which pretty cool tools exist out 
there.

I've opened up a ticket neustar. Sent this issue to dns-operators list. 
And I applied a hotfix

+us=8.8.8.8

in the recursor which are hit by this Problem. I don't understand why 
google dns is able to resolve the mx records, but now the mail queues 
can be drained.

Best regards
Thomas

On 03/26/2013 09:11 AM, Peter van Dijk wrote:
> Hello Thomas,
>
> On Mar 26, 2013, at 9:00 , Peter van Dijk wrote:
>
>> On Mar 26, 2013, at 8:47 , Thomas Mieslinger wrote:
>>
>>> am I the only one having trouble to resolve MX records for .us Domains? When doing a dig MX soderman.us @a.cctld.us in Europe  I get no answer at all. In the US I get a referral to the nameservers which are authoritative for this domain. To make this even more strange dig AAAA soderman.us @a.cctld.us or any other record type except for MX just gives the referral.
>>
>> I see the same, testing from one location in Europe (inside UPCs network) and one location in the US (inside Softlayer's network). No answer for the MX, referral for the AAAA. You might want to take this to https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
>
> A more extensive test from 191 nodes at ring.nlnog.net shows similar results. AAAA gets referral on all of them, MX only on 42, and those 42 are indeed mostly in the US.
>
> Kind regards,
>




From s.posner at telekom.de  Tue Mar 26 10:02:20 2013
From: s.posner at telekom.de (Posner, Sebastian)
Date: Tue, 26 Mar 2013 11:02:20 +0100
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <20130318105606.GC14649@torres.zugschlus.de>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
	<20130318105606.GC14649@torres.zugschlus.de>
Message-ID: <63366D5A116E514AA4A9872D3C5335395E47D47F96@QEO40072.de.t-online.corp>

Marc Haber wrote: 
> Odhiambo Washington wrote:
> > Does PowerDNS support "views", in some way?
> 
> If you look for something that is the same as bind views, the answer
> is no, unfortunately. Same goes for ACLs.

Thinking about this again, one could easily achieve such a result with 
a combination of multiple instances of pdns running on the same machine
and a set of matching iptables-rules to sort out where the request is 
routed based on the IP of the client...

Kind regards,

Sebastian
--
Sebastian Posner
Unix-Systemspezialist
Deutsche Telekom AG, Products & Innovation 
"Es hat einmal einer gesagt, das geht nicht. Dann kam einer, der wusste das nicht und hat es einfach gemacht"




From odhiambo at gmail.com  Tue Mar 26 10:13:42 2013
From: odhiambo at gmail.com (Odhiambo Washington)
Date: Tue, 26 Mar 2013 13:13:42 +0300
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <63366D5A116E514AA4A9872D3C5335395E47D47F96@QEO40072.de.t-online.corp>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
	<20130318105606.GC14649@torres.zugschlus.de>
	<63366D5A116E514AA4A9872D3C5335395E47D47F96@QEO40072.de.t-online.corp>
Message-ID: <CAAdA2WPRaTrZQ-Yw_khfU+edOenXfO0u51kFMOrOJr-o+HHLMQ@mail.gmail.com>

On 26 March 2013 13:02, Posner, Sebastian <s.posner at telekom.de> wrote:

> Marc Haber wrote:
> > Odhiambo Washington wrote:
> > > Does PowerDNS support "views", in some way?
> >
> > If you look for something that is the same as bind views, the answer
> > is no, unfortunately. Same goes for ACLs.
>
> Thinking about this again, one could easily achieve such a result with
> a combination of multiple instances of pdns running on the same machine
> and a set of matching iptables-rules to sort out where the request is
> routed based on the IP of the client...
>

Sounds good, but this also introduces overheads, however small, to the DNS
server.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130326/ca8d024e/attachment.html>

From margus.kiting at gmail.com  Tue Mar 26 12:53:42 2013
From: margus.kiting at gmail.com (Margus Kiting)
Date: Tue, 26 Mar 2013 14:53:42 +0200
Subject: [Pdns-users] Oracle backend connection string.
Message-ID: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>

Hi,

I'm trying to test oracle backend, but I'm not able to find oracle
connection string which should be used with this backend.
I tried configuration options described below, but I think I'm using
oracle-master-database configuration string wrong.
Could someone point me out how oracle connection configuration should be?
I'm using pdns-3.2 which has oracle backend compiled in it.

launch=oracle
oracle-master-database=//ORACLE-IP:PORT/SERVICE-NAME
oracle-master-username=DBUSER
oracle-master-password=DBPASS

Mar 26 12:53:11 Creating backend connection for TCP
% Mar 26 12:53:11 Master/slave communicator launching
Mar 26 12:53:11 OracleFactory: Creating Oracle session pool: ORA-12154:
TNS:could not resolve the connect identifier specified

Best Regards,
Margus Kiting
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130326/8b69bbca/attachment.html>

From tripivceta at hotmail.com  Tue Mar 26 13:23:37 2013
From: tripivceta at hotmail.com (a b)
Date: Tue, 26 Mar 2013 14:23:37 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
Message-ID: <DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>

> launch=oracle
> oracle-master-database=//ORACLE-IP:PORT/SERVICE-NAME
> oracle-master-username=DBUSER
> oracle-master-password=DBPASS

launch=oracle
oracle-home=${ORACLE_HOME}
oracle-sid=${ORACLE_SID}
oracle-pool-database=${ORACLE_SID}
oracle-pool-username=${PDNS_LOGIN}
oracle-pool-password=${PDNS_PASSWD}
oracle-master-database=${ORACLE_SID}
oracle-master-username=${PDNS_LOGIN}
oracle-master-password=${PDNS_PASSWD}

replace all instances of variables above with values appropriate for your environment. The excerpt above is from a working configuration, the variables get dynamically replaced by code in the package, during OS package installation. 		 	   		  


From margus.kiting at gmail.com  Wed Mar 27 07:56:21 2013
From: margus.kiting at gmail.com (Margus Kiting)
Date: Wed, 27 Mar 2013 09:56:21 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>
Message-ID: <CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>

Hi,

It seems like oracle-home configuration parameter does not exist in pdns-3.2

Mar 27 07:55:16 Fatal error: Trying to set unexisting parameter
'oracle-home'

Margus Kiting

On 26 March 2013 15:23, a b <tripivceta at hotmail.com> wrote:

> > launch=oracle
> > oracle-master-database=//ORACLE-IP:PORT/SERVICE-NAME
> > oracle-master-username=DBUSER
> > oracle-master-password=DBPASS
>
> launch=oracle
> oracle-home=${ORACLE_HOME}
> oracle-sid=${ORACLE_SID}
> oracle-pool-database=${ORACLE_SID}
> oracle-pool-username=${PDNS_LOGIN}
> oracle-pool-password=${PDNS_PASSWD}
> oracle-master-database=${ORACLE_SID}
> oracle-master-username=${PDNS_LOGIN}
> oracle-master-password=${PDNS_PASSWD}
>
> replace all instances of variables above with values appropriate for your
> environment. The excerpt above is from a working configuration, the
> variables get dynamically replaced by code in the package, during OS
> package installation.
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/489b3beb/attachment.html>

From tripivceta at hotmail.com  Wed Mar 27 14:08:29 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 27 Mar 2013 15:08:29 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>,
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>,
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
Message-ID: <DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>

> It seems like oracle-home configuration parameter does not exist in pdns-3.2
>
> Mar 27 07:55:16 Fatal error: Trying to set unexisting parameter 'oracle-home'

Hmmm, that is bad news, bad news indeed!

I ran into the same problem back in the day; Aki Tuomi was kind enough to give me a patch which I applied to the pdns source code; it is attached to this e-mail, along with the goracle backend patch, for completeness.

I would have thought this patch important enough to make it into the mainline source, since not only does the patch make sense, but it greatly simplifies configuring connections to the Oracle database, and helps with automation.

These patches were made against pdns-3.1 source code; hopefully, they will apply against the 3.2 version as well.

To apply these patches:

copy the patches into the pdns top level directory, for example:

cp modules-oraclebackend-oraclebackend.cc.patch modules-goraclebackend-goraclebackend.cc.patch pdns-3.2/
cd pdns-3.2
gpatch -p0 < modules-oraclebackend-oraclebackend.cc.patch
gpatch -p0 < modules-goraclebackend-goraclebackend.cc.patch 		 	   		  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: modules-oraclebackend-oraclebackend.cc.patch
Type: application/octet-stream
Size: 1155 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/abd7a1a9/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: modules-goraclebackend-goraclebackend.cc.patch
Type: application/octet-stream
Size: 1762 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/abd7a1a9/attachment-0001.obj>

From margus.kiting at gmail.com  Wed Mar 27 14:20:01 2013
From: margus.kiting at gmail.com (Margus Kiting)
Date: Wed, 27 Mar 2013 16:20:01 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
Message-ID: <CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>

Hi!

Thanks for the patches. Does generic-oracle backend support dnssec and
autoserial? These are two  functionalities I'm looking for:)

Best Regards,
Margus Kiting

On 27 March 2013 16:08, a b <tripivceta at hotmail.com> wrote:

> > It seems like oracle-home configuration parameter does not exist in
> pdns-3.2
> >
> > Mar 27 07:55:16 Fatal error: Trying to set unexisting parameter
> 'oracle-home'
>
> Hmmm, that is bad news, bad news indeed!
>
> I ran into the same problem back in the day; Aki Tuomi was kind enough to
> give me a patch which I applied to the pdns source code; it is attached to
> this e-mail, along with the goracle backend patch, for completeness.
>
> I would have thought this patch important enough to make it into the
> mainline source, since not only does the patch make sense, but it greatly
> simplifies configuring connections to the Oracle database, and helps with
> automation.
>
> These patches were made against pdns-3.1 source code; hopefully, they will
> apply against the 3.2 version as well.
>
> To apply these patches:
>
> copy the patches into the pdns top level directory, for example:
>
> cp modules-oraclebackend-oraclebackend.cc.patch
> modules-goraclebackend-goraclebackend.cc.patch pdns-3.2/
> cd pdns-3.2
> gpatch -p0 < modules-oraclebackend-oraclebackend.cc.patch
> gpatch -p0 < modules-goraclebackend-goraclebackend.cc.patch
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/19e291ae/attachment.html>

From tripivceta at hotmail.com  Wed Mar 27 14:44:24 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 27 Mar 2013 15:44:24 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>,
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>,
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>,
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>,
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
Message-ID: <DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>

> Thanks for the patches. Does generic-oracle backend support dnssec and 
> autoserial? These are two functionalities I'm looking for:) 

You are welcome, but all the thanks should go to Aki Tuomi; I do not deserve anything.

As for "goracle" backend, I read the pdns documentation several times, and try as I might, I could not figure out how to make it work, so eventually I ditched it and went with the "oracle" backend. With those patches, it works beautifully. Never looked back.

(I muse what the point of a backend is, if it is so hard to use that one cannot figure out how to make it work. *Hint* *hint* how about a documentation overhaul, powers-that-be?)

Apropos DNSSEC, I have not had time to study the technology yet and can therefore make no comment on it. I know virtually nothing about DNSSEC. Perhaps others on this mailing list might be able and willing to shed light on the subject at hand.

Apropos autoserial, we started with the sample PL/SQL example included in the archive, and I rewrote the PL/SQL procedures and the triggers, and that works beautifully. I think the included example code is usable, it just needs some love.

The autoserial code is embedded in modules/oraclebackend/schema.sql. 		 	   		  


From cmouse at youzen.ext.b2.fi  Wed Mar 27 14:54:38 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 16:54:38 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
Message-ID: <20130327145438.GA7783@pi.ip.fi>

On Wed, Mar 27, 2013 at 03:44:24PM +0100, a b wrote:
> > Thanks for the patches. Does generic-oracle backend support dnssec and 
> > autoserial? These are two functionalities I'm looking for:) 
> 
> You are welcome, but all the thanks should go to Aki Tuomi; I do not deserve anything.
>

I'll have a look if I could get those patches into current head, so they might
end up in next stable release.

Aki Tuomi 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/3e850865/attachment.sig>

From cmouse at youzen.ext.b2.fi  Wed Mar 27 15:12:16 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 17:12:16 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <20130327150550.GA8105@pi.ip.fi>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
Message-ID: <20130327151216.GB8105@pi.ip.fi>

On Wed, Mar 27, 2013 at 05:05:50PM +0200, Aki Tuomi wrote:
> On Wed, Mar 27, 2013 at 03:56:40PM +0100, a b wrote:
> > > I'll have a look if I could get those patches into current head, so they might
> > > end up in next stable release.
> > 
> > That would be great. Thank you for all your work. 		 	   		  
> Ticket for this issue.
> 
> http://wiki.powerdns.com/trac/ticket/725
> 
> Also, oraclebackend has support for dnssec, but goraclebackend seems not to,
> so I would suggest using oraclebackend for now. 
> 
> Aki Tuomi


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/518395d7/attachment.sig>

From tripivceta at hotmail.com  Wed Mar 27 15:25:10 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 27 Mar 2013 16:25:10 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <20130327150550.GA8105@pi.ip.fi>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>,
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>,
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>,
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>,
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>,
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>,
	<20130327145438.GA7783@pi.ip.fi>,
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>,
	<20130327150550.GA8105@pi.ip.fi>
Message-ID: <DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>

> Also, oraclebackend has support for dnssec, but goraclebackend seems not to,
> so I would suggest using oraclebackend for now.

"oracle" backend appears to have much better support for using Oracle databases in general, so I would recommend sticking with it as well.

The only known issue with the "oracle" backend is that initial data import will have to be done with hand-crafted SQL code; if I recall correctly, the zone2sql tool assumes the use of "goracle" backend, which employs a different schema. 		 	   		  


From klaus.mailinglists at pernau.at  Wed Mar 27 17:06:10 2013
From: klaus.mailinglists at pernau.at (Klaus Darilion)
Date: Wed, 27 Mar 2013 18:06:10 +0100
Subject: [Pdns-users] NSEC3 opt-out issues in PDNS 3.2
Message-ID: <51532702.7020207@pernau.at>

Hi!

We have a setup with Powerdns between a bind master and bind 
secondaries. The master signs the zone without "opt-out". Thus, the 
NSEC3 records in the zone transfer from master->PDNS haev the NSEC3 flag 
set to 0. When the bind secondaries transfer the zone from PDNS, the 
NSEC3 records all have the NSEC3 flag set to 1 (opt-out). Of course this 
breaks the signature of the NSEC3 RR.

Is this a known issue? Is there a config option to fix this?

Thanks
Klaus



From cmouse at youzen.ext.b2.fi  Wed Mar 27 18:44:46 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 20:44:46 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
Message-ID: <20130327184446.GC8105@pi.ip.fi>

On Wed, Mar 27, 2013 at 04:25:10PM +0100, a b wrote:
> > Also, oraclebackend has support for dnssec, but goraclebackend seems not to,
> > so I would suggest using oraclebackend for now.
> 
> "oracle" backend appears to have much better support for using Oracle databases in general, so I would recommend sticking with it as well.
> 
> The only known issue with the "oracle" backend is that initial data import will have to be done with hand-crafted SQL code; if I recall correctly, the zone2sql tool assumes the use of "goracle" backend, which employs a different schema. 		 	   		  
I also now made a patch that lets you define the location of oracle libs
and such, and would be grateful if people could test this patch to see if
it has some problems.

you can find it from http://wiki.powerdns.com/trac/ticket/726

Aki Tuomi

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/536389c4/attachment.sig>

From tripivceta at hotmail.com  Wed Mar 27 19:50:24 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 27 Mar 2013 20:50:24 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <20130327184446.GC8105@pi.ip.fi>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>,
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>,
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>,
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>,
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>,
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>,
	<20130327145438.GA7783@pi.ip.fi>,
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>,
	<20130327150550.GA8105@pi.ip.fi>,
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>,
	<20130327184446.GC8105@pi.ip.fi>
Message-ID: <DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>

> I also now made a patch that lets you define the location of oracle libs
> and such, and would be grateful if people could test this patch to see if
> it has some problems.
>
> you can find it from http://wiki.powerdns.com/trac/ticket/726

It might be desirable to change this line,

for p1 in /usr/include/oracle /usr/local/include/oracle

to

for p1 in ${ORACLE_HOME}/include

ORACLE_HOME could be supplied on the command line, or obtained from the environment. I have never seen an installation of an Oracle database in /usr/local, and such installation would violate the Linux Standards Base - Filesystem Hierachy Standard, the AT&T SVR4 filesystem specification, as well as Oracle's own Oracle Flexible Architecture standards.

Also on Solaris, third party and unbundled application packages may not deliver any content in /usr, because Solaris sparse zones have /usr mounted loopback, read only since /usr is vendor's space and therefore off limits.

Ditto for the following line:

for p1 in /usr/lib/oracle /usr/local/lib/oracle

On line 440, LDFLAGS="-L$with_oracle_includes -lnnz11 -locci"

was "$with_oracle_libs", rather than "$with_oracle_includes" meant there? Perhaps like this:

LDFLAGS="-L${with_oracle_libs} -R${with_oracle_libs} -lnnz11 -locci"

These are just recommendations-at-first-glance.

Looking at the work done for pdns-3.1 and Oracle, I found this fragment in the "pdns" module of our build engine:

        #
        # For linking in OCI connectivity / "(g)oracle" backend.
        #
        ORACLE_HOME="/${prefix}/oracle/product/10.2.0/db_2"; export ORACLE_HOME
        LDFLAGS="-L/${prefix}/lib/64 -L${ORACLE_HOME}/lib -R${ORIGIN}:${ORIGIN}/../lib/64:${ORIGIN}/../../lib/64:/${prefix}/lib/64:/usr/sfw/lib/64:${ORACLE_HOME}/lib"

...If you keeps this up, Oracle will become a first class citizen in pdns land (:-) 		 	   		  


From cmouse at youzen.ext.b2.fi  Wed Mar 27 20:03:44 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 22:03:44 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
References: <CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
	<20130327184446.GC8105@pi.ip.fi>
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
Message-ID: <20130327200344.GD8105@pi.ip.fi>

On Wed, Mar 27, 2013 at 08:50:24PM +0100, a b wrote:
> > I also now made a patch that lets you define the location of oracle libs
> > and such, and would be grateful if people could test this patch to see if
> > it has some problems.
> >
> > you can find it from http://wiki.powerdns.com/trac/ticket/726
> 
> It might be desirable to change this line,
> 
> for p1 in /usr/include/oracle /usr/local/include/oracle

The point is to use instantclient libs, not the server libs, as intended.
 And at least on my devsystem, the instantclient-devel package installs 
under /usr/include. Ofcourse it might make some sense to add it to the list. 

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/09d81105/attachment.sig>

From cmouse at youzen.ext.b2.fi  Wed Mar 27 20:14:50 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 22:14:50 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <20130327200344.GD8105@pi.ip.fi>
References: <DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
	<20130327184446.GC8105@pi.ip.fi>
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
	<20130327200344.GD8105@pi.ip.fi>
Message-ID: <20130327201450.GE8105@pi.ip.fi>

On Wed, Mar 27, 2013 at 10:03:44PM +0200, Aki Tuomi wrote:
> On Wed, Mar 27, 2013 at 08:50:24PM +0100, a b wrote:
> > > I also now made a patch that lets you define the location of oracle libs
> > > and such, and would be grateful if people could test this patch to see if
> > > it has some problems.
> > >
> > > you can find it from http://wiki.powerdns.com/trac/ticket/726
> > 
> > It might be desirable to change this line,
> > 
> > for p1 in /usr/include/oracle /usr/local/include/oracle
> 
> The point is to use instantclient libs, not the server libs, as intended.
>  And at least on my devsystem, the instantclient-devel package installs 
> under /usr/include. Ofcourse it might make some sense to add it to the list. 
> 
> Aki

Added your suggestions into the patch, and replaced it. 

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/0537334f/attachment.sig>

From tripivceta at hotmail.com  Wed Mar 27 20:20:23 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 27 Mar 2013 21:20:23 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <20130327200344.GD8105@pi.ip.fi>
References: <CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>,
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>,
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>,
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>,
	<20130327145438.GA7783@pi.ip.fi>,
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>,
	<20130327150550.GA8105@pi.ip.fi>,
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>,
	<20130327184446.GC8105@pi.ip.fi>,
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>,
	<20130327200344.GD8105@pi.ip.fi>
Message-ID: <DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>

> The point is to use instantclient libs, not the server libs, as intended.

Ah, so. I always avoid instant client libraries, because they were never linked correctly, libtclntsh.so cannot find libnnz.so because Oracle does not link with the $ORIGIN linker keyword. If they did that, instant client libraries would be great. As they are, they require one to set LD_LIBRARY_PATH, which is a nasty, nasty hack which we absolutely refuse to do.

So what I end up doing is installing the Oracle RDBMS in our software stack prefix, which causes the installer to link libclntsh.so with libnnz.so correctly. Then I patch the relevant Makefile from Oracle to include the $ORIGIN keyword, and relink.

Finally, I grab libclntsh.so and libnnz.so, package them up separately and make the Oracle package depend on the client libraries' package.


> And at least on my devsystem, the instantclient-devel package installs
> under /usr/include. Ofcourse it might make some sense to add it to the list.

How strange that they would do such a thing, since it violates all those standards, one of which is their own! 		 	   		  


From cmouse at youzen.ext.b2.fi  Wed Mar 27 20:32:05 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 22:32:05 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>
References: <CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
	<20130327184446.GC8105@pi.ip.fi>
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
	<20130327200344.GD8105@pi.ip.fi>
	<DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>
Message-ID: <20130327203205.GF8105@pi.ip.fi>

On Wed, Mar 27, 2013 at 09:20:23PM +0100, a b wrote:
> > The point is to use instantclient libs, not the server libs, as intended.
> 
> Ah, so. I always avoid instant client libraries, because they were never linked correctly, libtclntsh.so cannot find libnnz.so because Oracle does not link with the $ORIGIN linker keyword. If they did that, instant client libraries would be great. As they are, they require one to set LD_LIBRARY_PATH, which is a nasty, nasty hack which we absolutely refuse to do.
> 
> So what I end up doing is installing the Oracle RDBMS in our software stack prefix, which causes the installer to link libclntsh.so with libnnz.so correctly. Then I patch the relevant Makefile from Oracle to include the $ORIGIN keyword, and relink.
> 
> Finally, I grab libclntsh.so and libnnz.so, package them up separately and make the Oracle package depend on the client libraries' package.
> 
> 
> > And at least on my devsystem, the instantclient-devel package installs
> > under /usr/include. Ofcourse it might make some sense to add it to the list.
> 
> How strange that they would do such a thing, since it violates all those standards, one of which is their own! 		 	   		  

Full path is 

/usr/include/oracle/11.2/client64/

and libs go into

/usr/lib/oracle/11.2/client64/lib

not 100% sure if this is something caused by alien or the instantclient-devel
rpm.

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/e6172d74/attachment.sig>

From cmouse at youzen.ext.b2.fi  Wed Mar 27 20:33:46 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 22:33:46 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>
References: <CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
	<20130327184446.GC8105@pi.ip.fi>
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
	<20130327200344.GD8105@pi.ip.fi>
	<DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>
Message-ID: <20130327203346.GA12112@pi.ip.fi>

On Wed, Mar 27, 2013 at 09:20:23PM +0100, a b wrote:
> > The point is to use instantclient libs, not the server libs, as intended.
> 
> Ah, so. I always avoid instant client libraries, because they were never linked correctly, libtclntsh.so cannot find libnnz.so because Oracle does not link with the $ORIGIN linker keyword. If they did that, instant client libraries would be great. As they are, they require one to set LD_LIBRARY_PATH, which is a nasty, nasty hack which we absolutely refuse to do.

Actually you can fix this with /etc/ld.so.conf, just make sure the lib dir(s) 
are in, say, /etc/ld.so.conf.d/oracle or /etc/ld.so.conf and run ldconfig.

no need to use LD_LIBRARY_PATH

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/7f0fd072/attachment.sig>

From tripivceta at hotmail.com  Wed Mar 27 20:44:59 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 27 Mar 2013 21:44:59 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <20130327203346.GA12112@pi.ip.fi>
References: <CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>,
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>,
	<20130327145438.GA7783@pi.ip.fi>,
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>,
	<20130327150550.GA8105@pi.ip.fi>,
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>,
	<20130327184446.GC8105@pi.ip.fi>,
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>,
	<20130327200344.GD8105@pi.ip.fi>,
	<DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>,
	<20130327203346.GA12112@pi.ip.fi>
Message-ID: <DUB109-W1247CFBA14A413A05CD404BDCD10@phx.gbl>

> Actually you can fix this with /etc/ld.so.conf, just make sure the lib dir(s)
> are in, say, /etc/ld.so.conf.d/oracle or /etc/ld.so.conf and run ldconfig.
>
> no need to use LD_LIBRARY_PATH

That only works on GNU/Linux; if the libraries and binaries are linked with -R, it is not necessary to set either LD_LIBRARY_PATH nor /etc/ld.so.conf, and that technique works on both GNU/Linux and all the System V UNIXes.

As an additional measure, using the $ORIGIN link editor keyword will encode RUNPATH and RPATH into the ELF header,

[9]     RUNPATH         $ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib:/opt/lib
[10]    RPATH           $ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib:/opt/lib

...causing the runtime linker to look in the current directory of the binary/library first ($ORIGIN), then in the other paths relative to the directory where the binary/library are ($ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib). This feature is supported by GNU ld, and ld's in Solaris, IRIX and HP-UX, and possibly other UNIX operating systems.

After this, binary executables and libraries can be relocated anywhere, so long as the relative filesystem structure is preserved.

The neat thing about the $ORIGIN keyword is that it causes the linker to always correctly find symbols in libraries and binaries, without having to depend on LD_LIBRARY_PATH or /etc/ld.so.conf.

I would pay good money to find out why Oracle does not do this with their instant client libraries. 		 	   		  


From margus.kiting at gmail.com  Thu Mar 28 08:06:07 2013
From: margus.kiting at gmail.com (Margus Kiting)
Date: Thu, 28 Mar 2013 10:06:07 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W1247CFBA14A413A05CD404BDCD10@phx.gbl>
References: <CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
	<20130327184446.GC8105@pi.ip.fi>
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
	<20130327200344.GD8105@pi.ip.fi>
	<DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>
	<20130327203346.GA12112@pi.ip.fi>
	<DUB109-W1247CFBA14A413A05CD404BDCD10@phx.gbl>
Message-ID: <CAFRaUva2UNV7qE24bVLC-YssNLBumR5nU2Zu7P+pXTQOsTHSUA@mail.gmail.com>

Hi,

Thanks all for infromation. I'll try this patch today. I have two more
questions. Have someone tried AXFR ACL's with oracle backend? is DNSSEC
enabled by default using oracle backend or it need some kind of
configuration flag? I cound not find any information from documentation.

Best Regards,
Margus Kiting

On 27 March 2013 22:44, a b <tripivceta at hotmail.com> wrote:

> > Actually you can fix this with /etc/ld.so.conf, just make sure the lib
> dir(s)
> > are in, say, /etc/ld.so.conf.d/oracle or /etc/ld.so.conf and run
> ldconfig.
> >
> > no need to use LD_LIBRARY_PATH
>
> That only works on GNU/Linux; if the libraries and binaries are linked
> with -R, it is not necessary to set either LD_LIBRARY_PATH nor
> /etc/ld.so.conf, and that technique works on both GNU/Linux and all the
> System V UNIXes.
>
> As an additional measure, using the $ORIGIN link editor keyword will
> encode RUNPATH and RPATH into the ELF header,
>
> [9]     RUNPATH         $ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib:/opt/lib
> [10]    RPATH           $ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib:/opt/lib
>
> ...causing the runtime linker to look in the current directory of the
> binary/library first ($ORIGIN), then in the other paths relative to the
> directory where the binary/library are
> ($ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib). This feature is supported by
> GNU ld, and ld's in Solaris, IRIX and HP-UX, and possibly other UNIX
> operating systems.
>
> After this, binary executables and libraries can be relocated anywhere, so
> long as the relative filesystem structure is preserved.
>
> The neat thing about the $ORIGIN keyword is that it causes the linker to
> always correctly find symbols in libraries and binaries, without having to
> depend on LD_LIBRARY_PATH or /etc/ld.so.conf.
>
> I would pay good money to find out why Oracle does not do this with their
> instant client libraries.
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130328/89a84760/attachment.html>

From klaus.mailinglists at pernau.at  Thu Mar 28 11:03:46 2013
From: klaus.mailinglists at pernau.at (Klaus Darilion)
Date: Thu, 28 Mar 2013 12:03:46 +0100
Subject: [Pdns-users] NSEC3 opt-out issues in PDNS 3.2
In-Reply-To: <51532702.7020207@pernau.at>
References: <51532702.7020207@pernau.at>
Message-ID: <51542392.3090900@pernau.at>

Meanwhile I found the important statement in the docu: "In NSEC3 opt-out 
mode (the only NSEC3 mode PowerDNS currently supports) ....".

Are there any plans to support NSEC3 without opt-out?

Further, I wonder why and how Powerdns synthesis the NSEC3 records on 
the fly? In our setup PDNS is a secondary, the signing happens on the 
master. Thus, PDNS receives the zone with AXFR, including the NSEC3 
records and the corresponding RRSIG records. Then, PDNS ignores all the 
NSEC3 records and synthesis them newly. Therefore there is great chance 
that the original signature does not work anymore, and that's also the 
reason why a zone without opt-out gets broken by PDNS.

regards
Klaus





On 27.03.2013 18:06, Klaus Darilion wrote:
> Hi!
>
> We have a setup with Powerdns between a bind master and bind
> secondaries. The master signs the zone without "opt-out". Thus, the
> NSEC3 records in the zone transfer from master->PDNS haev the NSEC3 flag
> set to 0. When the bind secondaries transfer the zone from PDNS, the
> NSEC3 records all have the NSEC3 flag set to 1 (opt-out). Of course this
> breaks the signature of the NSEC3 RR.
>
> Is this a known issue? Is there a config option to fix this?
>
> Thanks
> Klaus
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



From cmouse at youzen.ext.b2.fi  Thu Mar 28 11:12:15 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Thu, 28 Mar 2013 13:12:15 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <CAFRaUva2UNV7qE24bVLC-YssNLBumR5nU2Zu7P+pXTQOsTHSUA@mail.gmail.com>
References: <DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
	<20130327184446.GC8105@pi.ip.fi>
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
	<20130327200344.GD8105@pi.ip.fi>
	<DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>
	<20130327203346.GA12112@pi.ip.fi>
	<DUB109-W1247CFBA14A413A05CD404BDCD10@phx.gbl>
	<CAFRaUva2UNV7qE24bVLC-YssNLBumR5nU2Zu7P+pXTQOsTHSUA@mail.gmail.com>
Message-ID: <20130328111215.GA19955@pi.ip.fi>

The oraclebackend has dnssec turned on by default, the schema seems to support
it. AXFR seems to implemented as well.

To get all configuration options for oracle backend, you can run

pdns_server --config --launch=oracle

I am working with getting oracle xe instance to work on my devkit ubuntu
and then with mr. van Dijk to get the same setup replicated on pdns jenkins
for continuous testing for both goracle and oracle backend. 

Aki

On Thu, Mar 28, 2013 at 10:06:07AM +0200, Margus Kiting wrote:
> Hi,
> 
> Thanks all for infromation. I'll try this patch today. I have two more
> questions. Have someone tried AXFR ACL's with oracle backend? is DNSSEC
> enabled by default using oracle backend or it need some kind of
> configuration flag? I cound not find any information from documentation.
> 
> Best Regards,
> Margus Kiting
> 
> On 27 March 2013 22:44, a b <tripivceta at hotmail.com> wrote:
> 
> > > Actually you can fix this with /etc/ld.so.conf, just make sure the lib
> > dir(s)
> > > are in, say, /etc/ld.so.conf.d/oracle or /etc/ld.so.conf and run
> > ldconfig.
> > >
> > > no need to use LD_LIBRARY_PATH
> >
> > That only works on GNU/Linux; if the libraries and binaries are linked
> > with -R, it is not necessary to set either LD_LIBRARY_PATH nor
> > /etc/ld.so.conf, and that technique works on both GNU/Linux and all the
> > System V UNIXes.
> >
> > As an additional measure, using the $ORIGIN link editor keyword will
> > encode RUNPATH and RPATH into the ELF header,
> >
> > [9]     RUNPATH         $ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib:/opt/lib
> > [10]    RPATH           $ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib:/opt/lib
> >
> > ...causing the runtime linker to look in the current directory of the
> > binary/library first ($ORIGIN), then in the other paths relative to the
> > directory where the binary/library are
> > ($ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib). This feature is supported by
> > GNU ld, and ld's in Solaris, IRIX and HP-UX, and possibly other UNIX
> > operating systems.
> >
> > After this, binary executables and libraries can be relocated anywhere, so
> > long as the relative filesystem structure is preserved.
> >
> > The neat thing about the $ORIGIN keyword is that it causes the linker to
> > always correctly find symbols in libraries and binaries, without having to
> > depend on LD_LIBRARY_PATH or /etc/ld.so.conf.
> >
> > I would pay good money to find out why Oracle does not do this with their
> > instant client libraries.
> > _______________________________________________
> > Pdns-users mailing list
> > Pdns-users at mailman.powerdns.com
> > http://mailman.powerdns.com/mailman/listinfo/pdns-users
> >

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130328/db864b13/attachment.sig>

From peter.van.dijk at netherlabs.nl  Thu Mar 28 12:13:01 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Thu, 28 Mar 2013 13:13:01 +0100
Subject: [Pdns-users] NSEC3 opt-out issues in PDNS 3.2
In-Reply-To: <51542392.3090900@pernau.at>
References: <51532702.7020207@pernau.at> <51542392.3090900@pernau.at>
Message-ID: <0ED070BC-D5E8-45A9-9503-D493D790E53E@netherlabs.nl>

Hello Klaus,

On Mar 28, 2013, at 12:03 , Klaus Darilion wrote:

> Meanwhile I found the important statement in the docu: "In NSEC3 opt-out mode (the only NSEC3 mode PowerDNS currently supports) ....".
> 
> Are there any plans to support NSEC3 without opt-out?

Yes - Kees Monshouwer has in fact written a great patch for it already. We will merge it as time permits. You can find it at https://github.com/Habbie/powerdns/pull/71

> Further, I wonder why and how Powerdns synthesis the NSEC3 records on the fly? In our setup PDNS is a secondary, the signing happens on the master. Thus, PDNS receives the zone with AXFR, including the NSEC3 records and the corresponding RRSIG records. Then, PDNS ignores all the NSEC3 records and synthesis them newly. Therefore there is great chance that the original signature does not work anymore, and that's also the reason why a zone without opt-out gets broken by PDNS.


Apart from opt out vs. no opt out, we have had zero reports of our synthesis breaking original signatures. I'll admit that it does not feel robust, but all modern signers appear to agree on what the canonical NSEC3 chain for a zone is.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/




From akunz at wishmedia.de  Fri Mar 29 06:16:36 2013
From: akunz at wishmedia.de (Alexander Kunz)
Date: Fri, 29 Mar 2013 07:16:36 +0100
Subject: [Pdns-users] Some more exampels or informations about LUA?
In-Reply-To: <0ED070BC-D5E8-45A9-9503-D493D790E53E@netherlabs.nl>
References: <51532702.7020207@pernau.at> <51542392.3090900@pernau.at>
	<0ED070BC-D5E8-45A9-9503-D493D790E53E@netherlabs.nl>
Message-ID: <1A6D29D2-ABF5-498E-9C7B-11C6037103F8@wishmedia.de>


Hello PDNS users,

are there some more examples or informations about embedded LUA backends? 

I try to use some geo informations about the requester IP address, and redis use age. I only found the small example in the backends manual. Perhaps anyone know a more complex example?

Any hints are welcome.

Thanks, and have a nice day...

Kind regards,

Alexander Kunz




From akunz at wishmedia.de  Fri Mar 29 17:24:43 2013
From: akunz at wishmedia.de (Alexander Kunz)
Date: Fri, 29 Mar 2013 18:24:43 +0100
Subject: [Pdns-users] Some more exampels or informations about LUA?
In-Reply-To: <515571E1.9050704@fredan.org>
References: <51532702.7020207@pernau.at> <51542392.3090900@pernau.at>
	<0ED070BC-D5E8-45A9-9503-D493D790E53E@netherlabs.nl>
	<1A6D29D2-ABF5-498E-9C7B-11C6037103F8@wishmedia.de>
	<515571E1.9050704@fredan.org>
Message-ID: <5155CE5B.8030303@wishmedia.de>



Hello fredrik,

thanks for your answer. Im not sure why, but my mail goes out of the 
mailinglist. But i think my answer is not really interesting for 
everyone. Thanks for yor link, i missed the surce because the "with-lua" 
switch, i looked not into the modules, i thought it is a core feature. 
The new Lua backend looks awsome, i will try to build it and try to 
write my lua code, if it works, i write some lines to the list. Thats so 
great, nginx can also use lua... So, it will be easy writing custom 
logic to such essential (core)services like DNS with one powerful 
language. Hope you keep on developing this module.

Thanks so much,

Alexander Kunz



Am 29.03.2013 11:50, schrieb fredrik danerklint:
> You are talking about the Luabackend which I wrote?
>
> You can find a more updated version here:
>
> https://github.com/fredan/luabackend
>
> This version has the prefix function which will help you to build your 
> geo informations to the backend.
>
> 2013-03-29 07:16, Alexander Kunz skrev:
>>
>> Hello PDNS users,
>>
>> are there some more examples or informations about embedded LUA 
>> backends?
>>
>> I try to use some geo informations about the requester IP address, 
>> and redis use age. I only found the small example in the backends 
>> manual. Perhaps anyone know a more complex example?
>>
>> Any hints are welcome.
>>
>> Thanks, and have a nice day...
>>
>> Kind regards,
>>
>> Alexander Kunz
>>
>>
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>>
>>
>
>




From akunz at wishmedia.de  Sun Mar 31 12:17:19 2013
From: akunz at wishmedia.de (Alexander Kunz)
Date: Sun, 31 Mar 2013 14:17:19 +0200
Subject: [Pdns-users] Some more exampels or informations about LUA?
In-Reply-To: <5155CE5B.8030303@wishmedia.de>
References: <51532702.7020207@pernau.at> <51542392.3090900@pernau.at>
	<0ED070BC-D5E8-45A9-9503-D493D790E53E@netherlabs.nl>
	<1A6D29D2-ABF5-498E-9C7B-11C6037103F8@wishmedia.de>
	<515571E1.9050704@fredan.org> <5155CE5B.8030303@wishmedia.de>
Message-ID: <5158294F.6030106@wishmedia.de>

Hello,

sorry again. But i have still two questions which are not clear to me.

First of all, what are the difference between --enable-lua and the 
module / backend lua setting. Is it right to set both options during 
configure?

I try to use redis.lua in my pdns.lua file. But i get this error. I 
think its not really pdns related - do i miss some path informations 
during configure?

Google says somthing about LDPATH, but i am not sure where to set this 
path, because lua looks at the right path, but search this undefined symbol.

TCP server is unable to launch backends - will try again when questions 
come in:

[LUABackend 1] Error running the file '/usr/local/etc/pdns/pdns.lua' : 
error loading module 'socket.core'
from file '/usr/local/lib/lua/5.1/socket/core.so':
#012#011/usr/local/lib/lua/5.1/socket/core.so: undefined symbol:
lua_getmetatable

Thanks for any hints.



Am 29.03.2013 18:24, schrieb Alexander Kunz:
>
>
> Hello fredrik,
>
> thanks for your answer. Im not sure why, but my mail goes out of the
> mailinglist. But i think my answer is not really interesting for
> everyone. Thanks for yor link, i missed the surce because the "with-lua"
> switch, i looked not into the modules, i thought it is a core feature.
> The new Lua backend looks awsome, i will try to build it and try to
> write my lua code, if it works, i write some lines to the list. Thats so
> great, nginx can also use lua... So, it will be easy writing custom
> logic to such essential (core)services like DNS with one powerful
> language. Hope you keep on developing this module.
>
> Thanks so much,
>
> Alexander Kunz
>
>
>
> Am 29.03.2013 11:50, schrieb fredrik danerklint:
>> You are talking about the Luabackend which I wrote?
>>
>> You can find a more updated version here:
>>
>> https://github.com/fredan/luabackend
>>
>> This version has the prefix function which will help you to build your
>> geo informations to the backend.
>>
>> 2013-03-29 07:16, Alexander Kunz skrev:
>>>
>>> Hello PDNS users,
>>>
>>> are there some more examples or informations about embedded LUA
>>> backends?
>>>
>>> I try to use some geo informations about the requester IP address,
>>> and redis use age. I only found the small example in the backends
>>> manual. Perhaps anyone know a more complex example?
>>>
>>> Any hints are welcome.
>>>
>>> Thanks, and have a nice day...
>>>
>>> Kind regards,
>>>
>>> Alexander Kunz
>>>
>>>
>>> _______________________________________________
>>> Pdns-users mailing list
>>> Pdns-users at mailman.powerdns.com
>>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>>>
>>>
>>
>>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



From akunz at wishmedia.de  Sun Mar 31 13:21:43 2013
From: akunz at wishmedia.de (Alexander Kunz)
Date: Sun, 31 Mar 2013 15:21:43 +0200
Subject: [Pdns-users] Some more exampels or informations about LUA?
In-Reply-To: <51582D29.8040401@fredan.org>
References: <51532702.7020207@pernau.at> <51542392.3090900@pernau.at>
	<0ED070BC-D5E8-45A9-9503-D493D790E53E@netherlabs.nl>
	<1A6D29D2-ABF5-498E-9C7B-11C6037103F8@wishmedia.de>
	<515571E1.9050704@fredan.org> <5155CE5B.8030303@wishmedia.de>
	<5158294F.6030106@wishmedia.de> <51582D29.8040401@fredan.org>
Message-ID: <51583867.6080301@wishmedia.de>


Thanks so much,

--with-modules="" --with-dynmodules="lua"

does the trick, i used

--with-modules="lua" --enable-lua

have a nice day ...

Alexander


Am 31.03.2013 14:33, schrieb fredrik danerklint:
> http://tlmc.fredan.se/tlmc-20130207-r1.tar.gz
>
> Download that and go to the directory 'tlmc' and run './pdns'
>
> There you have the latest version of the Luabackend.
>


> This is a pre-compiled version for X86_64.
>
> 2013-03-31 14:17, Alexander Kunz skrev:
>> Hello,
>>
>> sorry again. But i have still two questions which are not clear to me.
>>
>> First of all, what are the difference between --enable-lua and the
>> module / backend lua setting. Is it right to set both options during
>> configure?
>>
>> I try to use redis.lua in my pdns.lua file. But i get this error. I
>> think its not really pdns related - do i miss some path informations
>> during configure?
>>
>> Google says somthing about LDPATH, but i am not sure where to set this
>> path, because lua looks at the right path, but search this undefined
>> symbol.
>>
>> TCP server is unable to launch backends - will try again when questions
>> come in:
>>
>> [LUABackend 1] Error running the file '/usr/local/etc/pdns/pdns.lua' :
>> error loading module 'socket.core'
>> from file '/usr/local/lib/lua/5.1/socket/core.so':
>> #012#011/usr/local/lib/lua/5.1/socket/core.so: undefined symbol:
>> lua_getmetatable
>>
>> Thanks for any hints.
>>
>
>



From powerdns at usenet-verwaltung.de  Fri Mar  1 13:52:47 2013
From: powerdns at usenet-verwaltung.de (Juergen Ilse)
Date: Fri, 1 Mar 2013 14:52:47 +0100
Subject: [Pdns-users]  Reverse DNS
In-Reply-To: <mailman.1.1362135601.15960.pdns-users@mailman.powerdns.com>
References: <mailman.1.1362135601.15960.pdns-users@mailman.powerdns.com>
Message-ID: <20130301135247.GA21435@usenet-verwaltung.de>

On  Thu, 28 Feb 2013 11:36:27 -0500 Jay Zeemer <jzeemer at hotmail.com> worte:
> ----------------------------------------------------------------------
> Greetings,
> 
> I am running Power DNS on an ubuntu server, and everything seems to be working correct except I have reverse DNS configured and delegated, but for some reason my reverse dns response is a CNAME for in-addr.arpa instead of my PTR records domain name.
> 
> Thanks for any and all assistance.

Have a look at RFC2317 for further explanation:
In case of reverse-delegation for networks smaller than /24, the common
practice is to fill in an "additional label" using CNAMEs instead of 
PTR records.

regards,
	Juergen Ilse
-- 
Ein Domainname (auch wenn er Teil einer Mailadresse ist) ist nur ein Name,
nicht mehr und nicht weniger ...


From peter.van.dijk at netherlabs.nl  Fri Mar  1 14:50:42 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Fri, 1 Mar 2013 15:50:42 +0100
Subject: [Pdns-users] Reverse DNS
In-Reply-To: <20130301135247.GA21435@usenet-verwaltung.de>
References: <mailman.1.1362135601.15960.pdns-users@mailman.powerdns.com>
	<20130301135247.GA21435@usenet-verwaltung.de>
Message-ID: <E9136540-2D6A-467A-814E-04834CE380DC@netherlabs.nl>

Hello,

On Mar 1, 2013, at 14:52 , Juergen Ilse wrote:

> On  Thu, 28 Feb 2013 11:36:27 -0500 Jay Zeemer <jzeemer at hotmail.com> worte:
>> I am running Power DNS on an ubuntu server, and everything seems to be working correct except I have reverse DNS configured and delegated, but for some reason my reverse dns response is a CNAME for in-addr.arpa instead of my PTR records domain name.
>> 
>> Thanks for any and all assistance.
> 
> Have a look at RFC2317 for further explanation:
> In case of reverse-delegation for networks smaller than /24, the common
> practice is to fill in an "additional label" using CNAMEs instead of 
> PTR records.


This 'common practice' is broken, ugly and unnecessary. It is also, indeed, common, and probably explains at least part of what you are seeing.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From grinapo+pdnsdevel at gmail.com  Fri Mar  1 15:02:33 2013
From: grinapo+pdnsdevel at gmail.com (Peter Gervai)
Date: Fri, 1 Mar 2013 16:02:33 +0100
Subject: [Pdns-users] Reverse DNS
In-Reply-To: <E9136540-2D6A-467A-814E-04834CE380DC@netherlabs.nl>
References: <mailman.1.1362135601.15960.pdns-users@mailman.powerdns.com>
	<20130301135247.GA21435@usenet-verwaltung.de>
	<E9136540-2D6A-467A-814E-04834CE380DC@netherlabs.nl>
Message-ID: <CAAWNVq9iw6y=inPfo-OAkgr4kTx3FifbJWTKqo7eObiWxugoew@mail.gmail.com>

On Fri, Mar 1, 2013 at 3:50 PM, Peter van Dijk
<peter.van.dijk at netherlabs.nl> wrote:
> This 'common practice' is broken, ugly and unnecessary.

What are the alternatives?

g


From mh+pdns-users at zugschlus.de  Fri Mar  1 20:29:50 2013
From: mh+pdns-users at zugschlus.de (Marc Haber)
Date: Fri, 1 Mar 2013 21:29:50 +0100
Subject: [Pdns-users] Reverse DNS
In-Reply-To: <BAY002-W2151C5B3D4AB43DB81F6BEEA5FE0@phx.gbl>
References: <BAY002-W2151C5B3D4AB43DB81F6BEEA5FE0@phx.gbl>
Message-ID: <20130301202950.GK7925@torres.zugschlus.de>

On Thu, Feb 28, 2013 at 11:36:27AM -0500, Jay Zeemer wrote:
> I am running Power DNS on an ubuntu server, and everything seems to be
> working correct except I have reverse DNS configured and delegated,
> but for some reason my reverse dns response is a CNAME for
> in-addr.arpa instead of my PTR records domain name.

This could be an RFC2317 delegation. Which IP address/network are we
talking about?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062


From aleksey.chudov at gmail.com  Fri Mar  1 22:21:01 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Sat, 02 Mar 2013 00:21:01 +0200
Subject: [Pdns-users] Pdns Remote backend crash
Message-ID: <513129CD.4060003@gmail.com>

Hello,

I encountered the following problem. When executing Remote backend 
(tested with Remote + socket, pipe and http) and distributor-threads 
parameter greater than 1 pdns_server process crash while performance 
testing.

Pdns was built on Debian 6.0.7

aptitude install libboost-program-options-dev libboost-serialization-dev 
liblua5.1-dev libz-dev
wget http://downloads.powerdns.com/releases/pdns-3.2.tar.gz
tar -xzf pdns-3.2.tar.gz
cd pdns-3.2/
./configure --prefix=/usr --sysconfdir=/etc/powerdns 
--localstatedir=/var/run/pdns --libdir=/usr/lib/pdns --disable-shared 
--enable-static --enable-static-boost --enable-static-binaries 
--enable-pdns_server --disable-recursor --with-modules="pipe remote" 
--with-dynmodules=""
make
make install


There is no errors when pdns_server starts with distributor-threads=1. 
Performance is quite good – 7k qps according to dnsperf statistics (32 
instances of dnsperf simultaneously). But if I start pdns_server with 
distributor-threads greater than 1 and run more than one instance 
dnsperf simultaneously, the process crash.

log-level is set to 9 but only the following message is printed to log file

Feb 27 19:49:01 srv1 pdns[28609]: Got a signal 6, attempting to print 
trace:
Feb 27 19:49:01 srv1 pdns[28609]: [0x49a720]
Feb 27 19:49:01 srv1 pdns[28609]: [0x6598d0]
Feb 27 19:49:01 srv1 pdns[28609]: [0x762f75]
Feb 27 19:49:01 srv1 pdns[28609]: [0x6f5b90]
Feb 27 19:49:01 srv1 pdns[28609]: [0x6f0ac5]
Feb 27 19:49:01 srv1 pdns[28609]: [0x42b227]
Feb 27 19:49:01 srv1 pdns[28609]: [0x47f202]
Feb 27 19:49:01 srv1 pdns[28609]: [0x4a5e41]
Feb 27 19:49:01 srv1 pdns[28609]: [0x456399]
Feb 27 19:49:01 srv1 pdns[28609]: [0x45e9b7]
Feb 27 19:49:01 srv1 pdns[28609]: [0x460825]
Feb 27 19:49:01 srv1 pdns[28609]: [0x4e1244]
Feb 27 19:49:01 srv1 pdns[28609]: [0x65561a]
Feb 27 19:49:01 srv1 pdns[28609]: [0x741fa9]
Feb 27 19:49:01 srv1 pdns[28607]: Our pdns instance (28609) exited after 
signal 6
Feb 27 19:49:01 srv1 pdns[28607]: Respawning

I specifically checked that there is no such problem with Pipe backend 
only with Remote backend.

Any ideas?


Best regards,
Aleksey



From cmouse at youzen.ext.b2.fi  Sat Mar  2 10:05:15 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 12:05:15 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <513129CD.4060003@gmail.com>
References: <513129CD.4060003@gmail.com>
Message-ID: <20130302100514.GA9458@pi.ip.fi>

I'll have a look at this, can you please file a bug report at 

http://wiki.powerdns.com/trac

Regards,
Aki Tuomi

On Sat, Mar 02, 2013 at 12:21:01AM +0200, Aleksey Chudov wrote:
> Hello,
> 
> I encountered the following problem. When executing Remote backend
> (tested with Remote + socket, pipe and http) and distributor-threads
> parameter greater than 1 pdns_server process crash while performance
> testing.
> 
> Pdns was built on Debian 6.0.7
> 
> aptitude install libboost-program-options-dev
> libboost-serialization-dev liblua5.1-dev libz-dev
> wget http://downloads.powerdns.com/releases/pdns-3.2.tar.gz
> tar -xzf pdns-3.2.tar.gz
> cd pdns-3.2/
> ./configure --prefix=/usr --sysconfdir=/etc/powerdns
> --localstatedir=/var/run/pdns --libdir=/usr/lib/pdns
> --disable-shared --enable-static --enable-static-boost
> --enable-static-binaries --enable-pdns_server --disable-recursor
> --with-modules="pipe remote" --with-dynmodules=""
> make
> make install
> 
> 
> There is no errors when pdns_server starts with
> distributor-threads=1. Performance is quite good – 7k qps according
> to dnsperf statistics (32 instances of dnsperf simultaneously). But
> if I start pdns_server with distributor-threads greater than 1 and
> run more than one instance dnsperf simultaneously, the process
> crash.
> 
> log-level is set to 9 but only the following message is printed to log file
> 
> Feb 27 19:49:01 srv1 pdns[28609]: Got a signal 6, attempting to
> print trace:
> Feb 27 19:49:01 srv1 pdns[28609]: [0x49a720]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x6598d0]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x762f75]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x6f5b90]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x6f0ac5]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x42b227]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x47f202]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x4a5e41]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x456399]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x45e9b7]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x460825]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x4e1244]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x65561a]
> Feb 27 19:49:01 srv1 pdns[28609]: [0x741fa9]
> Feb 27 19:49:01 srv1 pdns[28607]: Our pdns instance (28609) exited
> after signal 6
> Feb 27 19:49:01 srv1 pdns[28607]: Respawning
> 
> I specifically checked that there is no such problem with Pipe
> backend only with Remote backend.
> 
> Any ideas?
> 
> 
> Best regards,
> Aleksey
> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/f072a496/attachment-0001.sig>

From cmouse at youzen.ext.b2.fi  Sat Mar  2 11:18:52 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 13:18:52 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130302100514.GA9458@pi.ip.fi>
References: <513129CD.4060003@gmail.com>
 <20130302100514.GA9458@pi.ip.fi>
Message-ID: <20130302111852.GA10522@pi.ip.fi>

> > Hello,
> > 
> > I encountered the following problem. When executing Remote backend
> > (tested with Remote + socket, pipe and http) and distributor-threads
> > parameter greater than 1 pdns_server process crash while performance
> > testing.
> > 
> > Pdns was built on Debian 6.0.7

Hi!

I tried with pdns-3.2 and svn head, and was unable to reproduce your problem.

Can you show me your remotebackend script, maybe? The one I used for testing
is at http://cmouse.desteem.org/remote.txt and dnsperf input was generated with

LC_ALL=C egrep '^[A-Za-z]+$' /usr/share/dict/american-english | awk '{ print $1 ".example.com A" }' > dnsperf.in

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/03d35b6e/attachment-0001.sig>

From cmouse at youzen.ext.b2.fi  Sat Mar  2 11:51:18 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 13:51:18 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130302111852.GA10522@pi.ip.fi>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi>
Message-ID: <20130302115118.GB10522@pi.ip.fi>

On Sat, Mar 02, 2013 at 01:18:52PM +0200, Aki Tuomi wrote:
> > > Hello,
> > > 
> > > I encountered the following problem. When executing Remote backend
> > > (tested with Remote + socket, pipe and http) and distributor-threads
> > > parameter greater than 1 pdns_server process crash while performance
> > > testing.
> > > 
> > > Pdns was built on Debian 6.0.7
> 
> Hi!
> 
> I tried with pdns-3.2 and svn head, and was unable to reproduce your problem.
> 
> Can you show me your remotebackend script, maybe? The one I used for testing
> is at http://cmouse.desteem.org/remote.txt and dnsperf input was generated with
> 
> LC_ALL=C egrep '^[A-Za-z]+$' /usr/share/dict/american-english | awk '{ print $1 ".example.com A" }' > dnsperf.in
> 
> Aki

Also, please recompile with CFLAGS="-g -O3" CXXFLAGS="-g -O3" to ensure that
debugging symbols get inserted and the stack trace will be more helpful. 

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/5f736303/attachment-0001.sig>

From aleksey.chudov at gmail.com  Sat Mar  2 14:14:16 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Sat, 02 Mar 2013 16:14:16 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130302111852.GA10522@pi.ip.fi>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi>
Message-ID: <51320938.5010906@gmail.com>

On 02.03.2013 13:18, Aki Tuomi wrote:
> I'll have a look at this, can you please file a bug report at
> http://wiki.powerdns.com/trac

Suggest to make sure it is really a bug and not my fault.

> Can you show me your remotebackend script, maybe?

Does not matter. I can reproduce the problem with yours 
http://cmouse.desteem.org/remote.txt

> I tried with pdns-3.2 and svn head, and was unable to reproduce your problem.

Below is the exact commands of how I can reproduce the problem on my 
clean Debian virtual machine

# Upgrade the system

aptitude update
aptitude full-upgrade


# Build and install PowerDNS

aptitude install build-essential libboost-program-options-dev 
libboost-serialization-dev liblua5.1-0-dev zlib1g-dev
cd /usr/src/
wget http://downloads.powerdns.com/releases/pdns-3.2.tar.gz
tar -xzf pdns-3.2.tar.gz
cd pdns-3.2/
CFLAGS="-g -O3" CXXFLAGS="-g -O3" ./configure --prefix=/usr/local/pdns 
--disable-shared --enable-static --enable-static-boost 
--enable-static-binaries --enable-pdns_server --disable-recursor 
--with-modules="pipe remote" --with-dynmodules=""
make
make install


# Install Remote backend script

aptitude install ruby rubygems libjson-ruby
wget http://cmouse.desteem.org/remote.txt -O /usr/local/pdns/etc/remote.rb
chmod +x /usr/local/pdns/etc/remote.rb


# Start and test PowerDNS

/usr/sbin/groupadd -r pdns
/usr/sbin/useradd -g pdns -s /bin/false -r -c "PowerDNS daemon" -d 
/var/run/pdns pdns

/usr/local/pdns/sbin/pdns_server --daemon --guardian=yes --cache-ttl=0 
--distributor-threads=7 --launch=remote --local-ipv6= 
--log-dns-details=yes --log-failed-updates=yes --loglevel=4 
--query-cache-ttl=0 --query-local-address6= --setgid=pdns --setuid=pdns 
--socket-dir=/var/run/pdns --version-string=anonymous 
--remote-connection-string=pipe:command=/usr/local/pdns/etc/remote.rb

dig @localhost xxx.example.com. A


# Build and install dnsperf

aptitude install libbind-dev libkrb5-dev libssl-dev libcap-dev libxml2-dev
cd /usr/src/
wget 
ftp://ftp.nominum.com/pub/nominum/dnsperf/1.0.1.0/dnsperf-src-1.0.1.0-1.tar.gz
tar -xzf dnsperf-src-1.0.1.0-1.tar.gz
cd dnsperf-src-1.0.1.0-1/
./configure --prefix=/usr/local/dnsperf
make
make install


# Start performance test

LC_ALL=C egrep '^[A-Za-z]+$' /usr/share/dict/american-english | awk '{ 
print $1 ".example.com A" }' > /usr/local/dnsperf/dnsperf.in
/usr/local/dnsperf/bin/dnsperf -d /usr/local/dnsperf/dnsperf.in -s 
localhost -f inet -l 300


# PowerDNS crash :(


Regards,
Aleksey


From cmouse at youzen.ext.b2.fi  Sat Mar  2 14:28:09 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 16:28:09 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <51320938.5010906@gmail.com>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
Message-ID: <20130302142809.GA12483@pi.ip.fi>

On Sat, Mar 02, 2013 at 04:14:16PM +0200, Aleksey Chudov wrote:
> On 02.03.2013 13:18, Aki Tuomi wrote:
> >I'll have a look at this, can you please file a bug report at
> >http://wiki.powerdns.com/trac
> 
> Suggest to make sure it is really a bug and not my fault.
> 
> >Can you show me your remotebackend script, maybe?
> 
> Does not matter. I can reproduce the problem with yours
> http://cmouse.desteem.org/remote.txt
> 
> >I tried with pdns-3.2 and svn head, and was unable to reproduce your problem.
> 
> Regards,
> Aleksey

Did the crash give any usable stack trace or core file which you could
inspect with gdb? 

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/03f694c7/attachment-0001.sig>

From barney+powerdns at lucidnetworks.co.uk  Sat Mar  2 17:10:18 2013
From: barney+powerdns at lucidnetworks.co.uk (Barney Sowood)
Date: Sat, 2 Mar 2013 17:10:18 +0000
Subject: [Pdns-users] pdns master fails to send notify due to error parsing
	SOA record
Message-ID: <20130302171017.GB8314@lucidnetworks.co.uk>

Hi,

I'm running pdns with the generic postgresql backend. I converted
zones from bind using zone2sql and I'm successfuly serving data.

I'm using pdns as a master and have several bind slaves. The slaves
can successfully do an AXFR. They'll also recieve a NOTIFY if I run
"pdns_control <zone>". However, when I update the SOA of a zone, no
notify is generated and the following message is logged -

Mar  2 17:04:34 XXXXXX pdns[24518]: Exception: Parsing record
content: while parsing IP address, expected digits at position 0 in
'nameserver1.hosted.lucidnetworks.co.uk dns-admin.lucidnetworks.co.uk
2013030201 86400 3600 3600000 3600'
Mar  2 17:04:34 XXXXXX pdns[24518]: TCP Connection Thread died
because of STL error: Parsing record content: while parsing IP
address, expected digits at position 0 in
'nameserver1.hosted.lucidnetworks.co.uk dns-admin.lucidnetworks.co.uk
2013030201 86400 3600 3600000 3600'

Config as follows -

allow-axfr-ips=xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
disable-axfr=no
master=yes

I'm running packages from debian stable, 2.9.22-8+squeeze1 to be
precise.

I can't see any relevant Debian bugs filed. Can anyone point me in the
right direction for resolving this?

Thanks,

Barney.


From aleksey.chudov at gmail.com  Sat Mar  2 17:32:28 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Sat, 02 Mar 2013 19:32:28 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130302142809.GA12483@pi.ip.fi>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
	<20130302142809.GA12483@pi.ip.fi>
Message-ID: <513237AC.5070705@gmail.com>

On 02.03.2013 16:28, Aki Tuomi wrote:
> Did the crash give any usable stack trace or core file which you could
> inspect with gdb?

I'm not sure exactly where I can find the core file. There is no any new 
files in the current, root and /usr/local/pdns directories.

There is no additional information in the server log files other than 
what I have already sent in my first letter.


Mar  2 18:06:14 srv1 pdns[17019]: Got a signal 11, attempting to print 
trace:
Mar  2 18:06:14 srv1 pdns[17019]: Got a signal 6, attempting to print 
trace:
Mar  2 18:06:14 srv1 pdns[17019]: Got a signal 11, attempting to print 
trace:
Mar  2 18:06:14 srv1 pdns[17019]: Got a signal 6, attempting to print 
trace:
Mar  2 18:06:14 srv1 pdns[17019]: [0x478350]
Mar  2 18:06:14 srv1 pdns[17019]: [0x61c710]
Mar  2 18:06:14 srv1 pdns[17019]: [0x409d64]
Mar  2 18:06:14 srv1 pdns[17019]: [0x45b072]
Mar  2 18:06:14 srv1 pdns[17019]: [0x483e21]
Mar  2 18:06:14 srv1 pdns[17019]: [0x42fa39]
Mar  2 18:06:14 srv1 pdns[17019]: [0x43a278]
Mar  2 18:06:14 srv1 pdns[17019]: [0x43bfd5]
Mar  2 18:06:14 srv1 pdns[17019]: [0x4bf594]
Mar  2 18:06:14 srv1 pdns[17019]: [0x478350]
Mar  2 18:06:14 srv1 pdns[17019]: [0x61c710]
Mar  2 18:06:14 srv1 pdns[17019]: [0x68e335]
Mar  2 18:06:14 srv1 pdns[17019]: [0x624810]
Mar  2 18:06:14 srv1 pdns[17019]: [0x61f7e5]
Mar  2 18:06:14 srv1 pdns[17019]: [0x40a467]
Mar  2 18:06:14 srv1 pdns[17019]: [0x4809f1]
Mar  2 18:06:14 srv1 pdns[17019]: [0x482d11]
Mar  2 18:06:14 srv1 pdns[17019]: [0x43a535]
Mar  2 18:06:14 srv1 pdns[17019]: [0x43bfd5]
Mar  2 18:06:14 srv1 pdns[17019]: [0x4bf594]
Mar  2 18:06:14 srv1 pdns[17019]: [0x61700a]
Mar  2 18:06:14 srv1 pdns[17019]: [0x66fa69]
Mar  2 18:06:15 srv1 pdns[17017]: Our pdns instance (17019) exited after 
signal 6
Mar  2 18:06:15 srv1 pdns[17017]: Respawning


Have you tried to reproduce the problem using the commands that I sent 
in the previous letter?

Aleksey



From cmouse at youzen.ext.b2.fi  Sat Mar  2 17:35:32 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 19:35:32 +0200
Subject: [Pdns-users] pdns master fails to send notify due to error
 parsing SOA record
In-Reply-To: <20130302171017.GB8314@lucidnetworks.co.uk>
References: <20130302171017.GB8314@lucidnetworks.co.uk>
Message-ID: <20130302173532.GB13880@pi.ip.fi>

On Sat, Mar 02, 2013 at 05:10:18PM +0000, Barney Sowood wrote:
> Hi,
> 
> I'm running pdns with the generic postgresql backend. I converted
> zones from bind using zone2sql and I'm successfuly serving data.
> 
> I'm using pdns as a master and have several bind slaves. The slaves
> can successfully do an AXFR. They'll also recieve a NOTIFY if I run
> "pdns_control <zone>". However, when I update the SOA of a zone, no
> notify is generated and the following message is logged -
> 
> Mar  2 17:04:34 XXXXXX pdns[24518]: Exception: Parsing record
> content: while parsing IP address, expected digits at position 0 in
> 'nameserver1.hosted.lucidnetworks.co.uk dns-admin.lucidnetworks.co.uk
> 2013030201 86400 3600 3600000 3600'

Hi!

First of all, upgrade your servers, 2.9.22 is damn old and has bugs. 

Secondly, the error means that you have A record with SOA content. 

Aki Tuomi

> Barney.
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/86319098/attachment-0001.sig>

From cmouse at youzen.ext.b2.fi  Sat Mar  2 17:37:07 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 19:37:07 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <513237AC.5070705@gmail.com>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
	<20130302142809.GA12483@pi.ip.fi> <513237AC.5070705@gmail.com>
Message-ID: <20130302173707.GC13880@pi.ip.fi>

On Sat, Mar 02, 2013 at 07:32:28PM +0200, Aleksey Chudov wrote:
> On 02.03.2013 16:28, Aki Tuomi wrote:
> >Did the crash give any usable stack trace or core file which you could
> >inspect with gdb?
> 
> I'm not sure exactly where I can find the core file. There is no any
> new files in the current, root and /usr/local/pdns directories.
> 
> There is no additional information in the server log files other
> than what I have already sent in my first letter.
> 
> Have you tried to reproduce the problem using the commands that I
> sent in the previous letter?
> 
> Aleksey
> 
>

Nope, I'll have to install debian6 virtual machine then. I'll get back to you. 

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/038a720d/attachment-0001.sig>

From aleksey.chudov at gmail.com  Sat Mar  2 18:10:52 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Sat, 02 Mar 2013 20:10:52 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130302173707.GC13880@pi.ip.fi>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
	<20130302142809.GA12483@pi.ip.fi> <513237AC.5070705@gmail.com>
	<20130302173707.GC13880@pi.ip.fi>
Message-ID: <513240AC.1040305@gmail.com>

On 02.03.2013 19:37, Aki Tuomi wrote:
> On Sat, Mar 02, 2013 at 07:32:28PM +0200, Aleksey Chudov wrote:
>> Have you tried to reproduce the problem using the commands that I
>> sent in the previous letter?
> Nope, I'll have to install debian6 virtual machine then. I'll get back to you.

I tried to build PowerDNS dynamically rather than statically using the 
following command

CFLAGS="-g -O3" CXXFLAGS="-g -O3" ./configure --prefix=/usr/local/pdns 
--enable-pdns_server --disable-recursor --with-modules="pipe remote" 
--with-dynmodules=""

Actually I need a static binary because I plan to use it on my old 
server where I can't build PowerDNS directly because a lot of 
dependencies. But it does not matter for the test.

In this case PowerDNS process has crashed but there were more 
informative log messages.

Mar  2 21:59:54 srv1 pdns[18686]: Got a signal 6, attempting to print 
trace:
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance() [0x4c9490]
Mar  2 21:59:54 srv1 pdns[18686]: /lib/libc.so.6(+0x32230) [0x7ffd2efb7230]
Mar  2 21:59:54 srv1 pdns[18686]: /lib/libc.so.6(gsignal+0x35) 
[0x7ffd2efb71b5]
Mar  2 21:59:54 srv1 pdns[18686]: /lib/libc.so.6(abort+0x180) 
[0x7ffd2efb9fc0]
Mar  2 21:59:54 srv1 pdns[18686]: /lib/libc.so.6(__assert_fail+0xf1) 
[0x7ffd2efb0301]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN13RemoteBackend3getER17DNSResourceRecord+0x757) 
[0x45b5a7]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN10DNSBackend6getSOAERKSsR7SOADataP9DNSPacket+0xe2) 
[0x4ac1b2]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN12UeberBackend6getSOAERKSsR7SOADataP9DNSPacket+0xb1) 
[0x4d4f61]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN13PacketHandler7getAuthEP9DNSPacketP7SOADataRKSsPi+0x49) 
[0x480b79]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN13PacketHandler17questionOrRecurseEP9DNSPacketPb+0xb98) 
[0x48b3b8]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN13PacketHandler8questionEP9DNSPacket+0x65) 
[0x48d115]
Mar  2 21:59:54 srv1 pdns[18686]: 
/usr/local/pdns/sbin/pdns_server-instance(_ZN11DistributorI9DNSPacketS0_13PacketHandlerE10makeThreadEPv+0x194) 
[0x5106d4]
Mar  2 21:59:54 srv1 pdns[18686]: /lib/libpthread.so.0(+0x68ca) 
[0x7ffd2f2ed8ca]
Mar  2 21:59:54 srv1 pdns[18686]: /lib/libc.so.6(clone+0x6d) 
[0x7ffd2f054b6d]
Mar  2 21:59:54 srv1 pdns[18622]: Our pdns instance (18686) exited after 
signal 6
Mar  2 21:59:54 srv1 pdns[18622]: Respawning


Aleksey


From cmouse at youzen.ext.b2.fi  Sat Mar  2 18:46:09 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sat, 2 Mar 2013 20:46:09 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <513240AC.1040305@gmail.com>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
	<20130302142809.GA12483@pi.ip.fi> <513237AC.5070705@gmail.com>
	<20130302173707.GC13880@pi.ip.fi> <513240AC.1040305@gmail.com>
Message-ID: <20130302184609.GA14771@pi.ip.fi>

On Sat, Mar 02, 2013 at 08:10:52PM +0200, Aleksey Chudov wrote:
> On 02.03.2013 19:37, Aki Tuomi wrote:
> >On Sat, Mar 02, 2013 at 07:32:28PM +0200, Aleksey Chudov wrote:
> >>Have you tried to reproduce the problem using the commands that I
> >>sent in the previous letter?
> >Nope, I'll have to install debian6 virtual machine then. I'll get back to you.
> 
> I tried to build PowerDNS dynamically rather than statically using
> the following command
> 
> CFLAGS="-g -O3" CXXFLAGS="-g -O3" ./configure
> --prefix=/usr/local/pdns --enable-pdns_server --disable-recursor
> --with-modules="pipe remote" --with-dynmodules=""
> 
> Actually I need a static binary because I plan to use it on my old
> server where I can't build PowerDNS directly because a lot of
> dependencies. But it does not matter for the test.
> 
> In this case PowerDNS process has crashed but there were more
> informative log messages.
> 

This is a bug that has been fixed in svn, by ticket #697. I tried to use the
patch on the ticket but it seems not to go clean into pdns. If you want, you
can just use the remotebackend in svn head. Please download the relevant code
from http://cmouse.desteem.org/remotebackend-rev-3109.tar.bz2, I took this from
powerdns repository for you. I wasn't able to reproduce the bug after this. 

Aki Tuomi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130302/01090dd8/attachment-0001.sig>

From peter.van.dijk at netherlabs.nl  Sat Mar  2 22:16:59 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Sat, 2 Mar 2013 23:16:59 +0100
Subject: [Pdns-users] Reverse DNS
In-Reply-To: <CAAWNVq9iw6y=inPfo-OAkgr4kTx3FifbJWTKqo7eObiWxugoew@mail.gmail.com>
References: <mailman.1.1362135601.15960.pdns-users@mailman.powerdns.com>
	<20130301135247.GA21435@usenet-verwaltung.de>
	<E9136540-2D6A-467A-814E-04834CE380DC@netherlabs.nl>
	<CAAWNVq9iw6y=inPfo-OAkgr4kTx3FifbJWTKqo7eObiWxugoew@mail.gmail.com>
Message-ID: <7259F6BA-244F-48BD-8098-08C23D7EECBE@netherlabs.nl>

Hello Peter,

On Mar 1, 2013, at 16:02 , Peter Gervai wrote:

> On Fri, Mar 1, 2013 at 3:50 PM, Peter van Dijk
> <peter.van.dijk at netherlabs.nl> wrote:
>> This 'common practice' is broken, ugly and unnecessary.
> 
> What are the alternatives?


Delegating at the /32 boundary.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From aleksey.chudov at gmail.com  Sun Mar  3 10:51:02 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Sun, 03 Mar 2013 12:51:02 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130302184609.GA14771@pi.ip.fi>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
	<20130302142809.GA12483@pi.ip.fi> <513237AC.5070705@gmail.com>
	<20130302173707.GC13880@pi.ip.fi> <513240AC.1040305@gmail.com>
	<20130302184609.GA14771@pi.ip.fi>
Message-ID: <51332B16.3030906@gmail.com>

On 02.03.2013 20:46, Aki Tuomi wrote:
> This is a bug that has been fixed in svn, by ticket #697. I tried to use the
> patch on the ticket but it seems not to go clean into pdns. If you want, you
> can just use the remotebackend in svn head. Please download the relevant code
> from http://cmouse.desteem.org/remotebackend-rev-3109.tar.bz2, I took this from
> powerdns repository for you. I wasn't able to reproduce the bug after this.

I built PowerDNS with fixed remote backend using the same commands as 
earlier.

This time the test is successful without program crash. But after a 
short time the process has used all available memory and swap.

Mem:   4063148k total,  4032560k used,    30588k free,      392k buffers
Swap:  1914872k total,  1437628k used,   477244k free,    10552k cached

   PID USER      PR  NI  VIRT  SHR SWAP  RES S %CPU %MEM    TIME+  COMMAND
  9811 pdns      20   0 5462m 1204 1.6g 3.7g S  201 96.0  18:10.02 
pdns_server

It is seems like a memory leak.

Aleksey



From cmouse at youzen.ext.b2.fi  Sun Mar  3 12:33:45 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sun, 3 Mar 2013 14:33:45 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <51332B16.3030906@gmail.com>
References: <513129CD.4060003@gmail.com> <20130302100514.GA9458@pi.ip.fi>
	<20130302111852.GA10522@pi.ip.fi> <51320938.5010906@gmail.com>
	<20130302142809.GA12483@pi.ip.fi> <513237AC.5070705@gmail.com>
	<20130302173707.GC13880@pi.ip.fi> <513240AC.1040305@gmail.com>
	<20130302184609.GA14771@pi.ip.fi> <51332B16.3030906@gmail.com>
Message-ID: <20130303123345.GA20601@pi.ip.fi>

On Sun, Mar 03, 2013 at 12:51:02PM +0200, Aleksey Chudov wrote:
> On 02.03.2013 20:46, Aki Tuomi wrote:
> >This is a bug that has been fixed in svn, by ticket #697. I tried to use the
> >patch on the ticket but it seems not to go clean into pdns. If you want, you
> >can just use the remotebackend in svn head. Please download the relevant code
> >from http://cmouse.desteem.org/remotebackend-rev-3109.tar.bz2, I took this from
> >powerdns repository for you. I wasn't able to reproduce the bug after this.
> 
> I built PowerDNS with fixed remote backend using the same commands
> as earlier.
> 
> This time the test is successful without program crash. But after a
> short time the process has used all available memory and swap.
> 
> Mem:   4063148k total,  4032560k used,    30588k free,      392k buffers
> Swap:  1914872k total,  1437628k used,   477244k free,    10552k cached
> 
>   PID USER      PR  NI  VIRT  SHR SWAP  RES S %CPU %MEM    TIME+  COMMAND
>  9811 pdns      20   0 5462m 1204 1.6g 3.7g S  201 96.0  18:10.02
> pdns_server
> 
> It is seems like a memory leak.
> 
> Aleksey
> 
>

I'll run it against valgrind and see what I can find. Thanks. 

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130303/c52d7c64/attachment-0001.sig>

From cmouse at youzen.ext.b2.fi  Sun Mar  3 17:05:12 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Sun, 3 Mar 2013 19:05:12 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130303123345.GA20601@pi.ip.fi>
References: <20130302100514.GA9458@pi.ip.fi> <20130302111852.GA10522@pi.ip.fi>
	<51320938.5010906@gmail.com> <20130302142809.GA12483@pi.ip.fi>
	<513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
Message-ID: <20130303170512.GA22165@pi.ip.fi>

Ok. I found out the memory leak, it was due to way rapidjson behaves. I have
tested this patch extensively myself and was able to fix the memory leak
and did not observe crashes either. Can you, however, please try this out. 
If it works, I'll submit this patch to pdns. If you have opened a ticket, can
you please tell me the number?  

patch at http://cmouse.desteem.org/20130303_remotebackend_fix_memleak.patch

please apply it to the svn revision of remotebackend.

Regars,
Aki Tuomi

On Sun, Mar 03, 2013 at 02:33:45PM +0200, Aki Tuomi wrote:
> On Sun, Mar 03, 2013 at 12:51:02PM +0200, Aleksey Chudov wrote:
> > On 02.03.2013 20:46, Aki Tuomi wrote:
> > >This is a bug that has been fixed in svn, by ticket #697. I tried to use the
> > >patch on the ticket but it seems not to go clean into pdns. If you want, you
> > >can just use the remotebackend in svn head. Please download the relevant code
> > >from http://cmouse.desteem.org/remotebackend-rev-3109.tar.bz2, I took this from
> > >powerdns repository for you. I wasn't able to reproduce the bug after this.
> > 
> > I built PowerDNS with fixed remote backend using the same commands
> > as earlier.
> > 
> > This time the test is successful without program crash. But after a
> > short time the process has used all available memory and swap.
> > 
> > Mem:   4063148k total,  4032560k used,    30588k free,      392k buffers
> > Swap:  1914872k total,  1437628k used,   477244k free,    10552k cached
> > 
> >   PID USER      PR  NI  VIRT  SHR SWAP  RES S %CPU %MEM    TIME+  COMMAND
> >  9811 pdns      20   0 5462m 1204 1.6g 3.7g S  201 96.0  18:10.02
> > pdns_server
> > 
> > It is seems like a memory leak.
> > 
> > Aleksey
> > 
> >
> 
> I'll run it against valgrind and see what I can find. Thanks. 
> 
> Aki



> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130303/fd026012/attachment-0001.sig>

From aleksey.chudov at gmail.com  Mon Mar  4 09:24:45 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Mon, 04 Mar 2013 11:24:45 +0200
Subject: [Pdns-users] Pdns Remote backend crash
In-Reply-To: <20130303170512.GA22165@pi.ip.fi>
References: <20130302100514.GA9458@pi.ip.fi> <20130302111852.GA10522@pi.ip.fi>
	<51320938.5010906@gmail.com> <20130302142809.GA12483@pi.ip.fi>
	<513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi>
Message-ID: <5134685D.5030705@gmail.com>

On 03.03.2013 19:05, Aki Tuomi wrote:
> Ok. I found out the memory leak, it was due to way rapidjson behaves. I havethat's the ticket
> tested this patch extensively myself and was able to fix the memory leak
> and did not observe crashes either. Can you, however, please try this out.
> If it works, I'll submit this patch to pdns. If you have opened a ticket, can
> you please tell me the number?
>
> patch at http://cmouse.desteem.org/20130303_remotebackend_fix_memleak.patch
>
> please apply it to the svn revision of remotebackend.

Hi,

I tested PowerDNS with your patch and it seems that the problem is 
fixed. Thank you.

And here is the ticket http://wiki.powerdns.com/trac/ticket/712

Aleksey


From drabantus at gmail.com  Wed Mar  6 12:48:01 2013
From: drabantus at gmail.com (Fredrik Dahlberg)
Date: Wed, 6 Mar 2013 13:48:01 +0100
Subject: [Pdns-users] Problem with how PowerDNS answers when not
	authoritative.
Message-ID: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>

Hello,

I have a situation where PowerDNS Authoritative server answers queries
differently from how BIND does it, when it is not authoritative for a zone.

PowerDNS (3.2):
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59699
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

BIND (9.7.3):
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 16419
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

The problem is that resolvers seem to treat this as a final answer, and
won't proceed to the next server.

Microsoft DNS (6.1):
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42689
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

BIND (9.8.4):
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57604
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

This creates a lot of problems where for example zone transfers fail, and
for example customer mail bounces because the sending mail server believes
there is no MX record.

Any clues on how to solve this?

Thanks,
//Fredrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130306/384f1f38/attachment-0001.html>

From bert.hubert at netherlabs.nl  Wed Mar  6 13:00:50 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Wed, 6 Mar 2013 14:00:50 +0100
Subject: [Pdns-users] Problem with how PowerDNS answers when not
 authoritative.
In-Reply-To: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>
References: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>
Message-ID: <20130306130050.GA9691@xs.powerdns.com>

On Wed, Mar 06, 2013 at 01:48:01PM +0100, Fredrik Dahlberg wrote:
> Hello,
> 
> I have a situation where PowerDNS Authoritative server answers queries
> differently from how BIND does it, when it is not authoritative for a zone.
> 
> PowerDNS (3.2):
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59699
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available

This is weird, and unlikely to be the whole story. PowerDNS will supply
different answers based on the 'send-root-referral' setting. This may help you, 

send-root-referral | --send-root-referral=yes | --send-root-referral=no |
--send-root-referral=lean
If set, PowerDNS will send out old-fashioned root-referrals when queried for
domains for which it is not authoritative. Wastes some bandwidth but may
solve incoming query floods if domains are delegated to you for which you
are not authoritative, but which are queried by broken recursors. Available
since version 2.9.19.

Since version 2.9.21, it is possible to specify 'lean' root referrals, which
waste less bandwidth.


> The problem is that resolvers seem to treat this as a final answer, and
> won't proceed to the next server.

You might want to double check if you don't have a '.' or '' zone in your
database which might be confusing PowerDNS.

	Bert



From aleksey.chudov at gmail.com  Wed Mar  6 14:01:47 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Wed, 06 Mar 2013 16:01:47 +0200
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <20130303170512.GA22165@pi.ip.fi>
References: <20130302100514.GA9458@pi.ip.fi> <20130302111852.GA10522@pi.ip.fi>
	<51320938.5010906@gmail.com> <20130302142809.GA12483@pi.ip.fi>
	<513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi>
Message-ID: <51374C4B.8000402@gmail.com>

Hello,

I have a custom written Java application which I would like to use as a 
PowerDNS backend. After examining documentation I have come to the 
conclusion that Pipe and Remote backends suitable for my needs.

Because of the java application architecture is difficult to use it 
through the pipe. So, to compare the performance of different backends, 
I asked our programmers to implement in our java application support for 
Pipe protocol over unix socket and Remote protocol over unix socket and 
Remote over http.

Unfortunately In the current implementation PowerDNS Pipe can not pass 
parameters to the application. So I had to change coprocess.cc code to 
connect from PowerDNS Pipe and Remote Pipe to the unix socket using 
socat binary.

--- pdns-3.2.orig/modules/pipebackend/coprocess.cc    2013-01-17 
13:16:53.000000000 +0400
+++ pdns-3.2/modules/pipebackend/coprocess.cc    2013-03-02 
15:12:04.415022452 +0400
@@ -9,12 +9,20 @@
  #include <sys/wait.h>
  #include <pdns/misc.hh>
  #include <pdns/ahuexception.hh>
+#include <boost/algorithm/string.hpp>
+#include <vector>

  CoProcess::CoProcess(const string &command,int timeout, int infd, int 
outfd)
  {
-  const char *argv[2];
-  argv[0]=strdup(command.c_str());
-  argv[1]=0;
+  vector <string> v;
+
+  split(v, command, is_any_of(" "));
+
+  const char *argv[v.size()+1];
+
+  for (size_t n = 0; n < v.size(); n++)
+    argv[n]=strdup(v[n].c_str());
+  argv[v.size()]=0;

    launch(argv,timeout,infd,outfd);
  }


After making these changes it is possible to set one of the following 
parameter in the configuration file to test different backends

# For remote backend
remote-connection-string=http:url=http://127.0.0.1:8090/dnsapi
remote-connection-string=unix:path=/var/run/pdns/remote.sock
remote-connection-string=pipe:command=/usr/bin/socat stdio 
unix-connect:/var/run/pdns/remote.sock

# For pipe backend
pipe-command=/usr/bin/socat stdio unix-connect:/var/run/pdns/pipe.sock


All tests were conducted on a dedicated physical server with the 
following configuration
ETegro Hyperion RS130 G3 / 2x Intel E5620 @ 2.40GHz / 16GB RAM / 
PowerDNS + Pipe or Remote backend

PowerDNS running with the following configuration
cache-ttl=0
distributor-threads=1/7 (maximum performance achieved with 
distributor-threads = 7)
launch=remote/pipe
query-cache-ttl=0

16 dedicated physical servers are used as DNS clients. Each server 
running two instances of dnsperf with the following parameters
dnsperf -d dnsperf1.txt -s 1.1.1.1
dnsperf -d dnsperf2.txt -s 1.1.1.1

Content of dnsperf1.txt
test1.example.com. A

Content of dnsperf2.txt
test2.example.com. A

Results
|PowerDNS Backend|Threads|Transaction rate|
|PowerDNS 3.2 + Remote HTTP|1|1700|
|PowerDNS 3.2 + Remote HTTP|7|8973|
|PowerDNS 3.2 + Remote Socket|1|7043|
|PowerDNS 3.2 + Remote Socket|7|28205|
|PowerDNS 3.2 + Remote Pipe + Socat|1|4215|
|PowerDNS 3.2 + Remote Pipe + Socat|7|15898|
|PowerDNS 3.2 + Pipe + Socat|1|4786|
|PowerDNS 3.2 + Pipe + Socat|7|25926|

As seen the fastest backend is Remote over unix socket.

If compare Pipe + Socat and Remote Pipe + Socat the second is much 
slower. It can be concluded that the Pipe protocol is the fastest. This 
is logical because Pipe protocol is simpler than Remote protocol.

In connection with the above, I have a few questions.

Can someone of PowerDNS developers implement support for passing 
parameters to pipe:command and pipe-command? (example above)
Can someone of PowerDNS developers implement support for pipe protocol 
over unix socket? (as already implemented for remote protocol)

Regards,
Aleksey


From cmouse at youzen.ext.b2.fi  Wed Mar  6 14:22:18 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 6 Mar 2013 16:22:18 +0200
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <51374C4B.8000402@gmail.com>
References: <51320938.5010906@gmail.com> <20130302142809.GA12483@pi.ip.fi>
	<513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
Message-ID: <20130306142218.GA11129@pi.ip.fi>

> --- pdns-3.2.orig/modules/pipebackend/coprocess.cc    2013-01-17
> 13:16:53.000000000 +0400
> +++ pdns-3.2/modules/pipebackend/coprocess.cc    2013-03-02
> 15:12:04.415022452 +0400
> @@ -9,12 +9,20 @@
>  #include <sys/wait.h>
>  #include <pdns/misc.hh>
>  #include <pdns/ahuexception.hh>
> +#include <boost/algorithm/string.hpp>
> +#include <vector>
> 
>  CoProcess::CoProcess(const string &command,int timeout, int infd,
> int outfd)
>  {
> -  const char *argv[2];
> -  argv[0]=strdup(command.c_str());
> -  argv[1]=0;
> +  vector <string> v;
> +
> +  split(v, command, is_any_of(" "));
> +
> +  const char *argv[v.size()+1];
> +
> +  for (size_t n = 0; n < v.size(); n++)
> +    argv[n]=strdup(v[n].c_str());
> +  argv[v.size()]=0;
> 
>    launch(argv,timeout,infd,outfd);
>  }
> 

Could you please open a ticket about the patch above so we could get it
included in to powerdns, it looks really useful to me. +1

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130306/f9232f4d/attachment-0001.sig>

From aleksey.chudov at gmail.com  Wed Mar  6 15:42:54 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Wed, 06 Mar 2013 17:42:54 +0200
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <20130306142218.GA11129@pi.ip.fi>
References: <51320938.5010906@gmail.com> <20130302142809.GA12483@pi.ip.fi>
	<513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi>
Message-ID: <513763FE.8070405@gmail.com>

On 06.03.2013 16:22, Aki Tuomi wrote:
> Could you please open a ticket about the patch above so we could get 
> it included in to powerdns, it looks really useful to me. +1 Aki

Ticket opened http://wiki.powerdns.com/trac/ticket/714


And what do you think about the implementation of Pipe protocol over 
unix socket?

Aleksey


From bert.hubert at netherlabs.nl  Wed Mar  6 15:45:59 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Wed, 6 Mar 2013 16:45:59 +0100
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <513763FE.8070405@gmail.com>
References: <513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi> <513763FE.8070405@gmail.com>
Message-ID: <20130306154558.GB16745@xs.powerdns.com>

On Wed, Mar 06, 2013 at 05:42:54PM +0200, Aleksey Chudov wrote:
> On 06.03.2013 16:22, Aki Tuomi wrote:
> >Could you please open a ticket about the patch above so we could
> >get it included in to powerdns, it looks really useful to me. +1
> >Aki
> 
> Ticket opened http://wiki.powerdns.com/trac/ticket/714
> 
> 
> And what do you think about the implementation of Pipe protocol over
> unix socket?


Hi Aleksey,

We're looking into it right now, it seems a worthwhile idea that should not
be too hard to implement.

One thing I wonder about - why is it hard to do pipe to your java platform?
Is it hard to launch the JRE from PowerDNS?

Thank you for opening the ticket, it is the best way to get us to merge
things ;-)

	Bert

-- 
PowerDNS Website: http://www.powerdns.com/
PowerDNS Community Website: http://wiki.powerdns.com/
PowerDNS is supported and developed by Netherlabs: http://www.netherlabs.nl


From aleksey.chudov at gmail.com  Wed Mar  6 16:05:39 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Wed, 06 Mar 2013 18:05:39 +0200
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <20130306154558.GB16745@xs.powerdns.com>
References: <513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi> <513763FE.8070405@gmail.com>
	<20130306154558.GB16745@xs.powerdns.com>
Message-ID: <51376953.5040907@gmail.com>

On 06.03.2013 17:45, bert hubert wrote:
> On Wed, Mar 06, 2013 at 05:42:54PM +0200, Aleksey Chudov wrote:
>> And what do you think about the implementation of Pipe protocol over
>> unix socket?
> We're looking into it right now, it seems a worthwhile idea that should not
> be too hard to implement.
>
> One thing I wonder about - why is it hard to do pipe to your java platform?
> Is it hard to launch the JRE from PowerDNS?

I discussed it with our developers.

There is several problems if launch JVM directly from PowerDNS
1. multiple independent JVM processes consume much more memory
2. our application checks the status of the remote servers. So, when run 
multiple instances the number of tests increases respectively and/or we 
need to synchronize instances with each other. This complicates the program
3. currently we use the JVM stdout for logging. it is convenient and 
work for all our applications

I could probably think of some more examples of why we would like to use 
a single JVM application per server and unix socket for communication 
with PowerDNS :)

Aleksey


From drabantus at gmail.com  Wed Mar  6 16:33:04 2013
From: drabantus at gmail.com (Fredrik Dahlberg)
Date: Wed, 6 Mar 2013 17:33:04 +0100
Subject: [Pdns-users] Problem with how PowerDNS answers when not
	authoritative.
In-Reply-To: <20130306130050.GA9691@xs.powerdns.com>
References: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>
	<20130306130050.GA9691@xs.powerdns.com>
Message-ID: <CALyJE0a9DWdW4n_SHAAA8bFQ91H4N_rn8gUihoytUhbwc93HCw@mail.gmail.com>

On Wed, Mar 6, 2013 at 2:00 PM, bert hubert <bert.hubert at netherlabs.nl>wrote:

> send-root-referral | --send-root-referral=yes | --send-root-referral=no |
> --send-root-referral=lean
>

Thanks, this appears to have solved my problem.

>
>
> > The problem is that resolvers seem to treat this as a final answer, and
> > won't proceed to the next server.
>
> You might want to double check if you don't have a '.' or '' zone in your
> database which might be confusing PowerDNS.
>

Nothing like that in the database. Is PowerDNS supposed to answer with
NOERROR, or with REFUSED like BIND? Even if there may be nothing wrong with
PowerDNS's answer, it seems to me that a lot of common resolvers can't
handle it.

//Fredrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130306/1781bbb9/attachment-0001.html>

From peter.van.dijk at netherlabs.nl  Thu Mar  7 09:02:29 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Thu, 7 Mar 2013 10:02:29 +0100
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <51374C4B.8000402@gmail.com>
References: <20130302100514.GA9458@pi.ip.fi> <20130302111852.GA10522@pi.ip.fi>
	<51320938.5010906@gmail.com> <20130302142809.GA12483@pi.ip.fi>
	<513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
Message-ID: <534C406A-12C0-429B-8564-19D8A5FE63BC@netherlabs.nl>

Hello,

On Mar 6, 2013, at 15:01 , Aleksey Chudov wrote:
> 
> Unfortunately In the current implementation PowerDNS Pipe can not pass parameters to the application. So I had to change coprocess.cc code to connect from PowerDNS Pipe and Remote Pipe to the unix socket using socat binary.


Just as a side note, you could point pipe-command at a shell script that does 'exec yourbackend arg1 arg2 arg3' - but of course we will merge your patch or something like it.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From bert.hubert at netherlabs.nl  Thu Mar  7 10:16:58 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Thu, 7 Mar 2013 11:16:58 +0100
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <51376953.5040907@gmail.com>
References: <513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi> <513763FE.8070405@gmail.com>
	<20130306154558.GB16745@xs.powerdns.com>
	<51376953.5040907@gmail.com>
Message-ID: <20130307101658.GA28448@xs.powerdns.com>

On Wed, Mar 06, 2013 at 06:05:39PM +0200, Aleksey Chudov wrote:
> There is several problems if launch JVM directly from PowerDNS

Indeed, these are all very convincing. In revision 3111 you'll find a
version of PowerDNS that can connect to a UNIX socket if you feed one as the
pipe-command.

It also merges your split argument patch.

Revision 3111 can be compiled as tar.gz, rpm or deb from:
https://autotest.powerdns.com/

Can you test?
	
	Bert

> 1. multiple independent JVM processes consume much more memory
> 2. our application checks the status of the remote servers. So, when
> run multiple instances the number of tests increases respectively
> and/or we need to synchronize instances with each other. This
> complicates the program
> 3. currently we use the JVM stdout for logging. it is convenient and
> work for all our applications
> 
> I could probably think of some more examples of why we would like to
> use a single JVM application per server and unix socket for
> communication with PowerDNS :)
> 
> Aleksey
> 


From caruso at tiscali.com  Thu Mar  7 11:19:21 2013
From: caruso at tiscali.com (Mario Caruso)
Date: Thu, 7 Mar 2013 12:19:21 +0100
Subject: [Pdns-users] dyndns webapp
Message-ID: <20130307121921.7841f2df@uptheirons.ws.tiscali.sys>

Hello,
I'm afraid that this is not 100% in topic, but I'll give it a try and
face the consequences, I'm currently administering a pdns with
mysql backend and I was asked to setup it in order to receive 
dynamic dns updates using dyndns2 protocol (so updates should
came via authenticated http), so first option I though was to write
some php web application to handle this, but I'm wondering if we 
really need to re-invent the wheel, so are you aware of an already
existing application ? (something like 'proutdns' for bind or 'Oh Jasmin
Dynamic DNS' for djbdns).

thank you

Mario
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130307/d4093066/attachment-0001.sig>

From jpmens.dns at gmail.com  Thu Mar  7 11:42:28 2013
From: jpmens.dns at gmail.com (Jan-Piet Mens)
Date: Thu, 7 Mar 2013 12:42:28 +0100
Subject: [Pdns-users] dyndns webapp
In-Reply-To: <20130307121921.7841f2df@uptheirons.ws.tiscali.sys>
References: <20130307121921.7841f2df@uptheirons.ws.tiscali.sys>
Message-ID: <20130307114228.GA43467@jmbp.ww.mens.de>

> mysql backend and I was asked to setup it in order to receive 
> dynamic dns updates using dyndns2 protocol (so updates should
> came via authenticated http)

I'm not aware of anything good, but it's pretty trivial to accomplish,
as you probably know: obtain the (authentic) data and INSERT/UPDATE your
MySQL back-end tables. :)

        -JP


From caruso at tiscali.com  Thu Mar  7 11:49:48 2013
From: caruso at tiscali.com (Mario Caruso)
Date: Thu, 7 Mar 2013 12:49:48 +0100
Subject: [Pdns-users] dyndns webapp
In-Reply-To: <20130307114228.GA43467@jmbp.ww.mens.de>
References: <20130307121921.7841f2df@uptheirons.ws.tiscali.sys>
	<20130307114228.GA43467@jmbp.ww.mens.de>
Message-ID: <20130307124948.110e5ce6@uptheirons.ws.tiscali.sys>

Il Thu, 7 Mar 2013 12:42:28 +0100
Jan-Piet Mens <jpmens.dns at gmail.com> ha scritto:

> > mysql backend and I was asked to setup it in order to receive 
> > dynamic dns updates using dyndns2 protocol (so updates should
> > came via authenticated http)
> 
> I'm not aware of anything good, but it's pretty trivial to accomplish,
> as you probably know: obtain the (authentic) data and INSERT/UPDATE your
> MySQL back-end tables. :)
> 
>         -JP

thanks JP that's exactly what I'm doing (even if I'm not a php expert)
I was just wondering if I'm reinventing the wheel :)

Mario
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130307/5cc03290/attachment-0001.sig>

From peter.van.dijk at netherlabs.nl  Thu Mar  7 14:45:41 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Thu, 7 Mar 2013 15:45:41 +0100
Subject: [Pdns-users] Problem with how PowerDNS answers when not
	authoritative.
In-Reply-To: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>
References: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>
Message-ID: <4E14ED4A-813A-496B-8141-4695AE1E4138@netherlabs.nl>

Hello Fredrik,

On Mar 6, 2013, at 13:48 , Fredrik Dahlberg wrote:

> I have a situation where PowerDNS Authoritative server answers queries differently from how BIND does it, when it is not authoritative for a zone.
> 
> PowerDNS (3.2):
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59699
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available

Note the lack of 'aa' and the lack of SOA records in the AUTHORITY section. Both of these things mean a resolver should not draw any conclusions from this answer.


> Microsoft DNS (6.1):
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42689
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> BIND (9.8.4):
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57604
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

I would love to see the full output for both of these, especially the ADDITIONAL record.

> This creates a lot of problems where for example zone transfers fail, and for example customer mail bounces because the sending mail server believes there is no MX record.
> 
> Any clues on how to solve this?


Either your MSDNS and BIND both have bugs (unlikely) or something weird is happening. The empty NOERROR from PowerDNS is not known to cause these issues.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From aleksey.chudov at gmail.com  Fri Mar  8 00:01:39 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Fri, 08 Mar 2013 02:01:39 +0200
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <20130306154558.GB16745@xs.powerdns.com>
References: <513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi> <513763FE.8070405@gmail.com>
	<20130306154558.GB16745@xs.powerdns.com>
Message-ID: <51392A63.3060609@gmail.com>

On 07.03.2013 11:16, bert hubert wrote:
> Revision 3111 can be compiled as tar.gz, rpm or deb from:
> https://autotest.powerdns.com/
>
> Can you test? 

I repeated all the tests again with a new revision of PowerDNS 
3.2.20130307.3111. All test conditions were the same as described in a 
previous letter 
http://mailman.powerdns.com/pipermail/pdns-users/2013-March/009705.html 
except for the additional Pipe over unix socket test that was launched 
with parameter pipe-command=/var/run/pdns/pipe.sock

Each test was run 3 times for 5 minutes. The table shows the average values.

||PowerDNS 3.2 Backend||Threads||Queries per second||
|Remote HTTP|1|1620|
|Remote HTTP|7|8357|
|Remote Unix Socket|1|7067|
|Remote Unix Socket|7|27150|
|Remote Pipe + Socat|1|3879|
|Remote Pipe + Socat|7|16765|
|Pipe Unix Socket|1|8343|
|Pipe Unix Socket|7|51180|
|Pipe + Socat|1|5009|
|Pipe + Socat|7|25856|

Pipe protocol over unix socket is really fast. Hope that the new 
features will be added in one of the next versions of PowerDNS. Thank 
you guys for a great work!

Aleksey


From bert.hubert at netherlabs.nl  Fri Mar  8 08:17:50 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Fri, 8 Mar 2013 09:17:50 +0100
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <51392A63.3060609@gmail.com>
References: <513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi> <513763FE.8070405@gmail.com>
	<20130306154558.GB16745@xs.powerdns.com>
	<51392A63.3060609@gmail.com>
Message-ID: <20130308081750.GA31832@xs.powerdns.com>

On Fri, Mar 08, 2013 at 02:01:39AM +0200, Aleksey Chudov wrote:
> On 07.03.2013 11:16, bert hubert wrote:
> |Pipe Unix Socket|7|51180|
> |Pipe + Socat|1|5009|
> |Pipe + Socat|7|25856|
> 
> Pipe protocol over unix socket is really fast. Hope that the new
> features will be added in one of the next versions of PowerDNS.
> Thank you guys for a great work!

Thanks for the rapid feedback, it is good to wake up to such positive news
;-) 

This feature will be part of the next release of the PowerDNS Authoritative
Server. If you are in a hurry, the patch can be applied to 3.2 mainline with
no side effects. 

Good luck!

-- 
PowerDNS Website: http://www.powerdns.com/
PowerDNS Community Website: http://wiki.powerdns.com/
PowerDNS is supported and developed by Netherlabs: http://www.netherlabs.nl


From drabantus at gmail.com  Fri Mar  8 14:42:41 2013
From: drabantus at gmail.com (Fredrik Dahlberg)
Date: Fri, 8 Mar 2013 15:42:41 +0100
Subject: [Pdns-users] Problem with how PowerDNS answers when not
	authoritative.
In-Reply-To: <4E14ED4A-813A-496B-8141-4695AE1E4138@netherlabs.nl>
References: <CALyJE0acoBk0KgcoP_WQaJ2cHnavjW3W5CEmVe-1r-O-Bz3wYQ@mail.gmail.com>
	<4E14ED4A-813A-496B-8141-4695AE1E4138@netherlabs.nl>
Message-ID: <CALyJE0Z7eWEkUBMSDZJMz5HFJ8i0eay+=Nzngu-4Z1j9zeb3+A@mail.gmail.com>

On Thu, Mar 7, 2013 at 3:45 PM, Peter van Dijk <peter.van.dijk at netherlabs.nl
> wrote:

> > Microsoft DNS (6.1):
> > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42689
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> >
> > BIND (9.8.4):
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57604
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> I would love to see the full output for both of these, especially the
> ADDITIONAL record.
>

I cut it down so as not to expose the customer. I believe the ADDITIONAL
was EDNS0, but I can't reproduce these answers now that we have made the
change in configuration. I'm going set up some test servers, both with the
exact version we used (
http://www.monshouwer.eu/download/3rd_party/pdns-server/el6/x86_64/) and
some other versions, and see if I can reproduce it.

Either your MSDNS and BIND both have bugs (unlikely) or something weird is
> happening. The empty NOERROR from PowerDNS is not known to cause these
> issues.
>  <http://mailman.powerdns.com/mailman/listinfo/pdns-users>


I guess I could delegate a test zone to someone else's PowerDNS server and
try this out for myself. Weird if it has been tested and didn't cause any
problems.

//Fredrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130308/ca1c0c13/attachment-0001.html>

From pnunn at infoteq.com.au  Sat Mar  9 04:20:55 2013
From: pnunn at infoteq.com.au (Peter Nunn)
Date: Sat, 09 Mar 2013 15:20:55 +1100
Subject: [Pdns-users] Screwy pdns configuration.
Message-ID: <1508595.jbP86VWjOG@pnunn-latitude-e6510>

Hi Guys,

I'm pretty new to this DNS stuff, but I have had a pdns server running from my local domain for some time (using it to resolve internal address to hosts when I'm inside the network that resolve to external address when I'm outside).

This has been working for a while (I think) with no issues until yesterday when I discovered that the network was working at a snails pace (or so it seemed).

Turns out that its pdns causing the issues (if I remove it from my resolv.conf the problem goes away).

I've set it up to recurse to my isp's dns server and a dig to google.com indicates that this is working (and returns the result VERY quickly), however, when I try and ping google.com I get one ping about every 4-5 seconds with the pdns server in the loop, and about 2 a second without it.

Its odd that with the pdns server being used, the ping's only return an ip too, not the host name as they do when I'm not using pdns.

Any ideas what's going on here and how to trouble shoot it? I've restarted pdns a couple of times, to no avail.

I'm running version 3.1 on Ubuntu.

Thanks heaps

Peter Nunn

-- 
Director
InfoTeq Pty Ltd
0412 174 230
03 9017 2707
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130309/2f5d3050/attachment-0001.html>

From admin at sysadmins.el.kg  Mon Mar 11 04:24:27 2013
From: admin at sysadmins.el.kg (admin at sysadmins.el.kg)
Date: Mon, 11 Mar 2013 10:24:27 +0600 (KGT)
Subject: [Pdns-users] dyndns webapp
In-Reply-To: <20130307121921.7841f2df@uptheirons.ws.tiscali.sys>
References: <20130307121921.7841f2df@uptheirons.ws.tiscali.sys>
Message-ID: <51310.158.181.196.111.1362975867.squirrel@176.126.165.28>

Hi! I have installed powerdns+poweradmin with PostgreSQL storage and it
works as DynamicDNS service for my domain (dyn.su). On server side I have
modified script from Poweradmin (dynamic_update.php), clients uses
inadyn-mt to send requests to server. I just changed the php-script to
work with PostgreSQL database and made it API like dynDNS's API. It works
fine.
> Hello,
> I'm afraid that this is not 100% in topic, but I'll give it a try and
> face the consequences, I'm currently administering a pdns with
> mysql backend and I was asked to setup it in order to receive
> dynamic dns updates using dyndns2 protocol (so updates should
> came via authenticated http), so first option I though was to write
> some php web application to handle this, but I'm wondering if we
> really need to re-invent the wheel, so are you aware of an already
> existing application ? (something like 'proutdns' for bind or 'Oh Jasmin
> Dynamic DNS' for djbdns).
>
> thank you
>
> Mario
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>




From peter.van.dijk at netherlabs.nl  Mon Mar 11 07:58:51 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Mon, 11 Mar 2013 08:58:51 +0100
Subject: [Pdns-users] Screwy pdns configuration.
In-Reply-To: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
References: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
Message-ID: <1E3FA13C-5445-4427-AA26-AC42CEF80C05@netherlabs.nl>

Hello Peter,

On Mar 9, 2013, at 5:20 , Peter Nunn wrote:

> This has been working for a while (I think) with no issues until yesterday when I discovered that the network was working at a snails pace (or so it seemed).
>  
> Turns out that its pdns causing the issues (if I remove it from my resolv.conf the problem goes away).
>  
> I've set it up to recurse to my isp's dns server and a dig to google.com indicates that this is working (and returns the result VERY quickly), however, when I try and ping google.com I get one ping about every 4-5 seconds with the pdns server in the loop, and about 2 a second without it.

Can you show the full output of ping for both, and your resolv.conf contents for both runs? Can you also share your full pdns.conf and your configured zones?

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From pnunn at infoteq.com.au  Mon Mar 11 09:10:37 2013
From: pnunn at infoteq.com.au (Peter Nunn)
Date: Mon, 11 Mar 2013 20:10:37 +1100
Subject: [Pdns-users] Screwy pdns configuration.
In-Reply-To: <1E3FA13C-5445-4427-AA26-AC42CEF80C05@netherlabs.nl>
References: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
	<1E3FA13C-5445-4427-AA26-AC42CEF80C05@netherlabs.nl>
Message-ID: <1481014.0fC1TAFfPd@pnunn-latitude-e6510>

Hi Peter,

Gladly provide the information, below...


resolv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.0.57
nameserver 192.231.203.132
nameserver 192.231.203.3
search infoteq.com.au

(192.168.0.57 being the internal name server).

Ping with this configuration.

ping google.com
PING google.com (74.125.237.68) 56(84) bytes of data.
64 bytes from 74.125.237.68: icmp_req=1 ttl=55 time=51.1 ms
64 bytes from 74.125.237.68: icmp_req=2 ttl=55 time=62.9 ms
64 bytes from 74.125.237.68: icmp_req=3 ttl=55 time=50.1 ms
64 bytes from 74.125.237.68: icmp_req=4 ttl=55 time=50.7 ms
64 bytes from 74.125.237.68: icmp_req=5 ttl=55 time=50.6 ms
^C64 bytes from 74.125.237.68: icmp_req=6 ttl=55 time=51.2 ms

--- google.com ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 25402ms
rtt min/avg/max/mdev = 50.167/52.820/62.992/4.572 ms

each ping responce takes about 4 seconds.

Without the internal NS

ping google.com
PING google.com (74.125.237.105) 56(84) bytes of data.
64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=1 ttl=55 time=189 ms
64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=2 ttl=55 time=180 ms
64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=3 ttl=55 time=195 ms
64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=4 ttl=55 time=56.4 ms
64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=5 ttl=55 time=78.1 ms
^C
--- google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 56.443/139.940/195.003/59.866 ms


I get about 2 ping returns per second.

pdns.conf

allow-recursion=127.0.0.1, 192.168.0.0/24
config-dir=/etc/powerdns
daemon=yes
disable-axfr=yes
guardian=yes
launch=gmysql
lazy-recursion=yes
local-address=192.168.0.57
local-port=53
loglevel=5
module-dir=/usr/lib/powerdns
recursor=192.231.203.3
setgid=pdns
setuid=pdns
socket-dir=/var/run
version-string=powerdns
launch=gmysql
gmysql-host=localhost
gmysql-port=
gmysql-dbname=powerdns
gmysql-user=pdns
gmysql-password=asdf123
gmysql-dnssec=no
include=/etc/powerdns/pdns.d


zones configured.

infoteq.com.au
intq.com.au
in-addr.arpa

Thanks for the help.

Peter Nunn
-- 
Director
InfoTeq Pty Ltd
0412 174 230
03 9017 2707
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130311/750ddff0/attachment-0001.html>

From bert.hubert at netherlabs.nl  Mon Mar 11 18:44:39 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Mon, 11 Mar 2013 19:44:39 +0100
Subject: [Pdns-users] PowerDNS has a new phone number!
Message-ID: <20130311184439.GA4092@xs.powerdns.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everybody,

Although we usually communicate via email, we also have a phone, and our
phone number changed this week.

The new number is +31-15-7850372. 

This information can also be found on the websites PowerDNS and Netherlabs
below.

Thanks!

- -- 
PowerDNS Website: http://www.powerdns.com/
PowerDNS Community Website: http://wiki.powerdns.com/
PowerDNS is supported and developed by Netherlabs: http://www.netherlabs.nl
Contact us by phone on +31-15-7850372
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAlE+JhcACgkQHF7pkNLnFXUBCQCfSsOAN2Rrvf5pVHzPzkTG4EpF
w90An1ywebhMGSclWdhnVRknhP4NI1Tl
=tWo1
-----END PGP SIGNATURE-----


From aleksey.chudov at gmail.com  Tue Mar 12 11:20:51 2013
From: aleksey.chudov at gmail.com (Aleksey Chudov)
Date: Tue, 12 Mar 2013 13:20:51 +0200
Subject: [Pdns-users] Pdns Remote vs Pipe backend performance
In-Reply-To: <20130306154558.GB16745@xs.powerdns.com>
References: <513237AC.5070705@gmail.com> <20130302173707.GC13880@pi.ip.fi>
	<513240AC.1040305@gmail.com> <20130302184609.GA14771@pi.ip.fi>
	<51332B16.3030906@gmail.com> <20130303123345.GA20601@pi.ip.fi>
	<20130303170512.GA22165@pi.ip.fi> <51374C4B.8000402@gmail.com>
	<20130306142218.GA11129@pi.ip.fi> <513763FE.8070405@gmail.com>
	<20130306154558.GB16745@xs.powerdns.com>
Message-ID: <513F0F93.8000001@gmail.com>

Hello,

During the tests I have encountered the following problem. When 
restarting the backend application it deletes old socket file on stop 
and creates new socket file on start. But PowerDNS Pipe backend is not 
reconnected to the new socket until restart.

Below messages from the PowerDNS logs

Mar 12 13:41:06 srv1 pdns[9463]: Exception building answer packet 
(failed in writen2: Broken pipe) sending out servfail
Mar 12 13:41:11 srv1 pdns[9463]: Exception building answer packet 
(failed in writen2: Broken pipe) sending out servfail
Mar 12 14:05:47 srv1 pdns[9463]: Exception building answer packet 
(failed in writen2: Broken pipe) sending out servfail


Aleksey


From ihrwein at gmail.com  Tue Mar 12 13:01:06 2013
From: ihrwein at gmail.com (Tibor Benke)
Date: Tue, 12 Mar 2013 14:01:06 +0100
Subject: [Pdns-users] CNAME chain
Message-ID: <CA+PZNGVgbdthKUS-C=u5Tcye6BuB7c5H6F-wC1meVzKX8ZDt1A@mail.gmail.com>

Hi!

I want to make a CNAME chain with ~160 elements. I made it, the last record
is a TXT. When I'm doing a DNS query, the server gives me only 11 records
in the response. There aren't repetitions among the elements of the chain.
I use the pdns recursor as an authoritative server with one zone file. It's
version is 3.3-3 on a Debian Wheezy. I also tried the +tcp option with the
dig client but it didn't help.

What do you think, this is a bug or the length of CNAME chains are
restricted in the standards of DNS?

Yours faithfully,
Tibor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130312/3a81c92f/attachment-0001.html>

From peter.van.dijk at netherlabs.nl  Tue Mar 12 13:18:59 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Tue, 12 Mar 2013 14:18:59 +0100
Subject: [Pdns-users] CNAME chain
In-Reply-To: <CA+PZNGVgbdthKUS-C=u5Tcye6BuB7c5H6F-wC1meVzKX8ZDt1A@mail.gmail.com>
References: <CA+PZNGVgbdthKUS-C=u5Tcye6BuB7c5H6F-wC1meVzKX8ZDt1A@mail.gmail.com>
Message-ID: <C30D3887-4D17-4773-8C4E-087DB7311D53@netherlabs.nl>

Hello Tibor,

On Mar 12, 2013, at 14:01 , Tibor Benke wrote:

> Hi!
> 
> I want to make a CNAME chain with ~160 elements. I made it, the last record is a TXT. When I'm doing a DNS query, the server gives me only 11 records in the response. There aren't repetitions among the elements of the chain. I use the pdns recursor as an authoritative server with one zone file. It's version is 3.3-3 on a Debian Wheezy. I also tried the +tcp option with the dig client but it didn't help.
> 
> What do you think, this is a bug or the length of CNAME chains are restricted in the standards of DNS?

PowerDNS limits the lengths of chains and other indirections. The limits do not follow directly from the DNS standards.

Why do you want to do this?

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From ihrwein at gmail.com  Tue Mar 12 13:38:40 2013
From: ihrwein at gmail.com (Tibor Benke)
Date: Tue, 12 Mar 2013 14:38:40 +0100
Subject: [Pdns-users] CNAME chain
In-Reply-To: <C30D3887-4D17-4773-8C4E-087DB7311D53@netherlabs.nl>
References: <CA+PZNGVgbdthKUS-C=u5Tcye6BuB7c5H6F-wC1meVzKX8ZDt1A@mail.gmail.com>
	<C30D3887-4D17-4773-8C4E-087DB7311D53@netherlabs.nl>
Message-ID: <CA+PZNGUKHwdvPPNm9iZDQ4DhA3DmBSh7az9j8tryjmYT5L3zSw@mail.gmail.com>

Hello Peter,

My answer is simple: just for fun :) I would like to do something with the
DNS which is similar to the Star Wars easter-egg traceroute story:

http://boingboing.net/2013/02/09/star-wars-easter-egg-hidden-in.html

So I need a DNS server which is able to resolve long CNAME chains as well.
Can you show me the constant/#define/etc. in the source code with which I
can control this parameter of the software?

Yours sincerely,
Tibor


2013/3/12 Peter van Dijk <peter.van.dijk at netherlabs.nl>

> Hello Tibor,
>
> On Mar 12, 2013, at 14:01 , Tibor Benke wrote:
>
> > Hi!
> >
> > I want to make a CNAME chain with ~160 elements. I made it, the last
> record is a TXT. When I'm doing a DNS query, the server gives me only 11
> records in the response. There aren't repetitions among the elements of the
> chain. I use the pdns recursor as an authoritative server with one zone
> file. It's version is 3.3-3 on a Debian Wheezy. I also tried the +tcp
> option with the dig client but it didn't help.
> >
> > What do you think, this is a bug or the length of CNAME chains are
> restricted in the standards of DNS?
>
> PowerDNS limits the lengths of chains and other indirections. The limits
> do not follow directly from the DNS standards.
>
> Why do you want to do this?
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130312/5f3cdcbe/attachment-0001.html>

From peter.van.dijk at netherlabs.nl  Tue Mar 12 13:41:16 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Tue, 12 Mar 2013 14:41:16 +0100
Subject: [Pdns-users] CNAME chain
In-Reply-To: <CA+PZNGUKHwdvPPNm9iZDQ4DhA3DmBSh7az9j8tryjmYT5L3zSw@mail.gmail.com>
References: <CA+PZNGVgbdthKUS-C=u5Tcye6BuB7c5H6F-wC1meVzKX8ZDt1A@mail.gmail.com>
	<C30D3887-4D17-4773-8C4E-087DB7311D53@netherlabs.nl>
	<CA+PZNGUKHwdvPPNm9iZDQ4DhA3DmBSh7az9j8tryjmYT5L3zSw@mail.gmail.com>
Message-ID: <CBECB991-F019-4C16-A1F9-B7D73B837671@netherlabs.nl>

Hello Tibor,

On Mar 12, 2013, at 14:38 , Tibor Benke wrote:

> My answer is simple: just for fun :) I would like to do something with the DNS which is similar to the Star Wars easter-egg traceroute story:
> 
> http://boingboing.net/2013/02/09/star-wars-easter-egg-hidden-in.html
> 
> So I need a DNS server which is able to resolve long CNAME chains as well. Can you show me the constant/#define/etc. in the source code with which I can control this parameter of the software?

I believe either or both of the 'depth > 10' checks in syncres.cc are what you need to change. I did not test this.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From ihrwein at gmail.com  Tue Mar 12 14:44:09 2013
From: ihrwein at gmail.com (Tibor Benke)
Date: Tue, 12 Mar 2013 15:44:09 +0100
Subject: [Pdns-users] CNAME chain
In-Reply-To: <CBECB991-F019-4C16-A1F9-B7D73B837671@netherlabs.nl>
References: <CA+PZNGVgbdthKUS-C=u5Tcye6BuB7c5H6F-wC1meVzKX8ZDt1A@mail.gmail.com>
	<C30D3887-4D17-4773-8C4E-087DB7311D53@netherlabs.nl>
	<CA+PZNGUKHwdvPPNm9iZDQ4DhA3DmBSh7az9j8tryjmYT5L3zSw@mail.gmail.com>
	<CBECB991-F019-4C16-A1F9-B7D73B837671@netherlabs.nl>
Message-ID: <CA+PZNGW=QWZNW35nWLSTpq2RZ5tY1DX5kSxqYyOC_VMp0BtwiA@mail.gmail.com>

I've changed both of them and the server got a segfault during the query:

Mar 12 15:36:19 dbtest1 kernel: [417697.501449] pdns_recursor[8161]:
segfault at ffffffffffffffef ip 000000000045a280 sp 0000000001c58c20 error
4 in pdns_recursor[400000+ec000]

Maybe I should look for a less secure software :)

Regards,
Tibor


2013/3/12 Peter van Dijk <peter.van.dijk at netherlabs.nl>

> Hello Tibor,
>
> On Mar 12, 2013, at 14:38 , Tibor Benke wrote:
>
> > My answer is simple: just for fun :) I would like to do something with
> the DNS which is similar to the Star Wars easter-egg traceroute story:
> >
> > http://boingboing.net/2013/02/09/star-wars-easter-egg-hidden-in.html
> >
> > So I need a DNS server which is able to resolve long CNAME chains as
> well. Can you show me the constant/#define/etc. in the source code with
> which I can control this parameter of the software?
>
> I believe either or both of the 'depth > 10' checks in syncres.cc are what
> you need to change. I did not test this.
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130312/5e49a9c2/attachment-0001.html>

From Luca at ninefold.com  Wed Mar 13 04:35:21 2013
From: Luca at ninefold.com (Luca Salvatore)
Date: Wed, 13 Mar 2013 15:35:21 +1100
Subject: [Pdns-users] SOA Serial Number format
Message-ID: <D16D8905A64EE64CA9FEA8B367EC1BED0679D469F6@MTVMEXM02.workgroup.macquarie.net.au>

Hi,

Is it possible to change the SOA serial number format to the YYYMMDDnn format?
I can't seem to see a setting in the pdns.conf file... Thanks.

Luca.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130313/22d1018f/attachment-0001.html>

From cyclops at prof-x.net  Wed Mar 13 08:10:37 2013
From: cyclops at prof-x.net (Ruben d'Arco)
Date: Wed, 13 Mar 2013 09:10:37 +0100
Subject: [Pdns-users] SOA Serial Number format
In-Reply-To: <D16D8905A64EE64CA9FEA8B367EC1BED0679D469F6@MTVMEXM02.workgroup.macquarie.net.au>
References: <D16D8905A64EE64CA9FEA8B367EC1BED0679D469F6@MTVMEXM02.workgroup.macquarie.net.au>
Message-ID: <20130313081036.GB32194@prof-x.prof-x.net>

Hi Luca,

Normally, the SOA-serial is what you set in your database. If you've never set it, you might be using the auto-serial feature. It would be helpful if you provide some information about your powerdns setup (config files, etc).

You can also simply change the SOA record in your database to the value you would like.

The soa-edit option could also work very well for you: 
http://jpmens.net/2013/01/18/understanding-powerdns-soa-edit/
http://doc.powerdns.com/domainmetadata.html

Hope it helps,
	Ruben


On Wed, Mar 13, 2013 at 03:35:21PM +1100, Luca Salvatore wrote:
> Hi,
> 
> Is it possible to change the SOA serial number format to the YYYMMDDnn format?
> I can't seem to see a setting in the pdns.conf file... Thanks.
> 
> Luca.
> 

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



From peter.van.dijk at netherlabs.nl  Thu Mar 14 15:04:06 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Thu, 14 Mar 2013 16:04:06 +0100
Subject: [Pdns-users] Screwy pdns configuration.
In-Reply-To: <1481014.0fC1TAFfPd@pnunn-latitude-e6510>
References: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
	<1E3FA13C-5445-4427-AA26-AC42CEF80C05@netherlabs.nl>
	<1481014.0fC1TAFfPd@pnunn-latitude-e6510>
Message-ID: <B2991141-240B-4641-B8D2-B3F393F13492@netherlabs.nl>

Hello Peter,

On Mar 11, 2013, at 10:10 , Peter Nunn wrote:

> (192.168.0.57 being the internal name server).
>  
> Ping with this configuration.
>  
> ping google.com
> PING google.com (74.125.237.68) 56(84) bytes of data.
> 64 bytes from 74.125.237.68: icmp_req=1 ttl=55 time=51.1 ms
> 64 bytes from 74.125.237.68: icmp_req=2 ttl=55 time=62.9 ms
> 64 bytes from 74.125.237.68: icmp_req=3 ttl=55 time=50.1 ms
> 64 bytes from 74.125.237.68: icmp_req=4 ttl=55 time=50.7 ms
> 64 bytes from 74.125.237.68: icmp_req=5 ttl=55 time=50.6 ms
> ^C64 bytes from 74.125.237.68: icmp_req=6 ttl=55 time=51.2 ms
>  
> --- google.com ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 25402ms
> rtt min/avg/max/mdev = 50.167/52.820/62.992/4.572 ms
>  
> each ping responce takes about 4 seconds.
>  
> Without the internal NS
>  
> ping google.com
> PING google.com (74.125.237.105) 56(84) bytes of data.
> 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=1 ttl=55 time=189 ms
> 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=2 ttl=55 time=180 ms
> 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=3 ttl=55 time=195 ms
> 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=4 ttl=55 time=56.4 ms
> 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=5 ttl=55 time=78.1 ms
> ^C
> --- google.com ping statistics ---
> 5 packets transmitted, 5 received, 0% packet loss, time 4001ms
> rtt min/avg/max/mdev = 56.443/139.940/195.003/59.866 ms
>  
>  
> I get about 2 ping returns per second.

Ping should do one return per second. If you get more, your clock is broken!

> infoteq.com.au
> intq.com.au
> in-addr.arpa

This zone (in-addr.arpa) is overriding your reverse lookups. Remove it, or replace it with a more specific version if you really need to.

Note that presence of the zone only explains the lack of names in the ping output, not the delays you are experiencing. My best guess about the delays is that your in-addr.arpa zone is also broken. Try a 'dig ptr -x 74.125.237.68 @192.168.0.57' to see; if it says SERVFAIL, this might explain the delays.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From manishr78 at gmail.com  Thu Mar 14 18:17:05 2013
From: manishr78 at gmail.com (Manish Rane)
Date: Thu, 14 Mar 2013 23:47:05 +0530
Subject: [Pdns-users] Split horizon possible with powerdns
Message-ID: <CA+z6RjEs_ceoXKCKuoa083Hm6AGGFHWx0tOsEP-yHXhTgkWV=w@mail.gmail.com>

Hi there,

I sm wondering if split horizon can be configured with powercns so that
intetnal as well as external users can get a separate ips?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130314/60b6038f/attachment-0001.html>

From jpmens.dns at gmail.com  Thu Mar 14 18:26:36 2013
From: jpmens.dns at gmail.com (Jan-Piet Mens)
Date: Thu, 14 Mar 2013 19:26:36 +0100
Subject: [Pdns-users] Split horizon possible with powerdns
In-Reply-To: <CA+z6RjEs_ceoXKCKuoa083Hm6AGGFHWx0tOsEP-yHXhTgkWV=w@mail.gmail.com>
References: <CA+z6RjEs_ceoXKCKuoa083Hm6AGGFHWx0tOsEP-yHXhTgkWV=w@mail.gmail.com>
Message-ID: <20130314182636.GA86912@jmbp.ww.mens.de>

> I sm wondering if split horizon can be configured with powercns so that
> intetnal as well as external users can get a separate ips?

If you're talking about PowerDNS Authoritative, the answer is 'no'. If
you mean PowerDNS Recursor, the answer is 'maybe': you could use its Lua
feature to fiddle with returning different values on a per/client basis.
(Note: I said 'could'. :)

        -JP


From mark at streamservice.nl  Thu Mar 14 20:12:23 2013
From: mark at streamservice.nl (Mark Scholten)
Date: Thu, 14 Mar 2013 21:12:23 +0100
Subject: [Pdns-users] Split horizon possible with powerdns
In-Reply-To: <20130314182636.GA86912@jmbp.ww.mens.de>
References: <CA+z6RjEs_ceoXKCKuoa083Hm6AGGFHWx0tOsEP-yHXhTgkWV=w@mail.gmail.com>
	<20130314182636.GA86912@jmbp.ww.mens.de>
Message-ID: <0a0501ce20f0$3d7bb380$b8731a80$@streamservice.nl>

> -----Original Message-----
> From: pdns-users-bounces at mailman.powerdns.com [mailto:pdns-users-
> bounces at mailman.powerdns.com] On Behalf Of Jan-Piet Mens
> Sent: 14 March, 2013 19:27
> To: pdns-users at mailman.powerdns.com
> Subject: Re: [Pdns-users] Split horizon possible with powerdns
> 
> > I sm wondering if split horizon can be configured with powercns so
> > that intetnal as well as external users can get a separate ips?
> 
> If you're talking about PowerDNS Authoritative, the answer is 'no'. If you
mean
> PowerDNS Recursor, the answer is 'maybe': you could use its Lua feature to
> fiddle with returning different values on a per/client basis.
> (Note: I said 'could'. :)

Isn't it possible to abuse the geo backend for this?

And PowerDNS auth also has some LUA options if you disable the cache (and
that makes it slow).

Regards, Mark



From pnunn at infoteq.com.au  Thu Mar 14 21:38:10 2013
From: pnunn at infoteq.com.au (Peter Nunn)
Date: Fri, 15 Mar 2013 08:38:10 +1100
Subject: [Pdns-users] Screwy pdns configuration.
In-Reply-To: <B2991141-240B-4641-B8D2-B3F393F13492@netherlabs.nl>
References: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
	<1481014.0fC1TAFfPd@pnunn-latitude-e6510>
	<B2991141-240B-4641-B8D2-B3F393F13492@netherlabs.nl>
Message-ID: <1637739.zzUGbJ63Uf@pnunn-latitude-e6510>

Hi again Peter, again thanks for your help.

The reverse lookup seems to work (atleast with dig) 

dig ptr -x 74.125.237.68 @192.168.0.57

; <<>> DiG 9.8.1-P1 <<>> ptr -x 74.125.237.68 @192.168.0.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47736
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;68.237.125.74.in-addr.arpa.    IN      PTR

;; AUTHORITY SECTION:
in-addr.arpa.           86400   IN      SOA     ns1.infoteq.com.au. hostmaster.infoteq.com.au. 2012123102 28800 7200 604800 86400

;; Query time: 6 msec
;; SERVER: 192.168.0.57#53(192.168.0.57)
;; WHEN: Fri Mar 15 08:18:34 2013
;; MSG SIZE  rcvd: 109


I've removed the zone anyway, and am now getting...

ping google.com.au
PING google.com.au (74.125.237.88) 56(84) bytes of data.
>From UbuntuDev.local (192.168.0.57): icmp_seq=1 Redirect Host(New nexthop: 192.168.0.1)
64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=1 ttl=54 time=48.1 ms
>From UbuntuDev.local (192.168.0.57): icmp_seq=2 Redirect Host(New nexthop: 192.168.0.1)
64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=2 ttl=55 time=48.4 ms
>From UbuntuDev.local (192.168.0.57): icmp_seq=3 Redirect Host(New nexthop: 192.168.0.1)
64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=3 ttl=54 time=48.0 ms
>From UbuntuDev.local (192.168.0.57): icmp_seq=4 Redirect Host(New nexthop: 192.168.0.1)
64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=4 ttl=55 time=48.0 ms
>From UbuntuDev.local (192.168.0.57): icmp_seq=5 Redirect Host(New nexthop: 192.168.0.1)

however, this is still slow.

Peter.

On Thu, 14 Mar 2013 04:04:06 PM Peter van Dijk wrote:
> Hello Peter,
> 
> On Mar 11, 2013, at 10:10 , Peter Nunn wrote:
> 
> > (192.168.0.57 being the internal name server).
> >  
> > Ping with this configuration.
> >  
> > ping google.com
> > PING google.com (74.125.237.68) 56(84) bytes of data.
> > 64 bytes from 74.125.237.68: icmp_req=1 ttl=55 time=51.1 ms
> > 64 bytes from 74.125.237.68: icmp_req=2 ttl=55 time=62.9 ms
> > 64 bytes from 74.125.237.68: icmp_req=3 ttl=55 time=50.1 ms
> > 64 bytes from 74.125.237.68: icmp_req=4 ttl=55 time=50.7 ms
> > 64 bytes from 74.125.237.68: icmp_req=5 ttl=55 time=50.6 ms
> > ^C64 bytes from 74.125.237.68: icmp_req=6 ttl=55 time=51.2 ms
> >  
> > --- google.com ping statistics ---
> > 6 packets transmitted, 6 received, 0% packet loss, time 25402ms
> > rtt min/avg/max/mdev = 50.167/52.820/62.992/4.572 ms
> >  
> > each ping responce takes about 4 seconds.
> >  
> > Without the internal NS
> >  
> > ping google.com
> > PING google.com (74.125.237.105) 56(84) bytes of data.
> > 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=1 ttl=55 time=189 ms
> > 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=2 ttl=55 time=180 ms
> > 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=3 ttl=55 time=195 ms
> > 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=4 ttl=55 time=56.4 ms
> > 64 bytes from syd01s12-in-f9.1e100.net (74.125.237.105): icmp_req=5 ttl=55 time=78.1 ms
> > ^C
> > --- google.com ping statistics ---
> > 5 packets transmitted, 5 received, 0% packet loss, time 4001ms
> > rtt min/avg/max/mdev = 56.443/139.940/195.003/59.866 ms
> >  
> >  
> > I get about 2 ping returns per second.
> 
> Ping should do one return per second. If you get more, your clock is broken!
> 
> > infoteq.com.au
> > intq.com.au
> > in-addr.arpa
> 
> This zone (in-addr.arpa) is overriding your reverse lookups. Remove it, or replace it with a more specific version if you really need to.
> 
> Note that presence of the zone only explains the lack of names in the ping output, not the delays you are experiencing. My best guess about the delays is that your in-addr.arpa zone is also broken. Try a 'dig ptr -x 74.125.237.68 @192.168.0.57' to see; if it says SERVFAIL, this might explain the delays.
> 
> Kind regards,
> 
-- 
Director
InfoTeq Pty Ltd
0412 174 230
03 9017 2707
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130315/ded5a3c0/attachment-0001.html>

From peter.van.dijk at netherlabs.nl  Fri Mar 15 06:52:30 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Fri, 15 Mar 2013 07:52:30 +0100
Subject: [Pdns-users] Screwy pdns configuration.
In-Reply-To: <1637739.zzUGbJ63Uf@pnunn-latitude-e6510>
References: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
	<1481014.0fC1TAFfPd@pnunn-latitude-e6510>
	<B2991141-240B-4641-B8D2-B3F393F13492@netherlabs.nl>
	<1637739.zzUGbJ63Uf@pnunn-latitude-e6510>
Message-ID: <9F78F01A-079B-4327-84C9-C63BF3A01DE8@netherlabs.nl>

Hello Peter,

On Mar 14, 2013, at 22:38 , Peter Nunn wrote:

> The reverse lookup seems to work (atleast with dig) 
>  
> dig ptr -x 74.125.237.68 @192.168.0.57
>  
> ; <<>> DiG 9.8.1-P1 <<>> ptr -x 74.125.237.68 @192.168.0.57
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47736
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>  
> ;; QUESTION SECTION:
> ;68.237.125.74.in-addr.arpa.    IN      PTR
>  
> ;; AUTHORITY SECTION:
> in-addr.arpa.           86400   IN      SOA     ns1.infoteq.com.au. hostmaster.infoteq.com.au. 2012123102 28800 7200 604800 86400
>  
> ;; Query time: 6 msec
> ;; SERVER: 192.168.0.57#53(192.168.0.57)
> ;; WHEN: Fri Mar 15 08:18:34 2013
> ;; MSG SIZE  rcvd: 109

Ok - it is not returning the actual name of that IP on the Internet, but it's fast and not a SERVFAIL. So, it should not cause the issues you are seeing with ping.

> ping google.com.au
> PING google.com.au (74.125.237.88) 56(84) bytes of data.
> From UbuntuDev.local (192.168.0.57): icmp_seq=1 Redirect Host(New nexthop: 192.168.0.1)
> 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=1 ttl=54 time=48.1 ms
> From UbuntuDev.local (192.168.0.57): icmp_seq=2 Redirect Host(New nexthop: 192.168.0.1)
> 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=2 ttl=55 time=48.4 ms
> From UbuntuDev.local (192.168.0.57): icmp_seq=3 Redirect Host(New nexthop: 192.168.0.1)
> 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=3 ttl=54 time=48.0 ms
> From UbuntuDev.local (192.168.0.57): icmp_seq=4 Redirect Host(New nexthop: 192.168.0.1)
> 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=4 ttl=55 time=48.0 ms
> From UbuntuDev.local (192.168.0.57): icmp_seq=5 Redirect Host(New nexthop: 192.168.0.1)
>  
> however, this is still slow.

The ICMP redirects suggest a networking misconfiguration - unrelated to PowerDNS.


Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From cyclops at prof-x.net  Fri Mar 15 07:38:57 2013
From: cyclops at prof-x.net (Ruben d'Arco)
Date: Fri, 15 Mar 2013 08:38:57 +0100
Subject: [Pdns-users] Split horizon possible with powerdns
In-Reply-To: <0a0501ce20f0$3d7bb380$b8731a80$@streamservice.nl>
References: <CA+z6RjEs_ceoXKCKuoa083Hm6AGGFHWx0tOsEP-yHXhTgkWV=w@mail.gmail.com>
	<20130314182636.GA86912@jmbp.ww.mens.de>
	<0a0501ce20f0$3d7bb380$b8731a80$@streamservice.nl>
Message-ID: <20130315073856.GC32194@prof-x.prof-x.net>


Hi,

Another appraoch would be to run two instances of pdns. Every instance would run on a specific ip which corresponds
to the subnet that you want to use. For internal/external scenario's this will probably work.
The small downside of this is that you have to maintain two zones and two powerdns databases.

Regards,
	Ruben




On Thu, Mar 14, 2013 at 09:12:23PM +0100, Mark Scholten wrote:
> > -----Original Message-----
> > From: pdns-users-bounces at mailman.powerdns.com [mailto:pdns-users-
> > bounces at mailman.powerdns.com] On Behalf Of Jan-Piet Mens
> > Sent: 14 March, 2013 19:27
> > To: pdns-users at mailman.powerdns.com
> > Subject: Re: [Pdns-users] Split horizon possible with powerdns
> > 
> > > I sm wondering if split horizon can be configured with powercns so
> > > that intetnal as well as external users can get a separate ips?
> > 
> > If you're talking about PowerDNS Authoritative, the answer is 'no'. If you
> mean
> > PowerDNS Recursor, the answer is 'maybe': you could use its Lua feature to
> > fiddle with returning different values on a per/client basis.
> > (Note: I said 'could'. :)
> 
> Isn't it possible to abuse the geo backend for this?
> 
> And PowerDNS auth also has some LUA options if you disable the cache (and
> that makes it slow).
> 
> Regards, Mark
> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users


From pnunn at infoteq.com.au  Fri Mar 15 11:01:40 2013
From: pnunn at infoteq.com.au (Peter Nunn)
Date: Fri, 15 Mar 2013 22:01:40 +1100
Subject: [Pdns-users] Screwy pdns configuration.
In-Reply-To: <9F78F01A-079B-4327-84C9-C63BF3A01DE8@netherlabs.nl>
References: <1508595.jbP86VWjOG@pnunn-latitude-e6510>
	<1637739.zzUGbJ63Uf@pnunn-latitude-e6510>
	<9F78F01A-079B-4327-84C9-C63BF3A01DE8@netherlabs.nl>
Message-ID: <2066466.o3EodtaZVq@pnunn-latitude-e6510>

Peter you are a champion.

Turns out to have been an openvpn connection that had partly come up giving me a default route back to the host that happened to have pdns running on it (also the vpn end point).

Get rid of that route and all is now good again.


THANKYOU.

Would never have twigged without your help

Peter.


On Fri, 15 Mar 2013 07:52:30 AM Peter van Dijk wrote:
> Hello Peter,
> 
> On Mar 14, 2013, at 22:38 , Peter Nunn wrote:
> 
> > The reverse lookup seems to work (atleast with dig) 
> >  
> > dig ptr -x 74.125.237.68 @192.168.0.57
> >  
> > ; <<>> DiG 9.8.1-P1 <<>> ptr -x 74.125.237.68 @192.168.0.57
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47736
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> >  
> > ;; QUESTION SECTION:
> > ;68.237.125.74.in-addr.arpa.    IN      PTR
> >  
> > ;; AUTHORITY SECTION:
> > in-addr.arpa.           86400   IN      SOA     ns1.infoteq.com.au. hostmaster.infoteq.com.au. 2012123102 28800 7200 604800 86400
> >  
> > ;; Query time: 6 msec
> > ;; SERVER: 192.168.0.57#53(192.168.0.57)
> > ;; WHEN: Fri Mar 15 08:18:34 2013
> > ;; MSG SIZE  rcvd: 109
> 
> Ok - it is not returning the actual name of that IP on the Internet, but it's fast and not a SERVFAIL. So, it should not cause the issues you are seeing with ping.
> 
> > ping google.com.au
> > PING google.com.au (74.125.237.88) 56(84) bytes of data.
> > From UbuntuDev.local (192.168.0.57): icmp_seq=1 Redirect Host(New nexthop: 192.168.0.1)
> > 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=1 ttl=54 time=48.1 ms
> > From UbuntuDev.local (192.168.0.57): icmp_seq=2 Redirect Host(New nexthop: 192.168.0.1)
> > 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=2 ttl=55 time=48.4 ms
> > From UbuntuDev.local (192.168.0.57): icmp_seq=3 Redirect Host(New nexthop: 192.168.0.1)
> > 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=3 ttl=54 time=48.0 ms
> > From UbuntuDev.local (192.168.0.57): icmp_seq=4 Redirect Host(New nexthop: 192.168.0.1)
> > 64 bytes from syd01s06-in-f24.1e100.net (74.125.237.88): icmp_req=4 ttl=55 time=48.0 ms
> > From UbuntuDev.local (192.168.0.57): icmp_seq=5 Redirect Host(New nexthop: 192.168.0.1)
> >  
> > however, this is still slow.
> 
> The ICMP redirects suggest a networking misconfiguration - unrelated to PowerDNS.
> 
> 
> Kind regards,
> 
-- 
Director
InfoTeq Pty Ltd
0412 174 230
03 9017 2707
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130315/054bb3bb/attachment-0001.html>

From dmiller at amfes.com  Fri Mar 15 18:16:22 2013
From: dmiller at amfes.com (Daniel L. Miller)
Date: Fri, 15 Mar 2013 11:16:22 -0700
Subject: [Pdns-users] Split horizon possible with powerdns
In-Reply-To: <20130314182636.GA86912@jmbp.ww.mens.de>
References: <CA+z6RjEs_ceoXKCKuoa083Hm6AGGFHWx0tOsEP-yHXhTgkWV=w@mail.gmail.com>
	<20130314182636.GA86912@jmbp.ww.mens.de>
Message-ID: <assp.178619f522.51436576.4020507@amfes.com>

On 3/14/2013 11:26 AM, Jan-Piet Mens wrote:
>> I sm wondering if split horizon can be configured with powercns so that
>> intetnal as well as external users can get a separate ips?
> If you're talking about PowerDNS Authoritative, the answer is 'no'. If
> you mean PowerDNS Recursor, the answer is 'maybe': you could use its Lua
> feature to fiddle with returning different values on a per/client basis.
> (Note: I said 'could'. :)

Could and do - as I don't have a better option for my current setup.

Authoritative server listening on private port - Internet firewall 
forwards requests via NAT.
Recursor listening on :53 on LAN address - provides DNS for local hosts 
and rewrites as needed via lua or forwards to authoritative.

-- 
Daniel


From cloos at jhcloos.com  Sat Mar 16 00:19:32 2013
From: cloos at jhcloos.com (James Cloos)
Date: Fri, 15 Mar 2013 20:19:32 -0400
Subject: [Pdns-users] tsig keys
Message-ID: <m3k3p8nqky.fsf@carbon.jhcloos.org>

Should the tsigkeys.secret column have any structure?

Or is it just base64-encoded random bits?

-JimC
-- 
James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6


From jpmens.dns at gmail.com  Sat Mar 16 09:07:45 2013
From: jpmens.dns at gmail.com (Jan-Piet Mens)
Date: Sat, 16 Mar 2013 10:07:45 +0100
Subject: [Pdns-users] tsig keys
In-Reply-To: <m3k3p8nqky.fsf@carbon.jhcloos.org>
References: <m3k3p8nqky.fsf@carbon.jhcloos.org>
Message-ID: <20130316090745.GA861@jmbp.ww.mens.de>

> Should the tsigkeys.secret column have any structure?

It's just the Base64-encoded blob, e.g.:

        INSERT INTO tsigkeys (name, algorithm, secret) VALUES ('k01', 'hmac-md5', '4imFLvMHKDmtc2oJldCaJg==');

Regards,

        -JP


From cloos at jhcloos.com  Sat Mar 16 17:38:33 2013
From: cloos at jhcloos.com (James Cloos)
Date: Sat, 16 Mar 2013 13:38:33 -0400
Subject: [Pdns-users] tsig keys
In-Reply-To: <20130316090745.GA861@jmbp.ww.mens.de> (Jan-Piet Mens's message
	of "Sat, 16 Mar 2013 10:07:45 +0100")
References: <m3k3p8nqky.fsf@carbon.jhcloos.org>
	<20130316090745.GA861@jmbp.ww.mens.de>
Message-ID: <m3a9q3meh9.fsf@carbon.jhcloos.org>

>>>>> "JM" == Jan-Piet Mens <jpmens.dns at gmail.com> writes:

JM> It's just the Base64-encoded blob, e.g.:

'the blob' doesn't answer my question.

Is it just random bits or the result of running hmac-md5 on something?

-JimC
-- 
James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6


From chieff7 at gmail.com  Sat Mar 16 18:56:25 2013
From: chieff7 at gmail.com (Ron Tsoref)
Date: Sat, 16 Mar 2013 20:56:25 +0200
Subject: [Pdns-users] PowerDNS capabilities
Message-ID: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>

Hi.

I'm just checking out PowerDNS' capabilities and I'm not sure about
something --

Is it possible to serve DNS queries with PowerDNS this way? :

PowerDNS checks for the requester's IP.  If its IP range is found - serve a
certain record from a MySQL database.  If not - PowerDNS will serve a
general, country-based answer from the MySQL database (simple Geo
resolution).

Thanks

Ron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130316/4956a7cf/attachment-0001.html>

From bycn82 at gmail.com  Sun Mar 17 02:24:28 2013
From: bycn82 at gmail.com (Bill Yuan)
Date: Sun, 17 Mar 2013 10:24:28 +0800
Subject: [Pdns-users] my pdns does'nt use my recursor
Message-ID: <CAC+JH2z9LnY8yc6ZpXX-77zw7XZGDM1een15Bm5K-bfhBO+zoA@mail.gmail.com>

hi
I configured two ip addresses on my local linux for pdns, 1.1.1.1 for
the pdns, and 2.2.2.2 for it's recursor.

and I have another laptop using xp,

I found when dns set to 1.1.1.1, my xp laptop can resolve the local
domain which configured in the pdns,

when dns set to 2.2.2.2 , my xp laptop can resole the domain like
www.google.com,

So that means the pdns and the recursor are working.

But when i set the dns to 1.1.1.1 and quering www.google.com it will fail,

So it there any way to check why the pdns did not invoke my recursor?


I have configured "recursor=2.2.2.2:53" in the pdns.conf


From bycn82 at gmail.com  Sun Mar 17 08:44:43 2013
From: bycn82 at gmail.com (Bill Yuan)
Date: Sun, 17 Mar 2013 16:44:43 +0800
Subject: [Pdns-users] my pdns does'nt use my recursor
In-Reply-To: <CAC+JH2z9LnY8yc6ZpXX-77zw7XZGDM1een15Bm5K-bfhBO+zoA@mail.gmail.com>
References: <CAC+JH2z9LnY8yc6ZpXX-77zw7XZGDM1een15Bm5K-bfhBO+zoA@mail.gmail.com>
Message-ID: <CAC+JH2zNSO0XDBFPaHveAYmhwRnX8eHi_Ptc8YotKQk3iOrVhA@mail.gmail.com>

Sorry , I just found actually it is using the 2.2.2.2 , It is not
working properly because 2.2.2.2 is an public ip which located in
France.



On Sun, Mar 17, 2013 at 10:24 AM, Bill Yuan <bycn82 at gmail.com> wrote:
> hi
> I configured two ip addresses on my local linux for pdns, 1.1.1.1 for
> the pdns, and 2.2.2.2 for it's recursor.
>
> and I have another laptop using xp,
>
> I found when dns set to 1.1.1.1, my xp laptop can resolve the local
> domain which configured in the pdns,
>
> when dns set to 2.2.2.2 , my xp laptop can resole the domain like
> www.google.com,
>
> So that means the pdns and the recursor are working.
>
> But when i set the dns to 1.1.1.1 and quering www.google.com it will fail,
>
> So it there any way to check why the pdns did not invoke my recursor?
>
>
> I have configured "recursor=2.2.2.2:53" in the pdns.conf


From jpmens.dns at gmail.com  Sun Mar 17 09:57:00 2013
From: jpmens.dns at gmail.com (Jan-Piet Mens)
Date: Sun, 17 Mar 2013 10:57:00 +0100
Subject: [Pdns-users] tsig keys
In-Reply-To: <m3a9q3meh9.fsf@carbon.jhcloos.org>
References: <m3k3p8nqky.fsf@carbon.jhcloos.org>
	<20130316090745.GA861@jmbp.ww.mens.de>
	<m3a9q3meh9.fsf@carbon.jhcloos.org>
Message-ID: <20130317095700.GA23302@jmbp.ww.mens.de>

> >>>>> "JM" == Jan-Piet Mens <jpmens.dns at gmail.com> writes:

"JP", by the way ;-)

> 'the blob' doesn't answer my question.
> 
> Is it just random bits or the result of running hmac-md5 on something?

It's the rdata taken from the KEY RR after running `dnssec-keygen -a HMAC-MD5 -n HOST -b nnnn xxx`

        -JP


From peter.van.dijk at netherlabs.nl  Sun Mar 17 14:20:01 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Sun, 17 Mar 2013 15:20:01 +0100
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
Message-ID: <1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>

Hello Ron,

On Mar 16, 2013, at 19:56 , Ron Tsoref wrote:

> I'm just checking out PowerDNS' capabilities and I'm not sure about something --
> 
> Is it possible to serve DNS queries with PowerDNS this way? :
> 
> PowerDNS checks for the requester's IP.  If its IP range is found - serve a certain record from a MySQL database.  If not - PowerDNS will serve a general, country-based answer from the MySQL database (simple Geo resolution).

The BIND and SQL backends cannot do this. The Geobackend can do this natively (but it has some limitations). The Lua, Pipe and Remote backends can do this if you write a script. A Google search might give you a couple.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From bycn82 at gmail.com  Sun Mar 17 14:20:53 2013
From: bycn82 at gmail.com (Bill Yuan)
Date: Sun, 17 Mar 2013 22:20:53 +0800
Subject: [Pdns-users] my pdns does'nt use my recursor
In-Reply-To: <CAC+JH2zNSO0XDBFPaHveAYmhwRnX8eHi_Ptc8YotKQk3iOrVhA@mail.gmail.com>
References: <CAC+JH2z9LnY8yc6ZpXX-77zw7XZGDM1een15Bm5K-bfhBO+zoA@mail.gmail.com>
	<CAC+JH2zNSO0XDBFPaHveAYmhwRnX8eHi_Ptc8YotKQk3iOrVhA@mail.gmail.com>
Message-ID: <CAC+JH2zcMd_j-oTJ2wnsEP_BeDZ4P170pUmZQo+dSrVc8zmyvQ@mail.gmail.com>

finally copy all the files into my linux, now the recursor can trigger
the lua script already,

but is still did not return the correct result for the nxdomains, I
have a function like below, no matter what domain it is , i just
always return a ip for it ,  but the function is not working properly!

function nxdomain ( remoteip, domain, qtype )
return 0, {
{qtype="1", content="1.2.3.4", ttl=3600, place="1"},
}
end

On Sun, Mar 17, 2013 at 4:44 PM, Bill Yuan <bycn82 at gmail.com> wrote:
> Sorry , I just found actually it is using the 2.2.2.2 , It is not
> working properly because 2.2.2.2 is an public ip which located in
> France.
>
>
>
> On Sun, Mar 17, 2013 at 10:24 AM, Bill Yuan <bycn82 at gmail.com> wrote:
>> hi
>> I configured two ip addresses on my local linux for pdns, 1.1.1.1 for
>> the pdns, and 2.2.2.2 for it's recursor.
>>
>> and I have another laptop using xp,
>>
>> I found when dns set to 1.1.1.1, my xp laptop can resolve the local
>> domain which configured in the pdns,
>>
>> when dns set to 2.2.2.2 , my xp laptop can resole the domain like
>> www.google.com,
>>
>> So that means the pdns and the recursor are working.
>>
>> But when i set the dns to 1.1.1.1 and quering www.google.com it will fail,
>>
>> So it there any way to check why the pdns did not invoke my recursor?
>>
>>
>> I have configured "recursor=2.2.2.2:53" in the pdns.conf


From odhiambo at gmail.com  Sun Mar 17 15:03:44 2013
From: odhiambo at gmail.com (Odhiambo Washington)
Date: Sun, 17 Mar 2013 18:03:44 +0300
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
Message-ID: <CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>

On 17 March 2013 17:20, Peter van Dijk <peter.van.dijk at netherlabs.nl> wrote:

> Hello Ron,
>
> On Mar 16, 2013, at 19:56 , Ron Tsoref wrote:
>
> > I'm just checking out PowerDNS' capabilities and I'm not sure about
> something --
> >
> > Is it possible to serve DNS queries with PowerDNS this way? :
> >
> > PowerDNS checks for the requester's IP.  If its IP range is found -
> serve a certain record from a MySQL database.  If not - PowerDNS will serve
> a general, country-based answer from the MySQL database (simple Geo
> resolution).
>
> The BIND and SQL backends cannot do this. The Geobackend can do this
> natively (but it has some limitations). The Lua, Pipe and Remote backends
> can do this if you write a script. A Google search might give you a couple.
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
>

Just curious. Isn't the question closely similar to how "views" work in
BIND?

Does PowerDNS support "views", in some way?



-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130317/7fd143fb/attachment-0001.html>

From cloos at jhcloos.com  Sun Mar 17 21:12:53 2013
From: cloos at jhcloos.com (James Cloos)
Date: Sun, 17 Mar 2013 17:12:53 -0400
Subject: [Pdns-users] tsig keys
In-Reply-To: <20130317095700.GA23302@jmbp.ww.mens.de> (Jan-Piet Mens's message
	of "Sun, 17 Mar 2013 10:57:00 +0100")
References: <m3k3p8nqky.fsf@carbon.jhcloos.org>
	<20130316090745.GA861@jmbp.ww.mens.de>
	<m3a9q3meh9.fsf@carbon.jhcloos.org>
	<20130317095700.GA23302@jmbp.ww.mens.de>
Message-ID: <m3d2uxlogh.fsf@carbon.jhcloos.org>

>>>>> "JM" == Jan-Piet Mens <jpmens.dns at gmail.com> writes:

JM> It's the rdata [from] running dnssec-keygen ...

OK.  Thanks!

-JimC
-- 
James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6




From jigneshmpatel at gmail.com  Sun Mar 17 22:43:38 2013
From: jigneshmpatel at gmail.com (Jignesh Patel)
Date: Sun, 17 Mar 2013 18:43:38 -0400
Subject: [Pdns-users] installing ldap as backend
Message-ID: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>

I am trying to run powerdns on amazon server with openldap integration.
I have installed following two packages
sudo yum list | grep pdns
pdns.x86_64                           3.1-2.el6                    @epel

pdns-backend-ldap.x86_64              3.1-2.el6                    @epel

openldap is running efficiently.

However when I am trying to run powerdns with ldap by putting following
parameters in /etc/pdns/pdns.conf
#allow-recursion-override=on
#irecursor=127.0.0.1
#lazy-recursion=yes
launch=ldap
ldap-host = ldap://127.0.0.1:389/
ldap-basedn = ""
ldap-binddn=""
ldap-starttls=no
ldap-secret=groupmd123
ldap-method=simple
#ldap-filter-axfr="(:target:)"
#ldap-filter-lookup="(:target:)"

after a while I see following message in /var/log/messages file

Mar 17 22:39:32 ip-10-190-102-20 pdns[19195]: Respawning
Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Guardian is launching an
instance
Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Reading random entropy from
'/dev/urandom'
Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: This is a guarded instance of
pdns
Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Fatal error: Trying to set
unexisting parameter 'ldap-host '

So how to set LDAP parameter. I have not configured powerdns manually but I
used yum to install pens-backend-ldap and by default it installed powerdns.

Please suggest me how to make pdns working with openldap.

And is it possible to configure powerdns-webinterface with openldap as
backend.
http://code.google.com/p/powerdns-webinterface/downloads/list

-Jignesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130317/49a4c97a/attachment-0001.html>

From bycn82 at gmail.com  Mon Mar 18 00:38:58 2013
From: bycn82 at gmail.com (Bill Yuan)
Date: Mon, 18 Mar 2013 08:38:58 +0800
Subject: [Pdns-users] pdns lua script to handle the nxdomain
Message-ID: <CAC+JH2z9u5zzw5PrVOh=SQWqmJYJX5dkkdy58-3F-oNkxuDq+Q@mail.gmail.com>

Hi all,

I am using pdns as a local dns server to hijack all the nxdomain, If the
visitor key-in a typo domain, we want to redirect them to our own website.
But I met this two error message on the xp client,

"*** No address (A) records available for XXXX"

"*** UnKnown can't find XXXX: Non-existent domain"

What is the difference between this two error message? Currently I am using
the lua script(
http://wiki.powerdns.com/trac/browser/trunk/pdns/pdns/powerdns-example-script.lua)
but seem the nxdomain is not functioning!

thanks,
Bill82
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130318/43c7681c/attachment-0001.html>

From peter.van.dijk at netherlabs.nl  Mon Mar 18 06:23:24 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Mon, 18 Mar 2013 07:23:24 +0100
Subject: [Pdns-users] my pdns does'nt use my recursor
In-Reply-To: <CAC+JH2zcMd_j-oTJ2wnsEP_BeDZ4P170pUmZQo+dSrVc8zmyvQ@mail.gmail.com>
References: <CAC+JH2z9LnY8yc6ZpXX-77zw7XZGDM1een15Bm5K-bfhBO+zoA@mail.gmail.com>
	<CAC+JH2zNSO0XDBFPaHveAYmhwRnX8eHi_Ptc8YotKQk3iOrVhA@mail.gmail.com>
	<CAC+JH2zcMd_j-oTJ2wnsEP_BeDZ4P170pUmZQo+dSrVc8zmyvQ@mail.gmail.com>
Message-ID: <05EF9821-D3FF-4B6E-835F-6753E9240375@netherlabs.nl>

Hello Bill,

On Mar 17, 2013, at 15:20 , Bill Yuan wrote:

> finally copy all the files into my linux, now the recursor can trigger
> the lua script already,
> 
> but is still did not return the correct result for the nxdomains, I
> have a function like below, no matter what domain it is , i just
> always return a ip for it ,  but the function is not working properly!
> 
> function nxdomain ( remoteip, domain, qtype )
> return 0, {
> {qtype="1", content="1.2.3.4", ttl=3600, place="1"},
> }
> end


You have not actually told us what is going wrong. Can you show us some output? Also, we'd prefer it if you did not obscure your IPs like this.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From peter.van.dijk at netherlabs.nl  Mon Mar 18 06:25:46 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Mon, 18 Mar 2013 07:25:46 +0100
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
Message-ID: <B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>

Hello Jignesh,

On Mar 17, 2013, at 23:43 , Jignesh Patel wrote:

> after a while I see following message in /var/log/messages file
> 
> Mar 17 22:39:32 ip-10-190-102-20 pdns[19195]: Respawning
> Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Guardian is launching an instance
> Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Reading random entropy from '/dev/urandom'
> Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: This is a guarded instance of pdns
> Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Fatal error: Trying to set unexisting parameter 'ldap-host '
> 
> So how to set LDAP parameter. I have not configured powerdns manually but I used yum to install pens-backend-ldap and by default it installed powerdns.

Is it possible there is another launch= line further down in your config? You can only have one - if you have multiple, PowerDNS will use the last one.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From mh+pdns-users at zugschlus.de  Mon Mar 18 10:56:06 2013
From: mh+pdns-users at zugschlus.de (Marc Haber)
Date: Mon, 18 Mar 2013 11:56:06 +0100
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
Message-ID: <20130318105606.GC14649@torres.zugschlus.de>

On Sun, Mar 17, 2013 at 06:03:44PM +0300, Odhiambo Washington wrote:
> Does PowerDNS support "views", in some way?

If you look for something that is the same as bind views, the answer
is no, unfortunately. Same goes for ACLs.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062


From bycn82 at gmail.com  Mon Mar 18 12:59:11 2013
From: bycn82 at gmail.com (Bill Yuan)
Date: Mon, 18 Mar 2013 20:59:11 +0800
Subject: [Pdns-users] some basic question for master
Message-ID: <CAC+JH2ymLLQJ+-P+yQYcxmCB8AYXMYo9OWM1CcUPmfu0bQitVA@mail.gmail.com>

hi

i have some question, i tried to google the answer, but for a newbie as me
,i think how to key-in the right keyword also a big problem,

1, the zone-file,   how come the recursor know whether to query and resolve
the domain ?  i think it is configured in the forward-zone-file, and
currently i configured "*.=8.8.8.8" in the zone-file, so does it mean that
for all domains , the recursor will use 8.8.8.8

2, how can i resolve the server name?  when i run command nslookup on my
windows xp, i saw the info below

Server:    1.1.168.192.in-addr.arpa
Address:  192.168.1.1

Non-authoritative-answer:
Name:www.google.com
.......

My question is how can i change the server name, the name here
1.1.168.192.in-addr.arpa looks wired.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130318/d352ea8c/attachment-0001.html>

From zaphodb at zaphods.net  Mon Mar 18 14:02:10 2013
From: zaphodb at zaphods.net (Stefan Schmidt)
Date: Mon, 18 Mar 2013 15:02:10 +0100
Subject: [Pdns-users] some basic question for master
In-Reply-To: <CAC+JH2ymLLQJ+-P+yQYcxmCB8AYXMYo9OWM1CcUPmfu0bQitVA@mail.gmail.com>
References: <CAC+JH2ymLLQJ+-P+yQYcxmCB8AYXMYo9OWM1CcUPmfu0bQitVA@mail.gmail.com>
Message-ID: <CAFoxyLUT6k5aBLonk6HX4=0Um6=qsxhQQTy8mk5D5OYvLtynuw@mail.gmail.com>

On Mon, Mar 18, 2013 at 1:59 PM, Bill Yuan <bycn82 at gmail.com> wrote:

> hi
>

Hi,


> i have some question, i tried to google the answer, but for a newbie as me
> ,i think how to key-in the right keyword also a big problem,
>

Not confusing terminology is always a good start to ask the right questions.
In the subject of this email you have a "question for master" which will
lead experienced DNS operators in the direction that you might have a
question about the workings of an authoritative DNS server operating as a
master for some zone whereas it seems to me reading on that your interest
actually is with PowerDNS recursor. So a totally different beast. Let me
point you to the excellent wikipedia article about DNS for working out the
correct terms for most things DNS.
http://en.wikipedia.org/wiki/Domain_Name_System


> 1, the zone-file,   how come the recursor know whether to query and
> resolve the domain ?  i think it is configured in the forward-zone-file,
> and currently i configured "*.=8.8.8.8" in the zone-file, so does it mean
> that for all domains , the recursor will use 8.8.8.8
>

It actually is forward-zones-file where zone is in the plural. It is a file
where you specify which zones will get forwarded to which authoritative
Nameserver IPs.
As is documented at
http://doc.powerdns.com/built-in-recursor.html#recursor-settings .
Calling the mentioned file a zonefile however is misleading at best as this
name is commonly used to refer to a file holding the actual data that
authoritative Nameservers such as BIND serve. See
http://en.wikipedia.org/wiki/Zone_file .
You will find that it is also documented that the forward-zones-file option
will not set the recursion desired bit when forwarding the queries, so if
your destination nameserver is a recursive one the forward-zones-recurse
option is what you will want to use instead.

For forwarding all queries to a recursive Nameserver the single dot without
any asterisks will denote the DNS root and hence by specifying .=8.8.8.8
all your queries will be forwarded to 8.8.8.8 unless they can be answered
by the configured backends.
However please read http://cr.yp.to/djbdns/separation.html on why doing
this is usually a bad idea.


>
> 2, how can i resolve the server name?  when i run command nslookup on my
> windows xp, i saw the info below
>
> Server:    1.1.168.192.in-addr.arpa
> Address:  192.168.1.1
>
> Non-authoritative-answer:
> Name:www.google.com
> .......
>
> My question is how can i change the server name, the name here
> 1.1.168.192.in-addr.arpa looks wired.
>

I am not a windows professional but my guess is that Windows tries to
resolve the configured Nameservers name and that your home router which is
likely 192.168.1.1 resolves itself like that. The DNS Address 192.168.1.1
will most likely be automatically assigned via DHCP, you should be able to
override that.
For actually testing DNS responses however dig is a tool much better suited
for that than nslookup. You should be able to get it from ISCs BIND for
Windows suite i think.

 Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130318/f57d8241/attachment-0001.html>

From bert.hubert at netherlabs.nl  Mon Mar 18 18:56:08 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Mon, 18 Mar 2013 19:56:08 +0100
Subject: [Pdns-users] New website, certified consultants,
	new third party registries!
Message-ID: <20130318185608.GA26776@xs.powerdns.com>

Hi everybody,

Today we're proud to present our revamped homepage, http://www.powerdns.com/
In addition, as of today, our homepage can be reached over IPv6 too.

We've worked hard to make this site a useful resource both for our open
source community (which helped extensively in proofreading the site!) as
well as for our supported users (customers).

Your feedback is welcome as we are still working on the finishing touches.

Three further things of note:

1) http://www.powerdns.com/third-party.html has a list of 'third party open
source products' that go well with PowerDNS. We want to make this a
comprehensive list, so if you have a PowerDNS-related open source product,
please let us know!

2) http://www.powerdns.com/hosted.html has a list of 'third party PowerDNS
hosted service providers'. If you offer hosted PowerDNS services, please let
us know so we can list you. 

3) http://www.powerdns.com/certified-consultants.html describes how we
cooperate with currently five members of the open source community that can
provide professional services for PowerDNS users that need them. If you too
want to become a 'certified consultant', please let us know. The bar for
becoming a certified consultant is high, and we should probably know you
already.

Thank you for your attention & we hope to hear from you!

-- 
PowerDNS Website: http://www.powerdns.com/
Contact us by phone on +31-15-7850372


From miguel.mirandag at gmail.com  Mon Mar 18 20:24:49 2013
From: miguel.mirandag at gmail.com (Miguel Miranda)
Date: Mon, 18 Mar 2013 14:24:49 -0600
Subject: [Pdns-users] backend time out errors
Message-ID: <CAGwP77NmS3i=XKe4mB8_dwWGL-YRCU_RXTu0mBMAmeN3Enk17g@mail.gmail.com>

Hello to all, im getting several timeout errors in a recenly installed
powerdns 3.1 server, this is autoritative/resolver server, pns running in
public interface and resolver running in localhost, this is the error:

Recursive query for remote x.x.x.x:1044 with internal id 180 was not
answered by backend within timeout, reusing id

im using mysql backend. this is a powerfull server, 2 x quad core running
centos 64 bit, 32 gb ram.

i tunned mysql using the my-huge example, so i dont think this is a db
problem, but may be im wring, what should i check to isolate the problem?

this is my pdns.conf file:
setuid=pdns
setgid=pdns
allow-recursion=127.0.0.0/8 \
y.y.y.y \
z.z.z.z
cache-ttl=300
daemon=yes
disable-tcp=yes
distributor-threads=25
guardian=yes
launch=gmysql
gmysql-host=127.0.0.1
gmysql-dbname=powerdns
gmysql-user=pdns
gmysql-password=xxx
lazy-recursion=yes
local-address=x.x.x.x
local-port=53
log-dns-details=no
log-dns-queries=no
log-failed-updates=no
max-cache-entries=2000000
negquery-cache-ttl=0
query-cache-ttl=300
query-logging=no
receiver-threads=25
recursive-cache-ttl=300
recursor=127.0.0.1
webserver=yes
webserver-address=x.x.x.x

and this is the recursor.conf file:
setuid=pdns-recursor
setgid=pdns-recursor
daemon=yes
dont-query=127.0.0.0/8
local-address=127.0.0.1
local-port=53
log-common-errors=no
max-cache-entries=3000000
max-negative-ttl=0
max-packetcache-entries=3000000
packetcache-servfail-ttl=0
quiet=yes
threads=25

regards,
---Miguel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130318/6abacd90/attachment-0001.html>

From jigneshmpatel at gmail.com  Mon Mar 18 20:37:07 2013
From: jigneshmpatel at gmail.com (Jignesh Patel)
Date: Mon, 18 Mar 2013 16:37:07 -0400
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
Message-ID: <CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>

Peter
This is not a problem. Is there any good documentation for setting up
powerdns with ldap?

-Jignesh

On Mon, Mar 18, 2013 at 2:25 AM, Peter van Dijk <
peter.van.dijk at netherlabs.nl> wrote:

> Hello Jignesh,
>
> On Mar 17, 2013, at 23:43 , Jignesh Patel wrote:
>
> > after a while I see following message in /var/log/messages file
> >
> > Mar 17 22:39:32 ip-10-190-102-20 pdns[19195]: Respawning
> > Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Guardian is launching an
> instance
> > Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Reading random entropy
> from '/dev/urandom'
> > Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: This is a guarded instance
> of pdns
> > Mar 17 22:39:33 ip-10-190-102-20 pdns[19849]: Fatal error: Trying to set
> unexisting parameter 'ldap-host '
> >
> > So how to set LDAP parameter. I have not configured powerdns manually
> but I used yum to install pens-backend-ldap and by default it installed
> powerdns.
>
> Is it possible there is another launch= line further down in your config?
> You can only have one - if you have multiple, PowerDNS will use the last
> one.
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130318/b94bd2c3/attachment-0001.html>

From nmilas at admin.noa.gr  Mon Mar 18 22:23:55 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Tue, 19 Mar 2013 00:23:55 +0200
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
	<CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
Message-ID: <514793FB.9010800@admin.noa.gr>

On 18/3/2013 10:37 ΌΌ, Jignesh Patel wrote:

> ...Is there any good documentation for setting up
> powerdns with ldap?
>

Official support has been dropped for LDAP backend by its former 
maintainer and, as a result, by PowerDNS too. v2.9.22 is the last 
working version, even with some limitations
(see: http://comments.gmane.org/gmane.network.dns.powerdns.devel/1371)

Documentation is available here (by the former maintainer): 
http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend

Thanks to a recent ldap-backend fork, development has restarted, but 
needs testing - no official releases yet. Read here about the fork: 
http://marc.info/?l=pdns-users&m=135534915929068&w=2

Here is the latest call for testing, after adding master support for the 
first time:
http://sequanux.org/pipermail/pdns-ldap-backend/2013-March/000011.html

Subscribe to:
http://sequanux.org/cgi-bin/mailman/listinfo/pdns-ldap-backend
to keep updated about all progress regarding ldap backend.

If you can help with testing or otherwise, it will certainly make a 
difference. Pdns ldap backend had been largely neglected (despite my 
efforts to keep it alive).

I'm gonna test the latest version in the next few days.

Regards,
Nick


From jigneshmpatel at gmail.com  Tue Mar 19 01:15:04 2013
From: jigneshmpatel at gmail.com (Jignesh Patel)
Date: Mon, 18 Mar 2013 21:15:04 -0400
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <514793FB.9010800@admin.noa.gr>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
	<CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
	<514793FB.9010800@admin.noa.gr>
Message-ID: <CAHTx_0yoeeZiVkJ3D5d40TEi4gxGhHkSQNyQ-h2Yq=sWiz4W8A@mail.gmail.com>

Looks like pdns works with LDAP. Thanks to Beñat for his kind assistance to
suggest removing white spaces after "=".
Now I am seeing for efficient UI to view content.

-jignesh

Mar 19 01:00:41 ip-10-190-102-20 pdns[9902]: Listening on controlsocket in
'/var/run/pdns.controlsocket'
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: Guardian is launching an
instance
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: Reading random entropy from
'/dev/urandom'
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: This is a guarded instance of
pdns
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: UDP server bound to
10.190.102.20:53
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: TCP server bound to
10.190.102.20:53
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: PowerDNS 3.1 (C) 2001-2012
PowerDNS.COM <http://powerdns.com/> BV (Oct 28 2012, 17:20:44, gcc 4.4.6
20120305 (Red Hat 4.4.6-4)) starting up
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: PowerDNS comes with ABSOLUTELY
NO WARRANTY. This is free software, and you are welcome to redistribute it
according to the terms of the GPL version 2.
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: DNS Proxy launched, local port
38045, remote 127.0.0.1:53
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: Creating backend connection
for TCP
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: About to create 3 backend
threads for UDP
Mar 19 01:00:41 ip-10-190-102-20 pdns[9905]: Done launching threads, ready
to distribute questions

On Mon, Mar 18, 2013 at 6:23 PM, Nikolaos Milas <nmilas at admin.noa.gr> wrote:

> On 18/3/2013 10:37 μμ, Jignesh Patel wrote:
>
>  ...Is there any good documentation for setting up
>> powerdns with ldap?
>>
>>
> Official support has been dropped for LDAP backend by its former
> maintainer and, as a result, by PowerDNS too. v2.9.22 is the last working
> version, even with some limitations
> (see: http://comments.gmane.org/**gmane.network.dns.powerdns.**devel/1371<http://comments.gmane.org/gmane.network.dns.powerdns.devel/1371>
> )
>
> Documentation is available here (by the former maintainer):
> http://www.linuxnetworks.de/**doc/index.php/PowerDNS_LDAP_**Backend<http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend>
>
> Thanks to a recent ldap-backend fork, development has restarted, but needs
> testing - no official releases yet. Read here about the fork:
> http://marc.info/?l=pdns-**users&m=135534915929068&w=2<http://marc.info/?l=pdns-users&m=135534915929068&w=2>
>
> Here is the latest call for testing, after adding master support for the
> first time:
> http://sequanux.org/pipermail/**pdns-ldap-backend/2013-March/**000011.html<http://sequanux.org/pipermail/pdns-ldap-backend/2013-March/000011.html>
>
> Subscribe to:
> http://sequanux.org/cgi-bin/**mailman/listinfo/pdns-ldap-**backend<http://sequanux.org/cgi-bin/mailman/listinfo/pdns-ldap-backend>
> to keep updated about all progress regarding ldap backend.
>
> If you can help with testing or otherwise, it will certainly make a
> difference. Pdns ldap backend had been largely neglected (despite my
> efforts to keep it alive).
>
> I'm gonna test the latest version in the next few days.
>
> Regards,
> Nick
>
> ______________________________**_________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.**com <Pdns-users at mailman.powerdns.com>
> http://mailman.powerdns.com/**mailman/listinfo/pdns-users<http://mailman.powerdns.com/mailman/listinfo/pdns-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130318/70ec337f/attachment-0001.html>

From vinh.ho2110 at gmail.com  Tue Mar 19 02:35:58 2013
From: vinh.ho2110 at gmail.com (=?UTF-8?B?xJDhu6ljIFZpbmggSOG7kw==?=)
Date: Tue, 19 Mar 2013 09:35:58 +0700
Subject: [Pdns-users] Upgrade PowerDNS Authoritative from 3.0.1 to the
	lastest version
Message-ID: <CAHd=_-OaJ91ip1CAp_Myb+-snL-e9-z-YwxFF+3rNWLUkN_Cdg@mail.gmail.com>

Dear everyone,
I'm using PowerDNS Authoritative version 3.0.1. Now, i want to upgrade it
to the lastest version, because i hear that lastest version of PowerDNS
Authoritative support ENDS which is configured like this "disable-edns=no"
EDNS with help me to solve my trouble of heavy UDP Packet size. Can some
one show me how to do that
Thanks you !

Vinh Ho
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/592d3f00/attachment-0001.html>

From nmilas at admin.noa.gr  Tue Mar 19 07:46:52 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Tue, 19 Mar 2013 09:46:52 +0200
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <CAHTx_0yoeeZiVkJ3D5d40TEi4gxGhHkSQNyQ-h2Yq=sWiz4W8A@mail.gmail.com>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
	<CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
	<514793FB.9010800@admin.noa.gr>
	<CAHTx_0yoeeZiVkJ3D5d40TEi4gxGhHkSQNyQ-h2Yq=sWiz4W8A@mail.gmail.com>
Message-ID: <514817EC.8030404@admin.noa.gr>

On 19/3/2013 3:15 πΌ, Jignesh Patel wrote:

> Looks like pdns works with LDAP. Thanks to Beñat for his kind 
> assistance to suggest removing white spaces after "=".

Please report here how it behaves (errors etc.).

> Now I am seeing for efficient UI to view content.

Besides JXplorer and phpLDAPadmin, we are using a custom php-based 
application (which is tailored to our zones, so it's not suitable for 
general use).

Best regards,
Nick


From peter.van.dijk at netherlabs.nl  Tue Mar 19 07:59:29 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Tue, 19 Mar 2013 08:59:29 +0100
Subject: [Pdns-users] backend time out errors
In-Reply-To: <CAGwP77NmS3i=XKe4mB8_dwWGL-YRCU_RXTu0mBMAmeN3Enk17g@mail.gmail.com>
References: <CAGwP77NmS3i=XKe4mB8_dwWGL-YRCU_RXTu0mBMAmeN3Enk17g@mail.gmail.com>
Message-ID: <46E2C096-367F-4305-9A83-934CE509E58D@netherlabs.nl>

Hello Miguel,

On Mar 18, 2013, at 21:24 , Miguel Miranda wrote:

> Hello to all, im getting several timeout errors in a recenly installed powerdns 3.1 server, this is autoritative/resolver server, pns running in public interface and resolver running in localhost, this is the error:
> 
> Recursive query for remote x.x.x.x:1044 with internal id 180 was not answered by backend within timeout, reusing id

This is about a forwarded recursive query. Recursive queries time out all the time, because various name servers on the Internet are down or slow.

> im using mysql backend. this is a powerfull server, 2 x quad core running centos 64 bit, 32 gb ram.
> 
> i tunned mysql using the my-huge example, so i dont think this is a db problem, but may be im wring, what should i check to isolate the problem?

This is not a MySQL issue - this is for queries that were -not- answered from your database.

Unless you are actually having trouble resolving various names via the recursor, and think this is not okay, there is no problem.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/



From margus.kiting at gmail.com  Tue Mar 19 11:51:20 2013
From: margus.kiting at gmail.com (Margus Kiting)
Date: Tue, 19 Mar 2013 13:51:20 +0200
Subject: [Pdns-users] pdns-3.2 AXFR per domain ACL's problem
Message-ID: <CAFRaUvb2eptHWzmPap5cThTUOw=QfHKF+syTtv3uaPo1Mft2tg@mail.gmail.com>

Hi,

I'm new to this list and this is the first time I encountered a problem
using powerdns authoritative DNS server, so I hope I find solution for this
problem from here.

The problem is in AXFR per domain ACL's. They are just nor working for me.
Below is configuration and test outputs.

Master DNS: pdns-master 192.168.1.10
Slave DNS: pdns-slave 192.168.1.11
Test server: pdns-test 192.168.1.13

PowerDNS Version 3.2, compiled on Mar 12 2013, 10:19:57 with gcc version
4.1.2 20080704 (Red Hat 4.1.2-51)


pdns-master pdns.conf

setuid=daemon
setgid=daemon
cache-ttl=60
daemon=yes
disable-tcp=no
distributor-threads=10

launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=powerdns
gmysql-password=password
gmysql-dbname=powerdns
logging-facility=1
loglevel=4
master=yes
query-cache-ttl=60
recursive-cache-ttl=60
recursor=127.0.0.1
query-local-address6=

NB! recursor is not running.

pdns-master mysql information:

mysql> select * from domains;
id      name    master  last_check      type    notified_serial account
1       test.com        NULL    NULL    MASTER  1363693953      NULL

mysql> select * from records;
id      domain_id       name    type    content ttl     prio
change_date    ordername        auth
1       1       test.com        SOA     dns1.test.com root at test.com 0
86400  NULL     NULL    NULL    NULL
2       1       test.com        NS      dns1.test.com   86400   NULL
1363693952      NULL    NULL
3       1       test.com        NS      dns2.test.com   86400   NULL
1363693952      NULL    NULL
4       1       www.test.com    A       192.168.1.12    120     NULL
1363693952      NULL    NULL
5       1       mail.test.com   A       192.168.1.12    120     NULL
1363693952      NULL    NULL
6       1       dns1.test.com   A       192.168.1.11    120     NULL
1363693952      NULL    NULL
7       1       dns2.test.com   A       192.168.1.10    120     NULL
1363693952      NULL    NULL
8       1       test.com        MX      mail.test.com   120     25
1363693953      NULL    NULL

mysql> select * from domainmetadata;
id      domain_id       kind    content
1       1       ALLOW-AXFR-FROM AUTO-NS
AXFR queries should be allowd onlly from server, which are in
test.comdomain NS records.
I will AXFR query from pdns-slave, which has IP 192.168.1.11 and it is
configured as NS record in test.ccom domain and it should get correct axfr
query answer.
I also try AXFR query from pdns-test, which has IP 192.168.1.12 and it's
not configured as NS record in test.com domain and this server should get
transfer failure message from pdns-master server. powerdns daemon is
running with monitor flag, which gives debug output from servers side.

AXFR query from pdns-slave 192.168.1.11 server:

[root at pdns-slave ~]# dig axfr test.com @192.168.1.10

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> axfr test.com @
192.168.1.10
;; global options:  printcmd
test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
1363693953 10800 3600 604800 3600
test.com.               86400   IN      NS      dns1.test.com.
test.com.               86400   IN      NS      dns2.test.com.
www.test.com.           120     IN      A       192.168.1.12
mail.test.com.          120     IN      A       192.168.1.12
dns1.test.com.          120     IN      A       192.168.1.11
dns2.test.com.          120     IN      A       192.168.1.10
test.com.               120     IN      MX      25 mail.test.com.
test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
1363693953 10800 3600 604800 3600
;; Query time: 12 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Tue Mar 19 13:24:06 2013
;; XFR size: 9 records (messages 3)

Powerdns log output in pdns-master server:

Mar 19 13:24:06 AXFR of domain 'test.com' initiated by 192.168.1.11
Mar 19 13:24:06 AXFR of domain 'test.com' allowed: client IP 192.168.1.11
is in allow-axfr-ips
Mar 19 13:24:06 gmysql Connection successful
Mar 19 13:24:06 gmysql Connection successful
Mar 19 13:24:06 AXFR of domain 'test.com' to 192.168.1.11 finished

AXFR query from pdns-test 192.168.1.12 server:

[root at pdns-test ~]# dig axfr test.com @192.168.1.10

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> axfr test.com @
192.168.1.10
;; global options:  printcmd
test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
1363693953 10800 3600 604800 3600
test.com.               86400   IN      NS      dns1.test.com.
test.com.               86400   IN      NS      dns2.test.com.
www.test.com.           120     IN      A       192.168.1.12
mail.test.com.          120     IN      A       192.168.1.12
dns1.test.com.          120     IN      A       192.168.1.11
dns2.test.com.          120     IN      A       192.168.1.10
test.com.               120     IN      MX      25 mail.test.com.
test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
1363693953 10800 3600 604800 3600
;; Query time: 17 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Tue Mar 19 13:25:50 2013
;; XFR size: 9 records (messages 3)


Powerdns log output in pdns-master server:

Mar 19 13:25:50 AXFR of domain 'test.com' initiated by 192.168.1.12
Mar 19 13:25:50 AXFR of domain 'test.com' allowed: client IP 192.168.1.12
is in allow-axfr-ips
Mar 19 13:25:50 gmysql Connection successful
Mar 19 13:25:50 gmysql Connection successful
Mar 19 13:25:50 AXFR of domain 'test.com' to 192.168.1.12 finished

As seen from abowe, AXFR ACL's per domain is not working. Am I missing some
configuration or I'm doing something very wrong?
Please help.

NB! English is not my native language, so appologies if there are mistakes.

Thanks in advance!
Margus Kiting
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/90a630ff/attachment-0001.html>

From cyclops at prof-x.net  Tue Mar 19 12:05:14 2013
From: cyclops at prof-x.net (Ruben d'Arco)
Date: Tue, 19 Mar 2013 13:05:14 +0100
Subject: [Pdns-users] pdns-3.2 AXFR per domain ACL's problem
In-Reply-To: <CAFRaUvb2eptHWzmPap5cThTUOw=QfHKF+syTtv3uaPo1Mft2tg@mail.gmail.com>
References: <CAFRaUvb2eptHWzmPap5cThTUOw=QfHKF+syTtv3uaPo1Mft2tg@mail.gmail.com>
Message-ID: <20130319120514.GA23454@prof-x.prof-x.net>

Hi,

This ia bit of a gues, but:
The AUTO-NS feature seems to use a normal getaddrinfo(). This might have a different result than you expect on your system.
Can you check what's in your resolv.conf and see what that replied when you ask for dns1.test.com and dns2.test.com?

Regards,
	Ruben



On Tue, Mar 19, 2013 at 01:51:20PM +0200, Margus Kiting wrote:
> Hi,
> 
> I'm new to this list and this is the first time I encountered a problem
> using powerdns authoritative DNS server, so I hope I find solution for this
> problem from here.
> 
> The problem is in AXFR per domain ACL's. They are just nor working for me.
> Below is configuration and test outputs.
> 
> Master DNS: pdns-master 192.168.1.10
> Slave DNS: pdns-slave 192.168.1.11
> Test server: pdns-test 192.168.1.13
> 
> PowerDNS Version 3.2, compiled on Mar 12 2013, 10:19:57 with gcc version
> 4.1.2 20080704 (Red Hat 4.1.2-51)
> 
> 
> pdns-master pdns.conf
> 
> setuid=daemon
> setgid=daemon
> cache-ttl=60
> daemon=yes
> disable-tcp=no
> distributor-threads=10
> 
> launch=gmysql
> gmysql-host=127.0.0.1
> gmysql-user=powerdns
> gmysql-password=password
> gmysql-dbname=powerdns
> logging-facility=1
> loglevel=4
> master=yes
> query-cache-ttl=60
> recursive-cache-ttl=60
> recursor=127.0.0.1
> query-local-address6=
> 
> NB! recursor is not running.
> 
> pdns-master mysql information:
> 
> mysql> select * from domains;
> id      name    master  last_check      type    notified_serial account
> 1       test.com        NULL    NULL    MASTER  1363693953      NULL
> 
> mysql> select * from records;
> id      domain_id       name    type    content ttl     prio
> change_date    ordername        auth
> 1       1       test.com        SOA     dns1.test.com root at test.com 0
> 86400  NULL     NULL    NULL    NULL
> 2       1       test.com        NS      dns1.test.com   86400   NULL
> 1363693952      NULL    NULL
> 3       1       test.com        NS      dns2.test.com   86400   NULL
> 1363693952      NULL    NULL
> 4       1       www.test.com    A       192.168.1.12    120     NULL
> 1363693952      NULL    NULL
> 5       1       mail.test.com   A       192.168.1.12    120     NULL
> 1363693952      NULL    NULL
> 6       1       dns1.test.com   A       192.168.1.11    120     NULL
> 1363693952      NULL    NULL
> 7       1       dns2.test.com   A       192.168.1.10    120     NULL
> 1363693952      NULL    NULL
> 8       1       test.com        MX      mail.test.com   120     25
> 1363693953      NULL    NULL
> 
> mysql> select * from domainmetadata;
> id      domain_id       kind    content
> 1       1       ALLOW-AXFR-FROM AUTO-NS
> AXFR queries should be allowd onlly from server, which are in
> test.comdomain NS records.
> I will AXFR query from pdns-slave, which has IP 192.168.1.11 and it is
> configured as NS record in test.ccom domain and it should get correct axfr
> query answer.
> I also try AXFR query from pdns-test, which has IP 192.168.1.12 and it's
> not configured as NS record in test.com domain and this server should get
> transfer failure message from pdns-master server. powerdns daemon is
> running with monitor flag, which gives debug output from servers side.
> 
> AXFR query from pdns-slave 192.168.1.11 server:
> 
> [root at pdns-slave ~]# dig axfr test.com @192.168.1.10
> 
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> axfr test.com @
> 192.168.1.10
> ;; global options:  printcmd
> test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
> 1363693953 10800 3600 604800 3600
> test.com.               86400   IN      NS      dns1.test.com.
> test.com.               86400   IN      NS      dns2.test.com.
> www.test.com.           120     IN      A       192.168.1.12
> mail.test.com.          120     IN      A       192.168.1.12
> dns1.test.com.          120     IN      A       192.168.1.11
> dns2.test.com.          120     IN      A       192.168.1.10
> test.com.               120     IN      MX      25 mail.test.com.
> test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
> 1363693953 10800 3600 604800 3600
> ;; Query time: 12 msec
> ;; SERVER: 192.168.1.10#53(192.168.1.10)
> ;; WHEN: Tue Mar 19 13:24:06 2013
> ;; XFR size: 9 records (messages 3)
> 
> Powerdns log output in pdns-master server:
> 
> Mar 19 13:24:06 AXFR of domain 'test.com' initiated by 192.168.1.11
> Mar 19 13:24:06 AXFR of domain 'test.com' allowed: client IP 192.168.1.11
> is in allow-axfr-ips
> Mar 19 13:24:06 gmysql Connection successful
> Mar 19 13:24:06 gmysql Connection successful
> Mar 19 13:24:06 AXFR of domain 'test.com' to 192.168.1.11 finished
> 
> AXFR query from pdns-test 192.168.1.12 server:
> 
> [root at pdns-test ~]# dig axfr test.com @192.168.1.10
> 
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> axfr test.com @
> 192.168.1.10
> ;; global options:  printcmd
> test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
> 1363693953 10800 3600 604800 3600
> test.com.               86400   IN      NS      dns1.test.com.
> test.com.               86400   IN      NS      dns2.test.com.
> www.test.com.           120     IN      A       192.168.1.12
> mail.test.com.          120     IN      A       192.168.1.12
> dns1.test.com.          120     IN      A       192.168.1.11
> dns2.test.com.          120     IN      A       192.168.1.10
> test.com.               120     IN      MX      25 mail.test.com.
> test.com.               86400   IN      SOA     dns1.test.com. root.test.com.
> 1363693953 10800 3600 604800 3600
> ;; Query time: 17 msec
> ;; SERVER: 192.168.1.10#53(192.168.1.10)
> ;; WHEN: Tue Mar 19 13:25:50 2013
> ;; XFR size: 9 records (messages 3)
> 
> 
> Powerdns log output in pdns-master server:
> 
> Mar 19 13:25:50 AXFR of domain 'test.com' initiated by 192.168.1.12
> Mar 19 13:25:50 AXFR of domain 'test.com' allowed: client IP 192.168.1.12
> is in allow-axfr-ips
> Mar 19 13:25:50 gmysql Connection successful
> Mar 19 13:25:50 gmysql Connection successful
> Mar 19 13:25:50 AXFR of domain 'test.com' to 192.168.1.12 finished
> 
> As seen from abowe, AXFR ACL's per domain is not working. Am I missing some
> configuration or I'm doing something very wrong?
> Please help.
> 
> NB! English is not my native language, so appologies if there are mistakes.
> 
> Thanks in advance!
> Margus Kiting

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



From jigneshmpatel at gmail.com  Tue Mar 19 12:17:38 2013
From: jigneshmpatel at gmail.com (Jignesh Patel)
Date: Tue, 19 Mar 2013 08:17:38 -0400
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <514817EC.8030404@admin.noa.gr>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
	<CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
	<514793FB.9010800@admin.noa.gr>
	<CAHTx_0yoeeZiVkJ3D5d40TEi4gxGhHkSQNyQ-h2Yq=sWiz4W8A@mail.gmail.com>
	<514817EC.8030404@admin.noa.gr>
Message-ID: <CAHTx_0wgbVpcU9_T6ago0knLBh7xUZqu7DTZHv3PLQcPHBK6aA@mail.gmail.com>

Nick,

For the UI my question is in the context of PDNS, not for LDAP UI.
Is there any UI which can work PDNS(with LDAP). I am definitely going to
install phpLDAPAdmin, but is that sufficient?
Also how to setup DNS SRV recrod in LDAP and link with PDNS.
Like my email id jignehsmpatel at gmail.com, now when I create a certificate
for me, how do insert SRV record for the same.

-jigensh

On Tue, Mar 19, 2013 at 3:46 AM, Nikolaos Milas <nmilas at admin.noa.gr> wrote:

> On 19/3/2013 3:15 πμ, Jignesh Patel wrote:
>
>  Looks like pdns works with LDAP. Thanks to Beñat for his kind assistance
>> to suggest removing white spaces after "=".
>>
>
> Please report here how it behaves (errors etc.).
>
>
>  Now I am seeing for efficient UI to view content.
>>
>
> Besides JXplorer and phpLDAPadmin, we are using a custom php-based
> application (which is tailored to our zones, so it's not suitable for
> general use).
>
> Best regards,
>
> Nick
> ______________________________**_________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.**com <Pdns-users at mailman.powerdns.com>
> http://mailman.powerdns.com/**mailman/listinfo/pdns-users<http://mailman.powerdns.com/mailman/listinfo/pdns-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/e6d4775e/attachment-0001.html>

From jigneshmpatel at gmail.com  Tue Mar 19 12:23:01 2013
From: jigneshmpatel at gmail.com (Jignesh Patel)
Date: Tue, 19 Mar 2013 08:23:01 -0400
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <CAHTx_0wgbVpcU9_T6ago0knLBh7xUZqu7DTZHv3PLQcPHBK6aA@mail.gmail.com>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
	<CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
	<514793FB.9010800@admin.noa.gr>
	<CAHTx_0yoeeZiVkJ3D5d40TEi4gxGhHkSQNyQ-h2Yq=sWiz4W8A@mail.gmail.com>
	<514817EC.8030404@admin.noa.gr>
	<CAHTx_0wgbVpcU9_T6ago0knLBh7xUZqu7DTZHv3PLQcPHBK6aA@mail.gmail.com>
Message-ID: <CAHTx_0wi+yPbFLCi0nr8+p6C2DzB+CJXPaoNiTsttbCNsyPUxw@mail.gmail.com>

Nick,

The question is updated as inlined.

-Jignesh

On Tue, Mar 19, 2013 at 8:17 AM, Jignesh Patel <jigneshmpatel at gmail.com>wrote:

> Nick,
>
> For the UI my question is in the context of PDNS, not for LDAP UI.
> Is there any UI which can work PDNS(with LDAP). I am definitely going to
> install phpLDAPAdmin, but is that sufficient?
> Also how to setup DNS SRV recrod in LDAP and link with PDNS.
> Like my email id jignehsmpatel at gmail.com, now when I create a certificate
> for me, how do insert SRV record for the same.
>

Also instead of
 BDB --> LDAP --> PDNS

can I make following structure working?

  Postgres --> LDAP
  Postgres --> PDNS

-Jignesh

>
> -jigensh
>
> On Tue, Mar 19, 2013 at 3:46 AM, Nikolaos Milas <nmilas at admin.noa.gr>wrote:
>
>> On 19/3/2013 3:15 πμ, Jignesh Patel wrote:
>>
>>  Looks like pdns works with LDAP. Thanks to Beñat for his kind assistance
>>> to suggest removing white spaces after "=".
>>>
>>
>> Please report here how it behaves (errors etc.).
>>
>>
>>  Now I am seeing for efficient UI to view content.
>>>
>>
>> Besides JXplorer and phpLDAPadmin, we are using a custom php-based
>> application (which is tailored to our zones, so it's not suitable for
>> general use).
>>
>> Best regards,
>>
>> Nick
>> ______________________________**_________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.**com <Pdns-users at mailman.powerdns.com>
>> http://mailman.powerdns.com/**mailman/listinfo/pdns-users<http://mailman.powerdns.com/mailman/listinfo/pdns-users>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/caf43751/attachment-0001.html>

From bert.hubert at netherlabs.nl  Tue Mar 19 16:02:51 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Tue, 19 Mar 2013 17:02:51 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <5148841C.7050100@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>
Message-ID: <20130319160251.GA2335@xs.powerdns.com>

On Tue, Mar 19, 2013 at 05:28:28PM +0200, Nikolaos Milas wrote:
>     CXXFLAGS="${CXXFLAGS} -I/usr/local/openldap/include"
>     LDFLAGS="${LDFLAGS} -L/usr/local/openldap/lib64 -lldap -llber"

Can you try LIBS=-L/usr/local/openldap/lib64 ./configure ...
?

And can you double check a libldap.so lives there?

	Bert

-- 
PowerDNS Website: http://www.powerdns.com/
Contact us by phone on +31-15-7850372



From nmilas at admin.noa.gr  Tue Mar 19 16:08:21 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Tue, 19 Mar 2013 18:08:21 +0200
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
	libraries/headers
In-Reply-To: <5148841C.7050100@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>
Message-ID: <51488D75.5050903@admin.noa.gr>

On 19/3/2013 5:28 μμ, Nikolaos Milas wrote:

> Can you please guide me on how to adapt the spec file so as to build 
> correctly using the custom ldap libraries / headers?

Hmm, actually now that I tried to build using even the standard CentOS 6 
RPMs/libs/headers/, it still fails at the same point.

So, am I doing something wrong? Please advise.

Thanks,
Nick



From nmilas at admin.noa.gr  Tue Mar 19 18:13:12 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Tue, 19 Mar 2013 20:13:12 +0200
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
	libraries/headers
In-Reply-To: <20130319160251.GA2335@xs.powerdns.com>
References: <5148841C.7050100@admin.noa.gr>
	<20130319160251.GA2335@xs.powerdns.com>
Message-ID: <5148AAB8.80605@admin.noa.gr>

On 19/3/2013 6:02 μμ, bert hubert wrote:

> Can you try LIBS=-L/usr/local/openldap/lib64 ./configure ...
> ?
>
> And can you double check a libldap.so lives there?

Thanks,

I just tried:

    LIBS="-L/usr/local/openldap/lib64"

and (just in case):

    LIBS="${LIBS} -L/usr/local/openldap/lib64"

but it always fails:

    checking ldap.h usability... yes
    checking ldap.h presence... yes
    checking for ldap.h... yes
    checking lber.h usability... yes
    checking lber.h presence... yes
    checking for lber.h... yes
    checking for ldap_set_option in -lldap_r... no
    checking for ldap_set_option in -lldap... no
    configure: error: ldap library (libldap) not found
    error: Bad exit status from /var/tmp/rpm-tmp.Ng5O8F (%build)


    RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.Ng5O8F (%build)

although:

    $ ls -la /usr/local/openldap/lib64
    total 4368
    drwxr-xr-x. 2 ldap ldap 4096 Sep 21 23:20 .
    drwxr-xr-x. 10 ldap ldap 4096 Sep 21 23:20 ..
    lrwxrwxrwx. 1 ldap ldap 20 Sep 21 23:20 liblber-2.4.so.2 ->
    liblber-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 160919 Sep 21 23:14 liblber-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 101556 Sep 21 23:15 liblber.a
    -rw-r--r--. 1 ldap ldap 864 Sep 21 23:14 liblber.la
    lrwxrwxrwx. 1 ldap ldap 20 Sep 21 23:20 liblber.so ->
    liblber-2.4.so.2.8.4
    lrwxrwxrwx. 1 ldap ldap 20 Sep 21 23:20 libldap-2.4.so.2 ->
    libldap-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 1121334 Sep 21 23:14 libldap-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 543372 Sep 21 23:15 libldap.a
    -rw-r--r--. 1 ldap ldap 924 Sep 21 23:14 libldap.la
    lrwxrwxrwx. 1 ldap ldap 22 Sep 21 23:20 libldap_r-2.4.so.2 ->
    libldap_r-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 1230174 Sep 21 23:14 libldap_r-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 602292 Sep 21 23:15 libldap_r.a
    -rw-r--r--. 1 ldap ldap 947 Sep 21 23:14 libldap_r.la
    lrwxrwxrwx. 1 ldap ldap 22 Sep 21 23:20 libldap_r.so ->
    libldap_r-2.4.so.2.8.4
    lrwxrwxrwx. 1 ldap ldap 20 Sep 21 23:20 libldap.so ->
    libldap-2.4.so.2.8.4
    lrwxrwxrwx. 1 ldap ldap 21 Sep 21 23:20 libslapi-2.4.so.2 ->
    libslapi-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 464586 Sep 21 23:14 libslapi-2.4.so.2.8.4
    -rw-r--r--. 1 ldap ldap 207304 Sep 21 23:15 libslapi.a
    -rw-r--r--. 1 ldap ldap 862 Sep 21 23:14 libslapi.la
    lrwxrwxrwx. 1 ldap ldap 21 Sep 21 23:20 libslapi.so ->
    libslapi-2.4.so.2.8.4

But, as I mentioned, it even fails without any change in the spec file, 
simply trying to build with the standard CentOS 6 OpenLDAP packages. In 
that case, it should be using the default system lib dir:

    $ ls -la /usr/lib64/ | grep ldap
    drwxr-xr-x. 4 root root 4096 Mar 11 16:06 evolution-openldap
    lrwxrwxrwx. 1 root root 10 Sep 21 15:16 libldap-2.4.so.2 -> libldap.so
    lrwxrwxrwx. 1 root root 12 Sep 21 15:16 libldap_r-2.4.so.2 ->
    libldap_r.so
    lrwxrwxrwx 1 root root 29 Mar 11 16:06 libldap_r.so ->
    /lib64/libldap_r-2.4.so.2.5.6
    lrwxrwxrwx 1 root root 27 Mar 11 16:06 libldap.so ->
    /lib64/libldap-2.4.so.2.5.6
    -rwxr-xr-x 1 root root 40320 Feb 22 09:49 libsmbldap.so.0

Any other ideas?

Thanks,
Nick



From chieff7 at gmail.com  Tue Mar 19 21:41:08 2013
From: chieff7 at gmail.com (Ron Tsoref)
Date: Tue, 19 Mar 2013 23:41:08 +0200
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <20130318105606.GC14649@torres.zugschlus.de>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
	<20130318105606.GC14649@torres.zugschlus.de>
Message-ID: <CAEFjY2txpUKROQihn926YTX8C=aNVgVe68HzD2EarxvNbiRbqQ@mail.gmail.com>

The PipeBackend seems easy to implement.  Does anyone actually use a
PipeBackend in production and can share some general performance
information? Is it much slower than other backends?


On Mon, Mar 18, 2013 at 12:56 PM, Marc Haber <mh+pdns-users at zugschlus.de>wrote:

> On Sun, Mar 17, 2013 at 06:03:44PM +0300, Odhiambo Washington wrote:
> > Does PowerDNS support "views", in some way?
>
> If you look for something that is the same as bind views, the answer
> is no, unfortunately. Same goes for ACLs.
>
> Greetings
> Marc
>
> --
>
> -----------------------------------------------------------------------------
> Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
> Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
> Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/02f11470/attachment-0001.html>

From anthonyeden at gmail.com  Tue Mar 19 21:48:40 2013
From: anthonyeden at gmail.com (Anthony Eden)
Date: Tue, 19 Mar 2013 22:48:40 +0100
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <CAEFjY2txpUKROQihn926YTX8C=aNVgVe68HzD2EarxvNbiRbqQ@mail.gmail.com>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
	<20130318105606.GC14649@torres.zugschlus.de>
	<CAEFjY2txpUKROQihn926YTX8C=aNVgVe68HzD2EarxvNbiRbqQ@mail.gmail.com>
Message-ID: <CABcU2EH9XgNk_FW=23s1hbEZ1G0CumnwmxKrttvxX0q7WZdosw@mail.gmail.com>

We use it at DNSimple, with Ruby. Since it's run as a coprocess we get
quite good performance out of it. Definitely will be slower than other
backends if you're using an interpreted language with a relatively slow
runtime, but still quite usable. Keep scripts simple and short circuit
returns as often as possible is the most important advice.

I'm actually thinking I'd like to try a pipe backend with Go at some point
to see how that works out.

-Anthony

On Tue, Mar 19, 2013 at 10:41 PM, Ron Tsoref <chieff7 at gmail.com> wrote:

> The PipeBackend seems easy to implement.  Does anyone actually use a
> PipeBackend in production and can share some general performance
> information? Is it much slower than other backends?
>
>
> On Mon, Mar 18, 2013 at 12:56 PM, Marc Haber <mh+pdns-users at zugschlus.de>wrote:
>
>> On Sun, Mar 17, 2013 at 06:03:44PM +0300, Odhiambo Washington wrote:
>> > Does PowerDNS support "views", in some way?
>>
>> If you look for something that is the same as bind views, the answer
>> is no, unfortunately. Same goes for ACLs.
>>
>> Greetings
>> Marc
>>
>> --
>>
>> -----------------------------------------------------------------------------
>> Marc Haber         | "I don't trust Computers. They | Mailadresse im
>> Header
>> Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621
>> 31958061
>> Nordisch by Nature |  How to make an American Quilt | Fax: *49 621
>> 31958062
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>


-- 
http://anthonyeden.com | twitter: @aeden | skype: anthonyeden
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/32f3d603/attachment-0001.html>

From bert.hubert at netherlabs.nl  Tue Mar 19 21:56:32 2013
From: bert.hubert at netherlabs.nl (bert hubert)
Date: Tue, 19 Mar 2013 22:56:32 +0100
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <CAEFjY2txpUKROQihn926YTX8C=aNVgVe68HzD2EarxvNbiRbqQ@mail.gmail.com>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
	<20130318105606.GC14649@torres.zugschlus.de>
	<CAEFjY2txpUKROQihn926YTX8C=aNVgVe68HzD2EarxvNbiRbqQ@mail.gmail.com>
Message-ID: <082A5E85-6FD8-49CF-9C18-9CCF81112AA3@netherlabs.nl>

On Mar 19, 2013, at 10:41 PM, Ron Tsoref wrote:

> The PipeBackend seems easy to implement.  Does anyone actually use a PipeBackend in production and can share some general performance information? Is it much slower than other backends?
> 

We've been able to squeeze 50000 qps out of a pipe backend. On a philosophical note, pipes are likely to be faster than TCP/IP, and SQL marshalling/unmarshaling is not free either.

People associate 'text based' with slow, but most SQL protocols are just as parsed, or even more so.

The pipe backend does have a performance bottleneck in 3.2 if you specify a timeout, see http://wiki.powerdns.com/trac/ticket/661

	Bert

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130319/85280ad8/attachment-0001.html>

From nmilas at admin.noa.gr  Wed Mar 20 09:09:52 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Wed, 20 Mar 2013 11:09:52 +0200
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
	libraries/headers
In-Reply-To: <5148AAB8.80605@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>
	<20130319160251.GA2335@xs.powerdns.com>
	<5148AAB8.80605@admin.noa.gr>
Message-ID: <51497CE0.50100@admin.noa.gr>

On 19/3/2013 8:13 μμ, Nikolaos Milas wrote:

> But, as I mentioned, it even fails without any change in the spec
> file, simply trying to build with the standard CentOS 6 OpenLDAP
> packages. In that case, it should be using the default system lib dir:

In the meantime, I tried building PowerDNS 3.2 on CentOS 5.9 x86_64 
using 
http://www.monshouwer.eu/download/3rd_party/pdns-server/el5/SRPMS/pdns-server-3.2-1.el5.MIND.src.rpm 
and this worked fine with the standard CentOS OpenLDAP libs.

However, building using:

    LIBS="-L/usr/local/openldap/lib64"

    %build
    %configure \
         --sysconfdir=%{_sysconfdir}/powerdns \
         --libdir=%{_libdir} \
         --with-sqlite3 \
         --with-socketdir=/var/run/pdns-server \
         --with-modules="" \
         --with-dynmodules="pipe gmysql gpgsql gsqlite3 ldap"
    %{__make}

I am not sure it produces the required result:
...
/bin/sh ../../libtool --tag=CXX   --mode=link g++  -D_GNU_SOURCE -O2 -g 
-pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic -module -avoid-version 
-lrt -o libldapbackend.la -rpath /usr/lib64 ldapbackend.lo powerldap.lo 
-lldap_r -lz
...

I understand that the compiler probably still uses: /usr/lib64/ for ldap 
libs, although we instructed (?) it to use ldap libs from 
/usr/local/openldap/lib64.

So, there remain two questions:

1. How to build properly with custom LDAP libs?
2. Why we can't build correctly under CentOS 6, but only under CentOS 5?

Regards,
Nick



From miguel.mirandag at gmail.com  Wed Mar 20 15:03:03 2013
From: miguel.mirandag at gmail.com (Miguel Miranda)
Date: Wed, 20 Mar 2013 09:03:03 -0600
Subject: [Pdns-users] backend time out errors
In-Reply-To: <46E2C096-367F-4305-9A83-934CE509E58D@netherlabs.nl>
References: <CAGwP77NmS3i=XKe4mB8_dwWGL-YRCU_RXTu0mBMAmeN3Enk17g@mail.gmail.com>
	<46E2C096-367F-4305-9A83-934CE509E58D@netherlabs.nl>
Message-ID: <CAGwP77PT0zg5Enjt05xY-F=JKu9PnZRw_t4o9UY40=11eVUvTQ@mail.gmail.com>

Ok thanks Peter, im was curious about the error because  i dont have any
complaints from my customers.
.

On Tue, Mar 19, 2013 at 1:59 AM, Peter van Dijk <
peter.van.dijk at netherlabs.nl> wrote:

> Hello Miguel,
>
> On Mar 18, 2013, at 21:24 , Miguel Miranda wrote:
>
> > Hello to all, im getting several timeout errors in a recenly installed
> powerdns 3.1 server, this is autoritative/resolver server, pns running in
> public interface and resolver running in localhost, this is the error:
> >
> > Recursive query for remote x.x.x.x:1044 with internal id 180 was not
> answered by backend within timeout, reusing id
>
> This is about a forwarded recursive query. Recursive queries time out all
> the time, because various name servers on the Internet are down or slow.
>
> > im using mysql backend. this is a powerfull server, 2 x quad core
> running centos 64 bit, 32 gb ram.
> >
> > i tunned mysql using the my-huge example, so i dont think this is a db
> problem, but may be im wring, what should i check to isolate the problem?
>
> This is not a MySQL issue - this is for queries that were -not- answered
> from your database.
>
> Unless you are actually having trouble resolving various names via the
> recursor, and think this is not okay, there is no problem.
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130320/960230d9/attachment-0001.html>

From tripivceta at hotmail.com  Wed Mar 20 18:25:36 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 20 Mar 2013 19:25:36 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <51497CE0.50100@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>,
	<20130319160251.GA2335@xs.powerdns.com>,
	<5148AAB8.80605@admin.noa.gr>, <51497CE0.50100@admin.noa.gr>
Message-ID: <DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>

>     LIBS="-L/usr/local/openldap/lib64"

What makes you believe that anything would pay attention to $LIBS? Did you see this in the code or documentation somewhere?
>     %build
>     %configure \
>          --sysconfdir=%{_sysconfdir}/powerdns \
>          --libdir=%{_libdir} \
>          --with-sqlite3 \
>          --with-socketdir=/var/run/pdns-server \
>          --with-modules="" \
>          --with-dynmodules="pipe gmysql gpgsql gsqlite3 ldap"
>     %{__make}
> 
> I am not sure it produces the required result:
> ...
> /bin/sh ../../libtool --tag=CXX   --mode=link g++  -D_GNU_SOURCE -O2 -g 
> -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
> --param=ssp-buffer-size=4 -m64 -mtune=generic -module -avoid-version 
> -lrt -o libldapbackend.la -rpath /usr/lib64 ldapbackend.lo powerldap.lo 
> -lldap_r -lz
> ...
> 
> I understand that the compiler probably still uses: /usr/lib64/ for ldap 
> libs, although we instructed (?) it to use ldap libs from 
> /usr/local/openldap/lib64.
> 
> So, there remain two questions:
> 
> 1. How to build properly with custom LDAP libs?
You need to pass --libdir=/usr/local/openldap/lib64 on the %configure line.
By the way, the correct place to put 3rd party and unbundled applications, even on GNU/Linux and especially on CentOS is /opt, in your case /opt/openldap. Configuration should go in /etc/opt/openldap, and data in /var/opt/openldap. These are controlled by --prefix=/opt/openldap --sysconfdir=/etc/opt/openldap --datadir=/var/opt/openldap when OpenLDAP is being built. OpenLDAP's ./configure might have additional switches for this.
Reference:
http://www.pathname.com/fhs/pub/fhs-2.3.html 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130320/d3d20301/attachment-0001.html>

From tripivceta at hotmail.com  Wed Mar 20 18:38:59 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 20 Mar 2013 19:38:59 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <51488D75.5050903@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>,<51488D75.5050903@admin.noa.gr>
Message-ID: <DUB109-W4900A087F9E2CAF0F9BECBDCEA0@phx.gbl>

> Hmm, actually now that I tried to build using even the standard CentOS 6 
> RPMs/libs/headers/, it still fails at the same point.
> 
> So, am I doing something wrong? Please advise.

What does "config.log" say regarding ldap? 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130320/8fe9566e/attachment-0001.html>

From nmilas at admin.noa.gr  Thu Mar 21 07:49:55 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Thu, 21 Mar 2013 09:49:55 +0200
Subject: [Pdns-users] installing ldap as backend
In-Reply-To: <CAHTx_0zckGX3rXQ8NHkxeCVzBaMy4Mu2ZNuyEK1xDnOhQZRMZQ@mail.gmail.com>
References: <CAHTx_0x2SJ_Q_N0GiST3SJdzj_jQytpOpcV7=iQPMP+Sja9_RA@mail.gmail.com>
	<B6F539FD-67A4-4FB1-877E-BDEC84533BDD@netherlabs.nl>
	<CAHTx_0xU2=YtpTkse9Gm-pHZ0EANuZEYurDfPFqSRMhj4iP2PQ@mail.gmail.com>
	<514793FB.9010800@admin.noa.gr>
	<CAHTx_0yoeeZiVkJ3D5d40TEi4gxGhHkSQNyQ-h2Yq=sWiz4W8A@mail.gmail.com>
	<514817EC.8030404@admin.noa.gr>
	<CAHTx_0wgbVpcU9_T6ago0knLBh7xUZqu7DTZHv3PLQcPHBK6aA@mail.gmail.com>
	<CAHTx_0wi+yPbFLCi0nr8+p6C2DzB+CJXPaoNiTsttbCNsyPUxw@mail.gmail.com>
	<51485C1E.4010504@admin.noa.gr>
	<CAHTx_0zckGX3rXQ8NHkxeCVzBaMy4Mu2ZNuyEK1xDnOhQZRMZQ@mail.gmail.com>
Message-ID: <514ABBA3.5010700@admin.noa.gr>

On 19/3/2013 3:21 μμ, Jignesh Patel wrote:

>
>     This
>     <http://www.ossramblings.com/creating-srv-records-powerdns> talks
>     about creating SRV records at org level, I would like to create an
>     individual user level(i.e. ou=people).
>
>

Sorry, I don't know about that.

>
>     You mean you would want to use PostgreSQL as backend for OpenLDAP
>     and PDNS? The latter is possible, the former I doubt. Yet, I am
>     not an expert on the issue.
>
>
> Thanks. The former is default setup as LDAP by default uses BDB.

True. If you have your primary data in an SQL db and you want to use 
LDAP as well (or the opposite), you may want to check the LDAP 
Synchronization Connector: http://lsc-project.org/

Your OpenLDAP would use any backend (these days preferably MDB).

Nick



From nmilas at admin.noa.gr  Thu Mar 21 08:46:20 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Thu, 21 Mar 2013 10:46:20 +0200
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
	libraries/headers
In-Reply-To: <DUB109-W4900A087F9E2CAF0F9BECBDCEA0@phx.gbl>
References: <5148841C.7050100@admin.noa.gr>, <51488D75.5050903@admin.noa.gr>
	<DUB109-W4900A087F9E2CAF0F9BECBDCEA0@phx.gbl>
Message-ID: <514AC8DC.6070306@admin.noa.gr>

On 20/3/2013 8:38 μμ, a b wrote:

> What does "config.log" say regarding ldap?

Thanks for the reply.

Please, see below.

Thanks,
Nick

=======================================================
...
configure:18499: checking ldap.h usability
configure:18499: g++ -c -D_GNU_SOURCE -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic conftest.cpp >&5
configure:18499: $? = 0
configure:18499: result: yes
configure:18499: checking ldap.h presence
configure:18499: g++ -E conftest.cpp
configure:18499: $? = 0
configure:18499: result: yes
configure:18499: checking for ldap.h
configure:18499: result: yes
configure:18513: checking lber.h usability
configure:18513: g++ -c -D_GNU_SOURCE -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic conftest.cpp >&5
configure:18513: $? = 0
configure:18513: result: yes
configure:18513: checking lber.h presence
configure:18513: g++ -E conftest.cpp
configure:18513: $? = 0
configure:18513: result: yes
configure:18513: checking for lber.h
configure:18513: result: yes
configure:18526: checking for ldap_set_option in -lldap_r
configure:18551: g++ -o conftest -D_GNU_SOURCE -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic -lrt c$
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../lib64/libldap_r.so: 
undefined reference to `ber_sockbuf_io_udp'
collect2: ld returned 1 exit status
configure:18551: $? = 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE_URL ""
| #define PACKAGE "pdns"
| #define VERSION "3.2"
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define YYTEXT_POINTER 1
| #define HAVE_DLFCN_H 1
| #define LT_OBJDIR ".libs/"
| #define HAVE_BOOST 1
| #define HAVE_BOOST_FOREACH_HPP 1
| #define HAVE_BOOST_PROGRAM_OPTIONS_HPP 1
| #define HAVE_BOOST_ARCHIVE_TEXT_OARCHIVE_HPP 1
| #define HAVE_LUA 1
| #define HAVE_LUA_H 1
| #define STDC_HEADERS 1
| #define HAVE_FCNTL_H 1
| #define HAVE_GETOPT_H 1
| #define HAVE_LIMITS_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_SYS_TIME_H 1
| #define HAVE_SYSLOG_H 1
| #define HAVE_UNISTD_H 1
| #define TIME_WITH_SYS_TIME 1
| #define RETSIGTYPE void
| #define HAVE_GETHOSTNAME 1
| #define HAVE_GETTIMEOFDAY 1
| #define HAVE_MKDIR 1
| #define HAVE_MKTIME 1
| #define HAVE_SELECT 1
| #define HAVE_SOCKET 1
| #define HAVE_STRERROR 1
| #define HAVE_STRCASESTR 1
| #define HAVE_LIBDL 1
| #define HAVE_LIBCRYPT 1
| #define HAVE_IPV6 1
| #define HAVE_LDAP_H 1
| #define HAVE_LBER_H 1
| /* end confdefs.h. */
|
| /* Override any GCC internal prototype to avoid an error.
| Use char because int might match the return type of a GCC
| builtin and then its argument prototype would still apply. */
| #ifdef __cplusplus
| extern "C"
| #endif
| char ldap_set_option ();
| int
| main ()
| {
| return ldap_set_option ();
| ;
| return 0;
| }
configure:18560: result: no
configure:18567: checking for ldap_set_option in -lldap
configure:18592: g++ -o conftest -D_GNU_SOURCE -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic -lrt c$
/usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../lib64/libldap.so: 
undefined reference to `ber_sockbuf_io_udp'
collect2: ld returned 1 exit status
configure:18592: $? = 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE_URL ""
| #define PACKAGE "pdns"
| #define VERSION "3.2"
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define YYTEXT_POINTER 1
| #define HAVE_DLFCN_H 1
| #define LT_OBJDIR ".libs/"
| #define HAVE_BOOST 1
| #define HAVE_BOOST_FOREACH_HPP 1
| #define HAVE_BOOST_PROGRAM_OPTIONS_HPP 1
| #define HAVE_BOOST_ARCHIVE_TEXT_OARCHIVE_HPP 1
| #define HAVE_LUA 1
| #define HAVE_LUA_H 1
| #define STDC_HEADERS 1
| #define HAVE_FCNTL_H 1
| #define HAVE_GETOPT_H 1
| #define HAVE_LIMITS_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_SYS_TIME_H 1
| #define HAVE_SYSLOG_H 1
| #define HAVE_UNISTD_H 1
| #define TIME_WITH_SYS_TIME 1
| #define RETSIGTYPE void
| #define HAVE_GETHOSTNAME 1
| #define HAVE_GETTIMEOFDAY 1
| #define HAVE_MKDIR 1
| #define HAVE_MKTIME 1
| #define HAVE_SELECT 1
| #define HAVE_SOCKET 1
| #define HAVE_STRERROR 1
| #define HAVE_STRCASESTR 1
| #define HAVE_LIBDL 1
| #define HAVE_LIBCRYPT 1
| #define HAVE_IPV6 1
| #define HAVE_LDAP_H 1
| #define HAVE_LBER_H 1
| /* end confdefs.h. */
|
| /* Override any GCC internal prototype to avoid an error.
| Use char because int might match the return type of a GCC
| builtin and then its argument prototype would still apply. */
| #ifdef __cplusplus
| extern "C"
| #endif
| char ldap_set_option ();
| int
| main ()
| {
| return ldap_set_option ();
| ;
| return 0;
| }
configure:18601: result: no
configure:18608: error: ldap library (libldap) not found




From nmilas at admin.noa.gr  Thu Mar 21 10:36:18 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Thu, 21 Mar 2013 12:36:18 +0200
Subject: [Pdns-users] Testing master functionality on ldap backend
Message-ID: <514AE2A2.4010305@admin.noa.gr>

Hello,

I am testing the new ldap backend 
(http://repo.or.cz/w/pdns-ldap-backend.git) under pdns v3.2 on CentOS 
6.4 x86_64

I have a question: It seems the master is sending duplicate 
notifications to the slave, both at the IPv4 and at the IPv6 address.

Is this expected behavior? Please explain.

Test details follow.

The test master server is vmres.noa.gr with:

    ...
    local-address=127.0.0.1 194.177.195.158
    local-ipv6=::1 2001:648:2011:14::158
    ...

The slave runs at:

    vdev.noa.gr
    195.251.204.232
    2001:648:2011:10::232

Here is the master zone, as queried:

# dig ANY 204.251.195.in-addr.arpa @194.177.195.158

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6.3 <<>> ANY 
204.251.195.in-addr.arpa @194.177.195.158
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39168
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;204.251.195.in-addr.arpa.      IN      ANY

;; ANSWER SECTION:
204.251.195.in-addr.arpa. 86400 IN      NS      vdev.noa.gr.
204.251.195.in-addr.arpa. 86400 IN      NS      vmres.noa.gr.
204.251.195.in-addr.arpa. 86400 IN      SOA     vmres.noa.gr. 
sysadmin.noa.gr. 2013032002 86400 180 1209600 3600

;; ADDITIONAL SECTION:
vdev.noa.gr.            86400   IN      A       195.251.204.232
vdev.noa.gr.            86400   IN      AAAA    2001:648:2011:10::232

;; Query time: 2 msec
;; SERVER: 194.177.195.158#53(194.177.195.158)
;; WHEN: Thu Mar 21 12:21:55 2013
;; MSG SIZE  rcvd: 176

Some logs after zone change, for reference:

Mar 20 20:21:28 vmres pdns[9128]: 1 domain for which we are master needs 
notifications
Mar 20 20:21:28 vmres pdns[9128]: Queued notification of domain 
'204.251.195.in-addr.arpa' to 195.251.204.232
Mar 20 20:21:28 vmres pdns[9128]: Queued notification of domain 
'204.251.195.in-addr.arpa' to 2001:648:2011:10::232
...
Mar 20 20:21:28 vmres pdns[9128]: AXFR of domain 
'204.251.195.in-addr.arpa' initiated by 195.251.204.232
Mar 20 20:21:28 vmres pdns[9128]: AXFR of domain 
'204.251.195.in-addr.arpa' allowed: client IP 195.251.204.232 is in 
allow-axfr-ips
...
Mar 20 20:21:28 vmres pdns[9128]: AXFR of domain 
'204.251.195.in-addr.arpa' to 195.251.204.232 finished
...
Mar 20 20:21:29 vmres pdns[9128]: Removed from notification list: 
'204.251.195.in-addr.arpa' to 195.251.204.232:53 (was acknowledged)

Thanks and Regards,
Nick



From nmilas at admin.noa.gr  Thu Mar 21 12:36:35 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Thu, 21 Mar 2013 14:36:35 +0200
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
	libraries/headers
In-Reply-To: <DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>
References: <5148841C.7050100@admin.noa.gr>,
	<20130319160251.GA2335@xs.powerdns.com>,
	<5148AAB8.80605@admin.noa.gr>, <51497CE0.50100@admin.noa.gr>
	<DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>
Message-ID: <514AFED3.2030804@admin.noa.gr>

On 20/3/2013 8:25 μμ, a b wrote:

> You need to pass --libdir=/usr/local/openldap/lib64 on the %configure 
> line.

Tried that, but the same error occurred.

    %configure \
    --sysconfdir=%{_sysconfdir}/powerdns \
    --libdir=/usr/local/openldap/lib64 \
    --with-sqlite3 \
    --with-socketdir=/var/run/pdns-server \
    --with-modules="" \
    --with-dynmodules="pipe gmysql gpgsql gsqlite3 ldap"
    %{__make}

Due to the fact that in the beginning it was:

    --libdir=%{_libdir}

...I am thinking I should use multiple paths, like:

    --libdir=%{_libdir},/usr/local/openldap/lib64

Is it supported?

But ideally I would like to force the use of /usr/local/openldap/lib64 
ONLY for LDAP libs. Can't I declare that explicitly somehow?

Thanks,
Nick




From margus.kiting at gmail.com  Thu Mar 21 14:18:49 2013
From: margus.kiting at gmail.com (Margus Kiting)
Date: Thu, 21 Mar 2013 16:18:49 +0200
Subject: [Pdns-users] pdns-3.2 AXFR per domain ACL's problem
In-Reply-To: <20130319120514.GA23454@prof-x.prof-x.net>
References: <CAFRaUvb2eptHWzmPap5cThTUOw=QfHKF+syTtv3uaPo1Mft2tg@mail.gmail.com>
	<20130319120514.GA23454@prof-x.prof-x.net>
Message-ID: <CAFRaUvbk5S8DtYPt3K4qHv7Rbeg-JzQ+gwZNx1=p5uiqE1B5MQ@mail.gmail.com>

Hi all!

I found out what was missing in my configuration.

I just did not read documentation properly and did not find dnssec enabling
flag.

http://doc.powerdns.com/html/domainmetadata.html

I just added gmysql-dnssec to pdns.conf and restarted service.

AXFR ACL's are working now.

Thank You all who helped.

Best Regards,
Margus Kiting

On 19 March 2013 14:05, Ruben d'Arco <cyclops at prof-x.net> wrote:

> Hi,
>
> This ia bit of a gues, but:
> The AUTO-NS feature seems to use a normal getaddrinfo(). This might have a
> different result than you expect on your system.
> Can you check what's in your resolv.conf and see what that replied when
> you ask for dns1.test.com and dns2.test.com?
>
> Regards,
>         Ruben
>
>
>
> On Tue, Mar 19, 2013 at 01:51:20PM +0200, Margus Kiting wrote:
> > Hi,
> >
> > I'm new to this list and this is the first time I encountered a problem
> > using powerdns authoritative DNS server, so I hope I find solution for
> this
> > problem from here.
> >
> > The problem is in AXFR per domain ACL's. They are just nor working for
> me.
> > Below is configuration and test outputs.
> >
> > Master DNS: pdns-master 192.168.1.10
> > Slave DNS: pdns-slave 192.168.1.11
> > Test server: pdns-test 192.168.1.13
> >
> > PowerDNS Version 3.2, compiled on Mar 12 2013, 10:19:57 with gcc version
> > 4.1.2 20080704 (Red Hat 4.1.2-51)
> >
> >
> > pdns-master pdns.conf
> >
> > setuid=daemon
> > setgid=daemon
> > cache-ttl=60
> > daemon=yes
> > disable-tcp=no
> > distributor-threads=10
> >
> > launch=gmysql
> > gmysql-host=127.0.0.1
> > gmysql-user=powerdns
> > gmysql-password=password
> > gmysql-dbname=powerdns
> > logging-facility=1
> > loglevel=4
> > master=yes
> > query-cache-ttl=60
> > recursive-cache-ttl=60
> > recursor=127.0.0.1
> > query-local-address6=
> >
> > NB! recursor is not running.
> >
> > pdns-master mysql information:
> >
> > mysql> select * from domains;
> > id      name    master  last_check      type    notified_serial account
> > 1       test.com        NULL    NULL    MASTER  1363693953      NULL
> >
> > mysql> select * from records;
> > id      domain_id       name    type    content ttl     prio
> > change_date    ordername        auth
> > 1       1       test.com        SOA     dns1.test.com root at test.com 0
> > 86400  NULL     NULL    NULL    NULL
> > 2       1       test.com        NS      dns1.test.com   86400   NULL
> > 1363693952      NULL    NULL
> > 3       1       test.com        NS      dns2.test.com   86400   NULL
> > 1363693952      NULL    NULL
> > 4       1       www.test.com    A       192.168.1.12    120     NULL
> > 1363693952      NULL    NULL
> > 5       1       mail.test.com   A       192.168.1.12    120     NULL
> > 1363693952      NULL    NULL
> > 6       1       dns1.test.com   A       192.168.1.11    120     NULL
> > 1363693952      NULL    NULL
> > 7       1       dns2.test.com   A       192.168.1.10    120     NULL
> > 1363693952      NULL    NULL
> > 8       1       test.com        MX      mail.test.com   120     25
> > 1363693953      NULL    NULL
> >
> > mysql> select * from domainmetadata;
> > id      domain_id       kind    content
> > 1       1       ALLOW-AXFR-FROM AUTO-NS
> > AXFR queries should be allowd onlly from server, which are in
> > test.comdomain NS records.
> > I will AXFR query from pdns-slave, which has IP 192.168.1.11 and it is
> > configured as NS record in test.ccom domain and it should get correct
> axfr
> > query answer.
> > I also try AXFR query from pdns-test, which has IP 192.168.1.12 and it's
> > not configured as NS record in test.com domain and this server should
> get
> > transfer failure message from pdns-master server. powerdns daemon is
> > running with monitor flag, which gives debug output from servers side.
> >
> > AXFR query from pdns-slave 192.168.1.11 server:
> >
> > [root at pdns-slave ~]# dig axfr test.com @192.168.1.10
> >
> > ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> axfr test.com @
> > 192.168.1.10
> > ;; global options:  printcmd
> > test.com.               86400   IN      SOA     dns1.test.com.
> root.test.com.
> > 1363693953 10800 3600 604800 3600
> > test.com.               86400   IN      NS      dns1.test.com.
> > test.com.               86400   IN      NS      dns2.test.com.
> > www.test.com.           120     IN      A       192.168.1.12
> > mail.test.com.          120     IN      A       192.168.1.12
> > dns1.test.com.          120     IN      A       192.168.1.11
> > dns2.test.com.          120     IN      A       192.168.1.10
> > test.com.               120     IN      MX      25 mail.test.com.
> > test.com.               86400   IN      SOA     dns1.test.com.
> root.test.com.
> > 1363693953 10800 3600 604800 3600
> > ;; Query time: 12 msec
> > ;; SERVER: 192.168.1.10#53(192.168.1.10)
> > ;; WHEN: Tue Mar 19 13:24:06 2013
> > ;; XFR size: 9 records (messages 3)
> >
> > Powerdns log output in pdns-master server:
> >
> > Mar 19 13:24:06 AXFR of domain 'test.com' initiated by 192.168.1.11
> > Mar 19 13:24:06 AXFR of domain 'test.com' allowed: client IP
> 192.168.1.11
> > is in allow-axfr-ips
> > Mar 19 13:24:06 gmysql Connection successful
> > Mar 19 13:24:06 gmysql Connection successful
> > Mar 19 13:24:06 AXFR of domain 'test.com' to 192.168.1.11 finished
> >
> > AXFR query from pdns-test 192.168.1.12 server:
> >
> > [root at pdns-test ~]# dig axfr test.com @192.168.1.10
> >
> > ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> axfr test.com @
> > 192.168.1.10
> > ;; global options:  printcmd
> > test.com.               86400   IN      SOA     dns1.test.com.
> root.test.com.
> > 1363693953 10800 3600 604800 3600
> > test.com.               86400   IN      NS      dns1.test.com.
> > test.com.               86400   IN      NS      dns2.test.com.
> > www.test.com.           120     IN      A       192.168.1.12
> > mail.test.com.          120     IN      A       192.168.1.12
> > dns1.test.com.          120     IN      A       192.168.1.11
> > dns2.test.com.          120     IN      A       192.168.1.10
> > test.com.               120     IN      MX      25 mail.test.com.
> > test.com.               86400   IN      SOA     dns1.test.com.
> root.test.com.
> > 1363693953 10800 3600 604800 3600
> > ;; Query time: 17 msec
> > ;; SERVER: 192.168.1.10#53(192.168.1.10)
> > ;; WHEN: Tue Mar 19 13:25:50 2013
> > ;; XFR size: 9 records (messages 3)
> >
> >
> > Powerdns log output in pdns-master server:
> >
> > Mar 19 13:25:50 AXFR of domain 'test.com' initiated by 192.168.1.12
> > Mar 19 13:25:50 AXFR of domain 'test.com' allowed: client IP
> 192.168.1.12
> > is in allow-axfr-ips
> > Mar 19 13:25:50 gmysql Connection successful
> > Mar 19 13:25:50 gmysql Connection successful
> > Mar 19 13:25:50 AXFR of domain 'test.com' to 192.168.1.12 finished
> >
> > As seen from abowe, AXFR ACL's per domain is not working. Am I missing
> some
> > configuration or I'm doing something very wrong?
> > Please help.
> >
> > NB! English is not my native language, so appologies if there are
> mistakes.
> >
> > Thanks in advance!
> > Margus Kiting
>
> > _______________________________________________
> > Pdns-users mailing list
> > Pdns-users at mailman.powerdns.com
> > http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130321/8899e76e/attachment-0001.html>

From cyclops at prof-x.net  Fri Mar 22 07:11:11 2013
From: cyclops at prof-x.net (Ruben d'Arco)
Date: Fri, 22 Mar 2013 08:11:11 +0100
Subject: [Pdns-users] Testing master functionality on ldap backend
In-Reply-To: <514AE2A2.4010305@admin.noa.gr>
References: <514AE2A2.4010305@admin.noa.gr>
Message-ID: <20130322071110.GC28926@prof-x.prof-x.net>

Hi,

This is by design and not specific to the ldap backend.
Powerdns simply receives the nameservers from the backend and starts resolving the name to ip addresses.
If that name has multiple ip addresses (v6 or v4), notifies will be send to all of them.

There is a ticket open for this and a patch:
http://wiki.powerdns.com/trac/ticket/454 

Regards,
	Ruben



On Thu, Mar 21, 2013 at 12:36:18PM +0200, Nikolaos Milas wrote:
> Hello,
> 
> I am testing the new ldap backend
> (http://repo.or.cz/w/pdns-ldap-backend.git) under pdns v3.2 on
> CentOS 6.4 x86_64
> 
> I have a question: It seems the master is sending duplicate
> notifications to the slave, both at the IPv4 and at the IPv6
> address.
> 
> Is this expected behavior? Please explain.
> 
> Test details follow.
> 
> The test master server is vmres.noa.gr with:
> 
>    ...
>    local-address=127.0.0.1 194.177.195.158
>    local-ipv6=::1 2001:648:2011:14::158
>    ...
> 
> The slave runs at:
> 
>    vdev.noa.gr
>    195.251.204.232
>    2001:648:2011:10::232
> 
> Here is the master zone, as queried:
> 
> # dig ANY 204.251.195.in-addr.arpa @194.177.195.158
> 
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6.3 <<>> ANY
> 204.251.195.in-addr.arpa @194.177.195.158
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39168
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;204.251.195.in-addr.arpa.      IN      ANY
> 
> ;; ANSWER SECTION:
> 204.251.195.in-addr.arpa. 86400 IN      NS      vdev.noa.gr.
> 204.251.195.in-addr.arpa. 86400 IN      NS      vmres.noa.gr.
> 204.251.195.in-addr.arpa. 86400 IN      SOA     vmres.noa.gr.
> sysadmin.noa.gr. 2013032002 86400 180 1209600 3600
> 
> ;; ADDITIONAL SECTION:
> vdev.noa.gr.            86400   IN      A       195.251.204.232
> vdev.noa.gr.            86400   IN      AAAA    2001:648:2011:10::232
> 
> ;; Query time: 2 msec
> ;; SERVER: 194.177.195.158#53(194.177.195.158)
> ;; WHEN: Thu Mar 21 12:21:55 2013
> ;; MSG SIZE  rcvd: 176
> 
> Some logs after zone change, for reference:
> 
> Mar 20 20:21:28 vmres pdns[9128]: 1 domain for which we are master
> needs notifications
> Mar 20 20:21:28 vmres pdns[9128]: Queued notification of domain
> '204.251.195.in-addr.arpa' to 195.251.204.232
> Mar 20 20:21:28 vmres pdns[9128]: Queued notification of domain
> '204.251.195.in-addr.arpa' to 2001:648:2011:10::232
> ...
> Mar 20 20:21:28 vmres pdns[9128]: AXFR of domain
> '204.251.195.in-addr.arpa' initiated by 195.251.204.232
> Mar 20 20:21:28 vmres pdns[9128]: AXFR of domain
> '204.251.195.in-addr.arpa' allowed: client IP 195.251.204.232 is in
> allow-axfr-ips
> ...
> Mar 20 20:21:28 vmres pdns[9128]: AXFR of domain
> '204.251.195.in-addr.arpa' to 195.251.204.232 finished
> ...
> Mar 20 20:21:29 vmres pdns[9128]: Removed from notification list:
> '204.251.195.in-addr.arpa' to 195.251.204.232:53 (was acknowledged)
> 
> Thanks and Regards,
> Nick
> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



From nmilas at admin.noa.gr  Fri Mar 22 12:32:57 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Fri, 22 Mar 2013 14:32:57 +0200
Subject: [Pdns-users] Testing master functionality on ldap backend
In-Reply-To: <20130322071110.GC28926@prof-x.prof-x.net>
References: <514AE2A2.4010305@admin.noa.gr>
	<20130322071110.GC28926@prof-x.prof-x.net>
Message-ID: <514C4F79.3050606@admin.noa.gr>

On 22/3/2013 9:11 πμ, Ruben d'Arco wrote:

> This is by design and not specific to the ldap backend.
> Powerdns simply receives the nameservers from the backend and starts resolving the name to ip addresses.
> If that name has multiple ip addresses (v6 or v4), notifies will be send to all of them.
>
> There is a ticket open for this and a patch:
> http://wiki.powerdns.com/trac/ticket/454
>
>

Thanks,

The tracker appears to indicate 3.2 as a target version for:

    http://wiki.powerdns.com/trac/ticket/454

and for the related:

    http://wiki.powerdns.com/trac/ticket/468

but apparently neither was included therein.

I guess they are planned to be included in the next version?

Regards,
Nick



From tripivceta at hotmail.com  Fri Mar 22 16:06:30 2013
From: tripivceta at hotmail.com (a b)
Date: Fri, 22 Mar 2013 17:06:30 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <514AC8DC.6070306@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>,<51488D75.5050903@admin.noa.gr>
	<DUB109-W4900A087F9E2CAF0F9BECBDCEA0@phx.gbl>,
	<514AC8DC.6070306@admin.noa.gr>
Message-ID: <DUB109-W502988A535B684BAA69561DCD40@phx.gbl>

> Thanks for the reply.
> 
> Please, see below.
> /usr/lib/gcc/x86_64-redhat-linux/4.4.7/../../../../lib64/libldap_r.so: > undefined reference to `ber_sockbuf_io_udp'
As suspected, the link editor is not finding the symbols (function definitions) it needs to resolve bindings in the object file(s).
What does your ~/.rpmmacros file looks like?
While technically not necessary, CFLAGS must often contain -L and -R switches to work around buggy or incorrectly coded ./configure files.Ditto for LDFLAGS.Do you set CFLAGS and LDFLAGS? What do they look like? 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130322/27a56004/attachment-0001.html>

From tripivceta at hotmail.com  Fri Mar 22 16:23:33 2013
From: tripivceta at hotmail.com (a b)
Date: Fri, 22 Mar 2013 17:23:33 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <514AFED3.2030804@admin.noa.gr>
References: <5148841C.7050100@admin.noa.gr>,
	<20130319160251.GA2335@xs.powerdns.com>, <5148AAB8.80605@admin.noa.gr>, 
	<51497CE0.50100@admin.noa.gr>
	<DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>,
	<514AFED3.2030804@admin.noa.gr>
Message-ID: <DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>

> > You need to pass --libdir=/usr/local/openldap/lib64 on the %configure 
> > line.
> 
> Tried that, but the same error occurred.

I did not mean that literally, sorry for the confusion. What I meant is that you muss pass the equivalent of --libdir=/usr/local/openldap/lib64 by using --libdir=%{_libdir}, which is a special RPM built-in macro.
What this means is that your ~/.rpmmacros file is either incorrect or non-existent.
~/.rpmmacros must exist before attempting to (re)build RPM packages, and it must be correct. That is not optional.
Sample, working .rpmmacros file:%HOME           %{expand:%%(echo $HOME)}%_topdir        %{HOME}/devel/rpms%__printf       /usr/bin/printf%MY_BASE        opt/openldap%__python       /%{MY_BASE}/bin/python%_defaultdocdir /%{MY_BASE}/share/doc%_prefix        /%{MY_BASE}%_sysconfdir    /etc/%{MY_BASE}%_mandir        /%{MY_BASE}/share/man%_infodir       /%{MY_BASE}/share/info%_localstatedir /var/%{MY_BASE}
The above .rpmmacros file is configured to comply with the Linux Standards Base ("LSB") Filesystem Hierachy Standard ("FHS") I mentioned earlier.
You should rebuild openldap RPM with the above .rpmmacros file sitting in your home directory. With it, the %{_libdir} macro should be set correctly by RPM, and it will be passed on the %configure line correctly; however, you might still need to append to, or override CFLAGS, CXXFLAGS, CPPFLAGS, and LDFLAGS, depending on whether the ./configure script works correctly or not. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130322/4370bf5e/attachment-0001.html>

From tripivceta at hotmail.com  Fri Mar 22 16:34:54 2013
From: tripivceta at hotmail.com (a b)
Date: Fri, 22 Mar 2013 17:34:54 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>
References: <5148841C.7050100@admin.noa.gr>, ,
	<20130319160251.GA2335@xs.powerdns.com>, 
	<5148AAB8.80605@admin.noa.gr>, , <51497CE0.50100@admin.noa.gr>,
	<DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>, ,
	<514AFED3.2030804@admin.noa.gr>,
	<DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>
Message-ID: <DUB109-W75040A32CC30509DCA1FBDDCD40@phx.gbl>

> %_prefix        /%{MY_BASE}
I should also add that you should pick a top-level directory in opt, like for example "blabla" or some other generic name (usually your organization's name, acronym, or most preferrably, lower case version of your organization's stock symbol, if you have one), and all RPM's you build should end up in the following hierachy, I am using a made-up name "blabla" in the example:
/opt/blabla/sbin/opt/blabla/bin/opt/blabla/lib/opt/blabla/lib64/opt/blabla/libexec/etc/opt/blabla/openldap/etc/opt/blabla/pdns/var/opt/blabla/openldap/var/opt/blabla/pdns
With %MY_BASE (or more appropriately to this example, %BLABLA_BASE) being set to opt/blabla, all SRPM's one (re)builds from that point on should be able to correctly find their files under the /opt/blabla/ hierarchy. This includes libraries. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130322/663bccd0/attachment-0001.html>

From nmilas at admin.noa.gr  Fri Mar 22 20:08:41 2013
From: nmilas at admin.noa.gr (Nikolaos Milas)
Date: Fri, 22 Mar 2013 22:08:41 +0200
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
	libraries/headers
In-Reply-To: <DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>
References: <5148841C.7050100@admin.noa.gr>,
	<20130319160251.GA2335@xs.powerdns.com>,
	<5148AAB8.80605@admin.noa.gr>, <51497CE0.50100@admin.noa.gr>
	<DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>,
	<514AFED3.2030804@admin.noa.gr>
	<DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>
Message-ID: <514CBA49.4050306@admin.noa.gr>

On 22/3/2013 6:23 pm, a b wrote:

> I did not mean that literally, sorry for the confusion. What I meant
> is that you muss pass the equivalent of
> --libdir=/usr/local/openldap/lib64 by using --libdir=%{_libdir}, which
> is a special RPM built-in macro.
>

Thanks for your assistance.

Sorry, I am not a specialist in building apps, so instructions should be 
clear otherwise I have to experiment. :-(

> What this means is that your ~/.rpmmacros file is either incorrect or
> non-existent.

Until now, I always use a simple:

    $ cat .rpmmacros
    %_topdir %(echo $HOME)/rpmbuild

which has worked fine in many builds I have, and it works fine when I 
build pdns-server on CentOS 5.

However, I see your point: I should set (in .rpmmacros) something like:

    %_libdir /usr/local/openldap/lib64

Yet, my earlier question remains: Can I set multiple paths, like:

    %_libdir /usr/lib64,/usr/local/openldap/lib64

...? Is it supported?

On 22/3/2013 6:06 pm, a b wrote:

> While technically not necessary, CFLAGS must often contain -L and -R
 > switches to work around buggy or incorrectly coded ./configure files.
> Ditto for LDFLAGS.
> Do you set CFLAGS and LDFLAGS? What do they look like?

I don't see any CFLAGS or LDFLAGS specified in the spec file.

When I build (as an example) Dovecot, I use in the spec file (before 
./configure):

export CPPFLAGS="${CPPFLAGS} -I/usr/local/openldap/include"
export LDFLAGS="${LDFLAGS} -L/usr/local/openldap/lib64 -lldap -llber"

Should I try the same here?

>
>  You should rebuild openldap RPM with the above .rpmmacros file
 >  sitting in your home directory.
>

I understand, however I don't want to mess around with this package, 
although I see your point and I think it's valid. I'll pass your 
suggestions to the LTB project maintainers as they are responsible for 
these builds.

Thanks again and regards,
Nick



From tripivceta at hotmail.com  Fri Mar 22 20:46:14 2013
From: tripivceta at hotmail.com (a b)
Date: Fri, 22 Mar 2013 21:46:14 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <514CBA19.1060808@noa.gr>
References: <5148841C.7050100@admin.noa.gr>,
	<20130319160251.GA2335@xs.powerdns.com>, <5148AAB8.80605@admin.noa.gr>, 
	<51497CE0.50100@admin.noa.gr>
	<DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>,
	<514AFED3.2030804@admin.noa.gr>
	<DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>, <514CBA19.1060808@noa.gr>
Message-ID: <DUB109-W766F72007CEEAC0DA20BFCDCD40@phx.gbl>

> Thanks for your assistance.

You are welcome.

> Until now, I always use a simple:
>
> $ cat .rpmmacros
> %_topdir %(echo $HOME)/rpmbuild
>
> which has worked fine in many builds I have, and it works fine when I
> build pdns-server on CentOS 5.

This works because you are redefining the top build directory to be your own account, and because it builds the RPM linked with default libraries in /usr/lib or /usr/lib64, depending on whether one is building on a 32- or 64-bit system (and what the compilers' switches are).

> However, I see your point: I should set (in .rpmmacros) something like:
>
> %_libdir /usr/local/openldap/lib64

Unfortunately, no. You should configure your .rpmmacros file with at least %prefix as in the earlier example .rpmmacros file.

rpmbuild(1) will then automatically set %_libdir macro to /something/something/lib64 or /something/something/lib depending on whether one is building 32- or 64-bit.

Since the SRPM, by definition, must build without changes on both 32- and 64-bit architectures, %_libdir must not be modified directly; in order to have it correctly set to /usr/local/openldap/lib64, %MY_BASE in the earlier example would have to be set to /usr/local/openldap.

As you can see, this is not necessarily what you want in the long term, because it implies that any and all software would have to end up in /usr/local/openldap.

> Yet, my earlier question remains: Can I set multiple paths, like:
>
> %_libdir /usr/lib64,/usr/local/openldap/lib64
>
> ...? Is it supported?

As far as I am aware, no. Also, one is never supposed to pass /usr/lib, /usr/lib64, /lib, or /lib64 to the link editor. These paths are hard coded inside of the link editor binary, and providing them on the link line or anywhere else during compilation has undefined results.

> I don't see any CFLAGS or LDFLAGS specified in the spec file.

What about %_smpflags or %optflags macros, are they referenced anywhere in the .spec file?

> When I build (as an example) Dovecot, I use in the spec file (before
> ./configure):
>
> export CPPFLAGS="${CPPFLAGS} -I/usr/local/openldap/include"
> export LDFLAGS="${LDFLAGS} -L/usr/local/openldap/lib64 -lldap -llber"
>
> Should I try the same here?

You can; sometimes that works, sometime it does not. It is a hit-and-miss.

Actually, you could try the following in the .spec file; this assumes %_prefix=/usr/local/openldap in your .rpmmacros, since you wrote that you would rather not change it:

O='$$O'; export O
ORIGIN='$ORIGIN'; export ORIGIN

CPPFLAGS="${CPPFLAGS} -I%{_prefix}/include"; export CPPFLAGS
LDFLAGS="${LDFLAGS} -L%{_libdir} -R${ORIGIN}:${ORIGIN}/../%{_lib}:${ORIGIN}/../../%{_lib}:%{_libdir}"; export LDFLAGS
CFLAGS="${CFLAGS} -Wl,-L%{_libdir},-R${ORIGIN}:${ORIGIN}/../%{_lib}:${ORIGIN}/../../%{_lib}:%{_libdir}"; export CFLAGS
CXXFLAGS="${CXXFLAGS} -Wl,-L%{_libdir},-R${ORIGIN}:${ORIGIN}/../%{_lib}:${ORIGIN}/../../%{_lib}:%{_libdir}"; export CXXFLAGS

%configure ... 		 	   		  


From tripivceta at hotmail.com  Fri Mar 22 20:50:24 2013
From: tripivceta at hotmail.com (a b)
Date: Fri, 22 Mar 2013 21:50:24 +0100
Subject: [Pdns-users] Building pdns RPMs using custom LDAP
 libraries/headers
In-Reply-To: <DUB109-W766F72007CEEAC0DA20BFCDCD40@phx.gbl>
References: <5148841C.7050100@admin.noa.gr>, ,
	<20130319160251.GA2335@xs.powerdns.com>, 
	<5148AAB8.80605@admin.noa.gr>, , <51497CE0.50100@admin.noa.gr>,
	<DUB109-W96264CD1B5E030B2A5C7CBDCEA0@phx.gbl>, ,
	<514AFED3.2030804@admin.noa.gr>,
	<DUB109-W24F3F2E97E63547741FD25DCD40@phx.gbl>,
	<514CBA19.1060808@noa.gr>,
	<DUB109-W766F72007CEEAC0DA20BFCDCD40@phx.gbl>
Message-ID: <DUB109-W35BB02F33B119BFBC50E79DCD40@phx.gbl>

> CPPFLAGS="${CPPFLAGS} -I%{_prefix}/include"; export CPPFLAGS
> LDFLAGS="${LDFLAGS} -L%{_libdir} -R${ORIGIN}:${ORIGIN}/../%{_lib}:${ORIGIN}/../../%{_lib}:%{_libdir}"; export LDFLAGS
> CFLAGS="${CFLAGS} -Wl,-L%{_libdir},-R${ORIGIN}:${ORIGIN}/../%{_lib}:${ORIGIN}/../../%{_lib}:%{_libdir}"; export CFLAGS
> CXXFLAGS="${CXXFLAGS} -Wl,-L%{_libdir},-R${ORIGIN}:${ORIGIN}/../%{_lib}:${ORIGIN}/../../%{_lib}:%{_libdir}"; export CXXFLAGS

I forgot, you are probably using GCC, are you not? If so, replace "-R" with "-rpath". GNU of course has to be differ from any and all standards, just because it can! 		 	   		  


From chieff7 at gmail.com  Sat Mar 23 18:05:33 2013
From: chieff7 at gmail.com (Ron Tsoref)
Date: Sat, 23 Mar 2013 20:05:33 +0200
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <082A5E85-6FD8-49CF-9C18-9CCF81112AA3@netherlabs.nl>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
	<20130318105606.GC14649@torres.zugschlus.de>
	<CAEFjY2txpUKROQihn926YTX8C=aNVgVe68HzD2EarxvNbiRbqQ@mail.gmail.com>
	<082A5E85-6FD8-49CF-9C18-9CCF81112AA3@netherlabs.nl>
Message-ID: <CAEFjY2v=uyUv6kSMGKi+-QHH-Y4ScEzKbAmg1HNiR66JNkHbsQ@mail.gmail.com>

Thanks for sharing this information guys!  We'll test the PipeBackend
capabilities in the coming days.

Ron


On Tue, Mar 19, 2013 at 11:56 PM, bert hubert <bert.hubert at netherlabs.nl>wrote:

> On Mar 19, 2013, at 10:41 PM, Ron Tsoref wrote:
>
> The PipeBackend seems easy to implement.  Does anyone actually use a
> PipeBackend in production and can share some general performance
> information? Is it much slower than other backends?
>
>
> We've been able to squeeze 50000 qps out of a pipe backend. On a
> philosophical note, pipes are likely to be faster than TCP/IP, and SQL
> marshalling/unmarshaling is not free either.
>
> People associate 'text based' with slow, but most SQL protocols are just
> as parsed, or even more so.
>
> The pipe backend does have a performance bottleneck in 3.2 if you specify
> a timeout, see http://wiki.powerdns.com/trac/ticket/661
>
> Bert
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130323/48f2bc0f/attachment-0001.html>

From miesi at pc-h.de  Tue Mar 26 07:47:05 2013
From: miesi at pc-h.de (Thomas Mieslinger)
Date: Tue, 26 Mar 2013 08:47:05 +0100
Subject: [Pdns-users] asking a-k.cctld.us Servers for MX Records
Message-ID: <51515279.8020800@pc-h.de>

Hi,

am I the only one having trouble to resolve MX records for .us Domains? 
When doing a dig MX soderman.us @a.cctld.us in Europe  I get no answer 
at all. In the US I get a referral to the nameservers which are 
authoritative for this domain. To make this even more strange dig AAAA 
soderman.us @a.cctld.us or any other record type except for MX just 
gives the referral.

Can you just try it yourself?

Regards Thomas



From peter.van.dijk at netherlabs.nl  Tue Mar 26 08:00:08 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Tue, 26 Mar 2013 09:00:08 +0100
Subject: [Pdns-users] asking a-k.cctld.us Servers for MX Records
In-Reply-To: <51515279.8020800@pc-h.de>
References: <51515279.8020800@pc-h.de>
Message-ID: <48690EFD-483E-4D6F-BDD1-AD0761398815@netherlabs.nl>

Hello Thomas,

On Mar 26, 2013, at 8:47 , Thomas Mieslinger wrote:

> am I the only one having trouble to resolve MX records for .us Domains? When doing a dig MX soderman.us @a.cctld.us in Europe  I get no answer at all. In the US I get a referral to the nameservers which are authoritative for this domain. To make this even more strange dig AAAA soderman.us @a.cctld.us or any other record type except for MX just gives the referral.

I see the same, testing from one location in Europe (inside UPCs network) and one location in the US (inside Softlayer's network). No answer for the MX, referral for the AAAA. You might want to take this to https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/




From peter.van.dijk at netherlabs.nl  Tue Mar 26 08:11:40 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Tue, 26 Mar 2013 09:11:40 +0100
Subject: [Pdns-users] asking a-k.cctld.us Servers for MX Records
In-Reply-To: <48690EFD-483E-4D6F-BDD1-AD0761398815@netherlabs.nl>
References: <51515279.8020800@pc-h.de>
	<48690EFD-483E-4D6F-BDD1-AD0761398815@netherlabs.nl>
Message-ID: <15BE53CD-761E-4685-8B89-9033B5C8E528@netherlabs.nl>

Hello Thomas,

On Mar 26, 2013, at 9:00 , Peter van Dijk wrote:

> On Mar 26, 2013, at 8:47 , Thomas Mieslinger wrote:
> 
>> am I the only one having trouble to resolve MX records for .us Domains? When doing a dig MX soderman.us @a.cctld.us in Europe  I get no answer at all. In the US I get a referral to the nameservers which are authoritative for this domain. To make this even more strange dig AAAA soderman.us @a.cctld.us or any other record type except for MX just gives the referral.
> 
> I see the same, testing from one location in Europe (inside UPCs network) and one location in the US (inside Softlayer's network). No answer for the MX, referral for the AAAA. You might want to take this to https://lists.dns-oarc.net/mailman/listinfo/dns-operations


A more extensive test from 191 nodes at ring.nlnog.net shows similar results. AAAA gets referral on all of them, MX only on 42, and those 42 are indeed mostly in the US.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/




From miesi at pc-h.de  Tue Mar 26 08:19:48 2013
From: miesi at pc-h.de (Thomas Mieslinger)
Date: Tue, 26 Mar 2013 09:19:48 +0100
Subject: [Pdns-users] asking a-k.cctld.us Servers for MX Records
In-Reply-To: <15BE53CD-761E-4685-8B89-9033B5C8E528@netherlabs.nl>
References: <51515279.8020800@pc-h.de>
	<48690EFD-483E-4D6F-BDD1-AD0761398815@netherlabs.nl>
	<15BE53CD-761E-4685-8B89-9033B5C8E528@netherlabs.nl>
Message-ID: <51515A24.5000807@pc-h.de>

Hi Peter,

thanks for sharing your deep knowledge which pretty cool tools exist out 
there.

I've opened up a ticket neustar. Sent this issue to dns-operators list. 
And I applied a hotfix

+us=8.8.8.8

in the recursor which are hit by this Problem. I don't understand why 
google dns is able to resolve the mx records, but now the mail queues 
can be drained.

Best regards
Thomas

On 03/26/2013 09:11 AM, Peter van Dijk wrote:
> Hello Thomas,
>
> On Mar 26, 2013, at 9:00 , Peter van Dijk wrote:
>
>> On Mar 26, 2013, at 8:47 , Thomas Mieslinger wrote:
>>
>>> am I the only one having trouble to resolve MX records for .us Domains? When doing a dig MX soderman.us @a.cctld.us in Europe  I get no answer at all. In the US I get a referral to the nameservers which are authoritative for this domain. To make this even more strange dig AAAA soderman.us @a.cctld.us or any other record type except for MX just gives the referral.
>>
>> I see the same, testing from one location in Europe (inside UPCs network) and one location in the US (inside Softlayer's network). No answer for the MX, referral for the AAAA. You might want to take this to https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
>
> A more extensive test from 191 nodes at ring.nlnog.net shows similar results. AAAA gets referral on all of them, MX only on 42, and those 42 are indeed mostly in the US.
>
> Kind regards,
>




From s.posner at telekom.de  Tue Mar 26 10:02:20 2013
From: s.posner at telekom.de (Posner, Sebastian)
Date: Tue, 26 Mar 2013 11:02:20 +0100
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <20130318105606.GC14649@torres.zugschlus.de>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
	<20130318105606.GC14649@torres.zugschlus.de>
Message-ID: <63366D5A116E514AA4A9872D3C5335395E47D47F96@QEO40072.de.t-online.corp>

Marc Haber wrote: 
> Odhiambo Washington wrote:
> > Does PowerDNS support "views", in some way?
> 
> If you look for something that is the same as bind views, the answer
> is no, unfortunately. Same goes for ACLs.

Thinking about this again, one could easily achieve such a result with 
a combination of multiple instances of pdns running on the same machine
and a set of matching iptables-rules to sort out where the request is 
routed based on the IP of the client...

Kind regards,

Sebastian
--
Sebastian Posner
Unix-Systemspezialist
Deutsche Telekom AG, Products & Innovation 
"Es hat einmal einer gesagt, das geht nicht. Dann kam einer, der wusste das nicht und hat es einfach gemacht"




From odhiambo at gmail.com  Tue Mar 26 10:13:42 2013
From: odhiambo at gmail.com (Odhiambo Washington)
Date: Tue, 26 Mar 2013 13:13:42 +0300
Subject: [Pdns-users] PowerDNS capabilities
In-Reply-To: <63366D5A116E514AA4A9872D3C5335395E47D47F96@QEO40072.de.t-online.corp>
References: <CAEFjY2spYG_EO6gHmASzhxAD-t35iTZdg4Xr2ga1VKndmAXtcA@mail.gmail.com>
	<1549523E-8899-444D-8802-C53EBD36E347@netherlabs.nl>
	<CAAdA2WOS77vKUQrxJcJcYdhLKUeSpy56FLGA4LFDdJnh6CDr4A@mail.gmail.com>
	<20130318105606.GC14649@torres.zugschlus.de>
	<63366D5A116E514AA4A9872D3C5335395E47D47F96@QEO40072.de.t-online.corp>
Message-ID: <CAAdA2WPRaTrZQ-Yw_khfU+edOenXfO0u51kFMOrOJr-o+HHLMQ@mail.gmail.com>

On 26 March 2013 13:02, Posner, Sebastian <s.posner at telekom.de> wrote:

> Marc Haber wrote:
> > Odhiambo Washington wrote:
> > > Does PowerDNS support "views", in some way?
> >
> > If you look for something that is the same as bind views, the answer
> > is no, unfortunately. Same goes for ACLs.
>
> Thinking about this again, one could easily achieve such a result with
> a combination of multiple instances of pdns running on the same machine
> and a set of matching iptables-rules to sort out where the request is
> routed based on the IP of the client...
>

Sounds good, but this also introduces overheads, however small, to the DNS
server.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130326/ca8d024e/attachment-0001.html>

From margus.kiting at gmail.com  Tue Mar 26 12:53:42 2013
From: margus.kiting at gmail.com (Margus Kiting)
Date: Tue, 26 Mar 2013 14:53:42 +0200
Subject: [Pdns-users] Oracle backend connection string.
Message-ID: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>

Hi,

I'm trying to test oracle backend, but I'm not able to find oracle
connection string which should be used with this backend.
I tried configuration options described below, but I think I'm using
oracle-master-database configuration string wrong.
Could someone point me out how oracle connection configuration should be?
I'm using pdns-3.2 which has oracle backend compiled in it.

launch=oracle
oracle-master-database=//ORACLE-IP:PORT/SERVICE-NAME
oracle-master-username=DBUSER
oracle-master-password=DBPASS

Mar 26 12:53:11 Creating backend connection for TCP
% Mar 26 12:53:11 Master/slave communicator launching
Mar 26 12:53:11 OracleFactory: Creating Oracle session pool: ORA-12154:
TNS:could not resolve the connect identifier specified

Best Regards,
Margus Kiting
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130326/8b69bbca/attachment-0001.html>

From tripivceta at hotmail.com  Tue Mar 26 13:23:37 2013
From: tripivceta at hotmail.com (a b)
Date: Tue, 26 Mar 2013 14:23:37 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
Message-ID: <DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>

> launch=oracle
> oracle-master-database=//ORACLE-IP:PORT/SERVICE-NAME
> oracle-master-username=DBUSER
> oracle-master-password=DBPASS

launch=oracle
oracle-home=${ORACLE_HOME}
oracle-sid=${ORACLE_SID}
oracle-pool-database=${ORACLE_SID}
oracle-pool-username=${PDNS_LOGIN}
oracle-pool-password=${PDNS_PASSWD}
oracle-master-database=${ORACLE_SID}
oracle-master-username=${PDNS_LOGIN}
oracle-master-password=${PDNS_PASSWD}

replace all instances of variables above with values appropriate for your environment. The excerpt above is from a working configuration, the variables get dynamically replaced by code in the package, during OS package installation. 		 	   		  


From margus.kiting at gmail.com  Wed Mar 27 07:56:21 2013
From: margus.kiting at gmail.com (Margus Kiting)
Date: Wed, 27 Mar 2013 09:56:21 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>
Message-ID: <CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>

Hi,

It seems like oracle-home configuration parameter does not exist in pdns-3.2

Mar 27 07:55:16 Fatal error: Trying to set unexisting parameter
'oracle-home'

Margus Kiting

On 26 March 2013 15:23, a b <tripivceta at hotmail.com> wrote:

> > launch=oracle
> > oracle-master-database=//ORACLE-IP:PORT/SERVICE-NAME
> > oracle-master-username=DBUSER
> > oracle-master-password=DBPASS
>
> launch=oracle
> oracle-home=${ORACLE_HOME}
> oracle-sid=${ORACLE_SID}
> oracle-pool-database=${ORACLE_SID}
> oracle-pool-username=${PDNS_LOGIN}
> oracle-pool-password=${PDNS_PASSWD}
> oracle-master-database=${ORACLE_SID}
> oracle-master-username=${PDNS_LOGIN}
> oracle-master-password=${PDNS_PASSWD}
>
> replace all instances of variables above with values appropriate for your
> environment. The excerpt above is from a working configuration, the
> variables get dynamically replaced by code in the package, during OS
> package installation.
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/489b3beb/attachment-0001.html>

From tripivceta at hotmail.com  Wed Mar 27 14:08:29 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 27 Mar 2013 15:08:29 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>,
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>,
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
Message-ID: <DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>

> It seems like oracle-home configuration parameter does not exist in pdns-3.2
>
> Mar 27 07:55:16 Fatal error: Trying to set unexisting parameter 'oracle-home'

Hmmm, that is bad news, bad news indeed!

I ran into the same problem back in the day; Aki Tuomi was kind enough to give me a patch which I applied to the pdns source code; it is attached to this e-mail, along with the goracle backend patch, for completeness.

I would have thought this patch important enough to make it into the mainline source, since not only does the patch make sense, but it greatly simplifies configuring connections to the Oracle database, and helps with automation.

These patches were made against pdns-3.1 source code; hopefully, they will apply against the 3.2 version as well.

To apply these patches:

copy the patches into the pdns top level directory, for example:

cp modules-oraclebackend-oraclebackend.cc.patch modules-goraclebackend-goraclebackend.cc.patch pdns-3.2/
cd pdns-3.2
gpatch -p0 < modules-oraclebackend-oraclebackend.cc.patch
gpatch -p0 < modules-goraclebackend-goraclebackend.cc.patch 		 	   		  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: modules-oraclebackend-oraclebackend.cc.patch
Type: application/octet-stream
Size: 1155 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/abd7a1a9/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: modules-goraclebackend-goraclebackend.cc.patch
Type: application/octet-stream
Size: 1762 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/abd7a1a9/attachment-0003.obj>

From margus.kiting at gmail.com  Wed Mar 27 14:20:01 2013
From: margus.kiting at gmail.com (Margus Kiting)
Date: Wed, 27 Mar 2013 16:20:01 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
Message-ID: <CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>

Hi!

Thanks for the patches. Does generic-oracle backend support dnssec and
autoserial? These are two  functionalities I'm looking for:)

Best Regards,
Margus Kiting

On 27 March 2013 16:08, a b <tripivceta at hotmail.com> wrote:

> > It seems like oracle-home configuration parameter does not exist in
> pdns-3.2
> >
> > Mar 27 07:55:16 Fatal error: Trying to set unexisting parameter
> 'oracle-home'
>
> Hmmm, that is bad news, bad news indeed!
>
> I ran into the same problem back in the day; Aki Tuomi was kind enough to
> give me a patch which I applied to the pdns source code; it is attached to
> this e-mail, along with the goracle backend patch, for completeness.
>
> I would have thought this patch important enough to make it into the
> mainline source, since not only does the patch make sense, but it greatly
> simplifies configuring connections to the Oracle database, and helps with
> automation.
>
> These patches were made against pdns-3.1 source code; hopefully, they will
> apply against the 3.2 version as well.
>
> To apply these patches:
>
> copy the patches into the pdns top level directory, for example:
>
> cp modules-oraclebackend-oraclebackend.cc.patch
> modules-goraclebackend-goraclebackend.cc.patch pdns-3.2/
> cd pdns-3.2
> gpatch -p0 < modules-oraclebackend-oraclebackend.cc.patch
> gpatch -p0 < modules-goraclebackend-goraclebackend.cc.patch
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/19e291ae/attachment-0001.html>

From tripivceta at hotmail.com  Wed Mar 27 14:44:24 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 27 Mar 2013 15:44:24 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>,
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>,
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>,
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>,
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
Message-ID: <DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>

> Thanks for the patches. Does generic-oracle backend support dnssec and 
> autoserial? These are two functionalities I'm looking for:) 

You are welcome, but all the thanks should go to Aki Tuomi; I do not deserve anything.

As for "goracle" backend, I read the pdns documentation several times, and try as I might, I could not figure out how to make it work, so eventually I ditched it and went with the "oracle" backend. With those patches, it works beautifully. Never looked back.

(I muse what the point of a backend is, if it is so hard to use that one cannot figure out how to make it work. *Hint* *hint* how about a documentation overhaul, powers-that-be?)

Apropos DNSSEC, I have not had time to study the technology yet and can therefore make no comment on it. I know virtually nothing about DNSSEC. Perhaps others on this mailing list might be able and willing to shed light on the subject at hand.

Apropos autoserial, we started with the sample PL/SQL example included in the archive, and I rewrote the PL/SQL procedures and the triggers, and that works beautifully. I think the included example code is usable, it just needs some love.

The autoserial code is embedded in modules/oraclebackend/schema.sql. 		 	   		  


From cmouse at youzen.ext.b2.fi  Wed Mar 27 14:54:38 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 16:54:38 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
Message-ID: <20130327145438.GA7783@pi.ip.fi>

On Wed, Mar 27, 2013 at 03:44:24PM +0100, a b wrote:
> > Thanks for the patches. Does generic-oracle backend support dnssec and 
> > autoserial? These are two functionalities I'm looking for:) 
> 
> You are welcome, but all the thanks should go to Aki Tuomi; I do not deserve anything.
>

I'll have a look if I could get those patches into current head, so they might
end up in next stable release.

Aki Tuomi 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/3e850865/attachment-0001.sig>

From cmouse at youzen.ext.b2.fi  Wed Mar 27 15:12:16 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 17:12:16 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <20130327150550.GA8105@pi.ip.fi>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
Message-ID: <20130327151216.GB8105@pi.ip.fi>

On Wed, Mar 27, 2013 at 05:05:50PM +0200, Aki Tuomi wrote:
> On Wed, Mar 27, 2013 at 03:56:40PM +0100, a b wrote:
> > > I'll have a look if I could get those patches into current head, so they might
> > > end up in next stable release.
> > 
> > That would be great. Thank you for all your work. 		 	   		  
> Ticket for this issue.
> 
> http://wiki.powerdns.com/trac/ticket/725
> 
> Also, oraclebackend has support for dnssec, but goraclebackend seems not to,
> so I would suggest using oraclebackend for now. 
> 
> Aki Tuomi


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/518395d7/attachment-0001.sig>

From tripivceta at hotmail.com  Wed Mar 27 15:25:10 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 27 Mar 2013 16:25:10 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <20130327150550.GA8105@pi.ip.fi>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>,
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>,
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>,
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>,
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>,
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>,
	<20130327145438.GA7783@pi.ip.fi>,
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>,
	<20130327150550.GA8105@pi.ip.fi>
Message-ID: <DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>

> Also, oraclebackend has support for dnssec, but goraclebackend seems not to,
> so I would suggest using oraclebackend for now.

"oracle" backend appears to have much better support for using Oracle databases in general, so I would recommend sticking with it as well.

The only known issue with the "oracle" backend is that initial data import will have to be done with hand-crafted SQL code; if I recall correctly, the zone2sql tool assumes the use of "goracle" backend, which employs a different schema. 		 	   		  


From klaus.mailinglists at pernau.at  Wed Mar 27 17:06:10 2013
From: klaus.mailinglists at pernau.at (Klaus Darilion)
Date: Wed, 27 Mar 2013 18:06:10 +0100
Subject: [Pdns-users] NSEC3 opt-out issues in PDNS 3.2
Message-ID: <51532702.7020207@pernau.at>

Hi!

We have a setup with Powerdns between a bind master and bind 
secondaries. The master signs the zone without "opt-out". Thus, the 
NSEC3 records in the zone transfer from master->PDNS haev the NSEC3 flag 
set to 0. When the bind secondaries transfer the zone from PDNS, the 
NSEC3 records all have the NSEC3 flag set to 1 (opt-out). Of course this 
breaks the signature of the NSEC3 RR.

Is this a known issue? Is there a config option to fix this?

Thanks
Klaus



From cmouse at youzen.ext.b2.fi  Wed Mar 27 18:44:46 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 20:44:46 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
Message-ID: <20130327184446.GC8105@pi.ip.fi>

On Wed, Mar 27, 2013 at 04:25:10PM +0100, a b wrote:
> > Also, oraclebackend has support for dnssec, but goraclebackend seems not to,
> > so I would suggest using oraclebackend for now.
> 
> "oracle" backend appears to have much better support for using Oracle databases in general, so I would recommend sticking with it as well.
> 
> The only known issue with the "oracle" backend is that initial data import will have to be done with hand-crafted SQL code; if I recall correctly, the zone2sql tool assumes the use of "goracle" backend, which employs a different schema. 		 	   		  
I also now made a patch that lets you define the location of oracle libs
and such, and would be grateful if people could test this patch to see if
it has some problems.

you can find it from http://wiki.powerdns.com/trac/ticket/726

Aki Tuomi

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/536389c4/attachment-0001.sig>

From tripivceta at hotmail.com  Wed Mar 27 19:50:24 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 27 Mar 2013 20:50:24 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <20130327184446.GC8105@pi.ip.fi>
References: <CAFRaUva_1ZH8L7tK1yPFCEeYUhQKdz_Hemd0N9bJRpuayYDQTA@mail.gmail.com>,
	<DUB109-W1259525F825C6209ADD4113DCD00@phx.gbl>,
	<CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>,
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>,
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>,
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>,
	<20130327145438.GA7783@pi.ip.fi>,
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>,
	<20130327150550.GA8105@pi.ip.fi>,
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>,
	<20130327184446.GC8105@pi.ip.fi>
Message-ID: <DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>

> I also now made a patch that lets you define the location of oracle libs
> and such, and would be grateful if people could test this patch to see if
> it has some problems.
>
> you can find it from http://wiki.powerdns.com/trac/ticket/726

It might be desirable to change this line,

for p1 in /usr/include/oracle /usr/local/include/oracle

to

for p1 in ${ORACLE_HOME}/include

ORACLE_HOME could be supplied on the command line, or obtained from the environment. I have never seen an installation of an Oracle database in /usr/local, and such installation would violate the Linux Standards Base - Filesystem Hierachy Standard, the AT&T SVR4 filesystem specification, as well as Oracle's own Oracle Flexible Architecture standards.

Also on Solaris, third party and unbundled application packages may not deliver any content in /usr, because Solaris sparse zones have /usr mounted loopback, read only since /usr is vendor's space and therefore off limits.

Ditto for the following line:

for p1 in /usr/lib/oracle /usr/local/lib/oracle

On line 440, LDFLAGS="-L$with_oracle_includes -lnnz11 -locci"

was "$with_oracle_libs", rather than "$with_oracle_includes" meant there? Perhaps like this:

LDFLAGS="-L${with_oracle_libs} -R${with_oracle_libs} -lnnz11 -locci"

These are just recommendations-at-first-glance.

Looking at the work done for pdns-3.1 and Oracle, I found this fragment in the "pdns" module of our build engine:

        #
        # For linking in OCI connectivity / "(g)oracle" backend.
        #
        ORACLE_HOME="/${prefix}/oracle/product/10.2.0/db_2"; export ORACLE_HOME
        LDFLAGS="-L/${prefix}/lib/64 -L${ORACLE_HOME}/lib -R${ORIGIN}:${ORIGIN}/../lib/64:${ORIGIN}/../../lib/64:/${prefix}/lib/64:/usr/sfw/lib/64:${ORACLE_HOME}/lib"

...If you keeps this up, Oracle will become a first class citizen in pdns land (:-) 		 	   		  


From cmouse at youzen.ext.b2.fi  Wed Mar 27 20:03:44 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 22:03:44 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
References: <CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
	<20130327184446.GC8105@pi.ip.fi>
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
Message-ID: <20130327200344.GD8105@pi.ip.fi>

On Wed, Mar 27, 2013 at 08:50:24PM +0100, a b wrote:
> > I also now made a patch that lets you define the location of oracle libs
> > and such, and would be grateful if people could test this patch to see if
> > it has some problems.
> >
> > you can find it from http://wiki.powerdns.com/trac/ticket/726
> 
> It might be desirable to change this line,
> 
> for p1 in /usr/include/oracle /usr/local/include/oracle

The point is to use instantclient libs, not the server libs, as intended.
 And at least on my devsystem, the instantclient-devel package installs 
under /usr/include. Ofcourse it might make some sense to add it to the list. 

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/09d81105/attachment-0001.sig>

From cmouse at youzen.ext.b2.fi  Wed Mar 27 20:14:50 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 22:14:50 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <20130327200344.GD8105@pi.ip.fi>
References: <DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
	<20130327184446.GC8105@pi.ip.fi>
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
	<20130327200344.GD8105@pi.ip.fi>
Message-ID: <20130327201450.GE8105@pi.ip.fi>

On Wed, Mar 27, 2013 at 10:03:44PM +0200, Aki Tuomi wrote:
> On Wed, Mar 27, 2013 at 08:50:24PM +0100, a b wrote:
> > > I also now made a patch that lets you define the location of oracle libs
> > > and such, and would be grateful if people could test this patch to see if
> > > it has some problems.
> > >
> > > you can find it from http://wiki.powerdns.com/trac/ticket/726
> > 
> > It might be desirable to change this line,
> > 
> > for p1 in /usr/include/oracle /usr/local/include/oracle
> 
> The point is to use instantclient libs, not the server libs, as intended.
>  And at least on my devsystem, the instantclient-devel package installs 
> under /usr/include. Ofcourse it might make some sense to add it to the list. 
> 
> Aki

Added your suggestions into the patch, and replaced it. 

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/0537334f/attachment-0001.sig>

From tripivceta at hotmail.com  Wed Mar 27 20:20:23 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 27 Mar 2013 21:20:23 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <20130327200344.GD8105@pi.ip.fi>
References: <CAFRaUvZ2wM1w9QgrmDe8UJfx34AqhQHO8ByybQBOsTYAhqN_kg@mail.gmail.com>,
	<DUB109-W8247EE8715BA6EE3521EDCDCD10@phx.gbl>,
	<CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>,
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>,
	<20130327145438.GA7783@pi.ip.fi>,
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>,
	<20130327150550.GA8105@pi.ip.fi>,
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>,
	<20130327184446.GC8105@pi.ip.fi>,
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>,
	<20130327200344.GD8105@pi.ip.fi>
Message-ID: <DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>

> The point is to use instantclient libs, not the server libs, as intended.

Ah, so. I always avoid instant client libraries, because they were never linked correctly, libtclntsh.so cannot find libnnz.so because Oracle does not link with the $ORIGIN linker keyword. If they did that, instant client libraries would be great. As they are, they require one to set LD_LIBRARY_PATH, which is a nasty, nasty hack which we absolutely refuse to do.

So what I end up doing is installing the Oracle RDBMS in our software stack prefix, which causes the installer to link libclntsh.so with libnnz.so correctly. Then I patch the relevant Makefile from Oracle to include the $ORIGIN keyword, and relink.

Finally, I grab libclntsh.so and libnnz.so, package them up separately and make the Oracle package depend on the client libraries' package.


> And at least on my devsystem, the instantclient-devel package installs
> under /usr/include. Ofcourse it might make some sense to add it to the list.

How strange that they would do such a thing, since it violates all those standards, one of which is their own! 		 	   		  


From cmouse at youzen.ext.b2.fi  Wed Mar 27 20:32:05 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 22:32:05 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>
References: <CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
	<20130327184446.GC8105@pi.ip.fi>
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
	<20130327200344.GD8105@pi.ip.fi>
	<DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>
Message-ID: <20130327203205.GF8105@pi.ip.fi>

On Wed, Mar 27, 2013 at 09:20:23PM +0100, a b wrote:
> > The point is to use instantclient libs, not the server libs, as intended.
> 
> Ah, so. I always avoid instant client libraries, because they were never linked correctly, libtclntsh.so cannot find libnnz.so because Oracle does not link with the $ORIGIN linker keyword. If they did that, instant client libraries would be great. As they are, they require one to set LD_LIBRARY_PATH, which is a nasty, nasty hack which we absolutely refuse to do.
> 
> So what I end up doing is installing the Oracle RDBMS in our software stack prefix, which causes the installer to link libclntsh.so with libnnz.so correctly. Then I patch the relevant Makefile from Oracle to include the $ORIGIN keyword, and relink.
> 
> Finally, I grab libclntsh.so and libnnz.so, package them up separately and make the Oracle package depend on the client libraries' package.
> 
> 
> > And at least on my devsystem, the instantclient-devel package installs
> > under /usr/include. Ofcourse it might make some sense to add it to the list.
> 
> How strange that they would do such a thing, since it violates all those standards, one of which is their own! 		 	   		  

Full path is 

/usr/include/oracle/11.2/client64/

and libs go into

/usr/lib/oracle/11.2/client64/lib

not 100% sure if this is something caused by alien or the instantclient-devel
rpm.

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/e6172d74/attachment-0001.sig>

From cmouse at youzen.ext.b2.fi  Wed Mar 27 20:33:46 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Wed, 27 Mar 2013 22:33:46 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>
References: <CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
	<20130327184446.GC8105@pi.ip.fi>
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
	<20130327200344.GD8105@pi.ip.fi>
	<DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>
Message-ID: <20130327203346.GA12112@pi.ip.fi>

On Wed, Mar 27, 2013 at 09:20:23PM +0100, a b wrote:
> > The point is to use instantclient libs, not the server libs, as intended.
> 
> Ah, so. I always avoid instant client libraries, because they were never linked correctly, libtclntsh.so cannot find libnnz.so because Oracle does not link with the $ORIGIN linker keyword. If they did that, instant client libraries would be great. As they are, they require one to set LD_LIBRARY_PATH, which is a nasty, nasty hack which we absolutely refuse to do.

Actually you can fix this with /etc/ld.so.conf, just make sure the lib dir(s) 
are in, say, /etc/ld.so.conf.d/oracle or /etc/ld.so.conf and run ldconfig.

no need to use LD_LIBRARY_PATH

Aki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130327/7f0fd072/attachment-0001.sig>

From tripivceta at hotmail.com  Wed Mar 27 20:44:59 2013
From: tripivceta at hotmail.com (a b)
Date: Wed, 27 Mar 2013 21:44:59 +0100
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <20130327203346.GA12112@pi.ip.fi>
References: <CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>,
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>,
	<20130327145438.GA7783@pi.ip.fi>,
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>,
	<20130327150550.GA8105@pi.ip.fi>,
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>,
	<20130327184446.GC8105@pi.ip.fi>,
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>,
	<20130327200344.GD8105@pi.ip.fi>,
	<DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>,
	<20130327203346.GA12112@pi.ip.fi>
Message-ID: <DUB109-W1247CFBA14A413A05CD404BDCD10@phx.gbl>

> Actually you can fix this with /etc/ld.so.conf, just make sure the lib dir(s)
> are in, say, /etc/ld.so.conf.d/oracle or /etc/ld.so.conf and run ldconfig.
>
> no need to use LD_LIBRARY_PATH

That only works on GNU/Linux; if the libraries and binaries are linked with -R, it is not necessary to set either LD_LIBRARY_PATH nor /etc/ld.so.conf, and that technique works on both GNU/Linux and all the System V UNIXes.

As an additional measure, using the $ORIGIN link editor keyword will encode RUNPATH and RPATH into the ELF header,

[9]     RUNPATH         $ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib:/opt/lib
[10]    RPATH           $ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib:/opt/lib

...causing the runtime linker to look in the current directory of the binary/library first ($ORIGIN), then in the other paths relative to the directory where the binary/library are ($ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib). This feature is supported by GNU ld, and ld's in Solaris, IRIX and HP-UX, and possibly other UNIX operating systems.

After this, binary executables and libraries can be relocated anywhere, so long as the relative filesystem structure is preserved.

The neat thing about the $ORIGIN keyword is that it causes the linker to always correctly find symbols in libraries and binaries, without having to depend on LD_LIBRARY_PATH or /etc/ld.so.conf.

I would pay good money to find out why Oracle does not do this with their instant client libraries. 		 	   		  


From margus.kiting at gmail.com  Thu Mar 28 08:06:07 2013
From: margus.kiting at gmail.com (Margus Kiting)
Date: Thu, 28 Mar 2013 10:06:07 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <DUB109-W1247CFBA14A413A05CD404BDCD10@phx.gbl>
References: <CAFRaUvY6CYTDpR257qnNJJ7UnqKXeL-yGuJ2-uTyjV-K7Ygc2w@mail.gmail.com>
	<DUB109-W38CCEE7A6595F674CC56BDCD10@phx.gbl>
	<20130327145438.GA7783@pi.ip.fi>
	<DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
	<20130327184446.GC8105@pi.ip.fi>
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
	<20130327200344.GD8105@pi.ip.fi>
	<DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>
	<20130327203346.GA12112@pi.ip.fi>
	<DUB109-W1247CFBA14A413A05CD404BDCD10@phx.gbl>
Message-ID: <CAFRaUva2UNV7qE24bVLC-YssNLBumR5nU2Zu7P+pXTQOsTHSUA@mail.gmail.com>

Hi,

Thanks all for infromation. I'll try this patch today. I have two more
questions. Have someone tried AXFR ACL's with oracle backend? is DNSSEC
enabled by default using oracle backend or it need some kind of
configuration flag? I cound not find any information from documentation.

Best Regards,
Margus Kiting

On 27 March 2013 22:44, a b <tripivceta at hotmail.com> wrote:

> > Actually you can fix this with /etc/ld.so.conf, just make sure the lib
> dir(s)
> > are in, say, /etc/ld.so.conf.d/oracle or /etc/ld.so.conf and run
> ldconfig.
> >
> > no need to use LD_LIBRARY_PATH
>
> That only works on GNU/Linux; if the libraries and binaries are linked
> with -R, it is not necessary to set either LD_LIBRARY_PATH nor
> /etc/ld.so.conf, and that technique works on both GNU/Linux and all the
> System V UNIXes.
>
> As an additional measure, using the $ORIGIN link editor keyword will
> encode RUNPATH and RPATH into the ELF header,
>
> [9]     RUNPATH         $ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib:/opt/lib
> [10]    RPATH           $ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib:/opt/lib
>
> ...causing the runtime linker to look in the current directory of the
> binary/library first ($ORIGIN), then in the other paths relative to the
> directory where the binary/library are
> ($ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib). This feature is supported by
> GNU ld, and ld's in Solaris, IRIX and HP-UX, and possibly other UNIX
> operating systems.
>
> After this, binary executables and libraries can be relocated anywhere, so
> long as the relative filesystem structure is preserved.
>
> The neat thing about the $ORIGIN keyword is that it causes the linker to
> always correctly find symbols in libraries and binaries, without having to
> depend on LD_LIBRARY_PATH or /etc/ld.so.conf.
>
> I would pay good money to find out why Oracle does not do this with their
> instant client libraries.
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130328/89a84760/attachment-0001.html>

From klaus.mailinglists at pernau.at  Thu Mar 28 11:03:46 2013
From: klaus.mailinglists at pernau.at (Klaus Darilion)
Date: Thu, 28 Mar 2013 12:03:46 +0100
Subject: [Pdns-users] NSEC3 opt-out issues in PDNS 3.2
In-Reply-To: <51532702.7020207@pernau.at>
References: <51532702.7020207@pernau.at>
Message-ID: <51542392.3090900@pernau.at>

Meanwhile I found the important statement in the docu: "In NSEC3 opt-out 
mode (the only NSEC3 mode PowerDNS currently supports) ....".

Are there any plans to support NSEC3 without opt-out?

Further, I wonder why and how Powerdns synthesis the NSEC3 records on 
the fly? In our setup PDNS is a secondary, the signing happens on the 
master. Thus, PDNS receives the zone with AXFR, including the NSEC3 
records and the corresponding RRSIG records. Then, PDNS ignores all the 
NSEC3 records and synthesis them newly. Therefore there is great chance 
that the original signature does not work anymore, and that's also the 
reason why a zone without opt-out gets broken by PDNS.

regards
Klaus





On 27.03.2013 18:06, Klaus Darilion wrote:
> Hi!
>
> We have a setup with Powerdns between a bind master and bind
> secondaries. The master signs the zone without "opt-out". Thus, the
> NSEC3 records in the zone transfer from master->PDNS haev the NSEC3 flag
> set to 0. When the bind secondaries transfer the zone from PDNS, the
> NSEC3 records all have the NSEC3 flag set to 1 (opt-out). Of course this
> breaks the signature of the NSEC3 RR.
>
> Is this a known issue? Is there a config option to fix this?
>
> Thanks
> Klaus
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



From cmouse at youzen.ext.b2.fi  Thu Mar 28 11:12:15 2013
From: cmouse at youzen.ext.b2.fi (Aki Tuomi)
Date: Thu, 28 Mar 2013 13:12:15 +0200
Subject: [Pdns-users] Oracle backend connection string.
In-Reply-To: <CAFRaUva2UNV7qE24bVLC-YssNLBumR5nU2Zu7P+pXTQOsTHSUA@mail.gmail.com>
References: <DUB109-W39A746171A36BF434E5278DCD10@phx.gbl>
	<20130327150550.GA8105@pi.ip.fi>
	<DUB109-W62538CA75A50A33BCDA8A9DCD10@phx.gbl>
	<20130327184446.GC8105@pi.ip.fi>
	<DUB109-W2138AB9E3E6CB89ED232A7DCD10@phx.gbl>
	<20130327200344.GD8105@pi.ip.fi>
	<DUB109-W15EF4FAC75C562CDABFE3CDCD10@phx.gbl>
	<20130327203346.GA12112@pi.ip.fi>
	<DUB109-W1247CFBA14A413A05CD404BDCD10@phx.gbl>
	<CAFRaUva2UNV7qE24bVLC-YssNLBumR5nU2Zu7P+pXTQOsTHSUA@mail.gmail.com>
Message-ID: <20130328111215.GA19955@pi.ip.fi>

The oraclebackend has dnssec turned on by default, the schema seems to support
it. AXFR seems to implemented as well.

To get all configuration options for oracle backend, you can run

pdns_server --config --launch=oracle

I am working with getting oracle xe instance to work on my devkit ubuntu
and then with mr. van Dijk to get the same setup replicated on pdns jenkins
for continuous testing for both goracle and oracle backend. 

Aki

On Thu, Mar 28, 2013 at 10:06:07AM +0200, Margus Kiting wrote:
> Hi,
> 
> Thanks all for infromation. I'll try this patch today. I have two more
> questions. Have someone tried AXFR ACL's with oracle backend? is DNSSEC
> enabled by default using oracle backend or it need some kind of
> configuration flag? I cound not find any information from documentation.
> 
> Best Regards,
> Margus Kiting
> 
> On 27 March 2013 22:44, a b <tripivceta at hotmail.com> wrote:
> 
> > > Actually you can fix this with /etc/ld.so.conf, just make sure the lib
> > dir(s)
> > > are in, say, /etc/ld.so.conf.d/oracle or /etc/ld.so.conf and run
> > ldconfig.
> > >
> > > no need to use LD_LIBRARY_PATH
> >
> > That only works on GNU/Linux; if the libraries and binaries are linked
> > with -R, it is not necessary to set either LD_LIBRARY_PATH nor
> > /etc/ld.so.conf, and that technique works on both GNU/Linux and all the
> > System V UNIXes.
> >
> > As an additional measure, using the $ORIGIN link editor keyword will
> > encode RUNPATH and RPATH into the ELF header,
> >
> > [9]     RUNPATH         $ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib:/opt/lib
> > [10]    RPATH           $ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib:/opt/lib
> >
> > ...causing the runtime linker to look in the current directory of the
> > binary/library first ($ORIGIN), then in the other paths relative to the
> > directory where the binary/library are
> > ($ORIGIN:$ORIGIN/../lib:$ORIGIN/../../lib). This feature is supported by
> > GNU ld, and ld's in Solaris, IRIX and HP-UX, and possibly other UNIX
> > operating systems.
> >
> > After this, binary executables and libraries can be relocated anywhere, so
> > long as the relative filesystem structure is preserved.
> >
> > The neat thing about the $ORIGIN keyword is that it causes the linker to
> > always correctly find symbols in libraries and binaries, without having to
> > depend on LD_LIBRARY_PATH or /etc/ld.so.conf.
> >
> > I would pay good money to find out why Oracle does not do this with their
> > instant client libraries.
> > _______________________________________________
> > Pdns-users mailing list
> > Pdns-users at mailman.powerdns.com
> > http://mailman.powerdns.com/mailman/listinfo/pdns-users
> >

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130328/db864b13/attachment-0001.sig>

From peter.van.dijk at netherlabs.nl  Thu Mar 28 12:13:01 2013
From: peter.van.dijk at netherlabs.nl (Peter van Dijk)
Date: Thu, 28 Mar 2013 13:13:01 +0100
Subject: [Pdns-users] NSEC3 opt-out issues in PDNS 3.2
In-Reply-To: <51542392.3090900@pernau.at>
References: <51532702.7020207@pernau.at> <51542392.3090900@pernau.at>
Message-ID: <0ED070BC-D5E8-45A9-9503-D493D790E53E@netherlabs.nl>

Hello Klaus,

On Mar 28, 2013, at 12:03 , Klaus Darilion wrote:

> Meanwhile I found the important statement in the docu: "In NSEC3 opt-out mode (the only NSEC3 mode PowerDNS currently supports) ....".
> 
> Are there any plans to support NSEC3 without opt-out?

Yes - Kees Monshouwer has in fact written a great patch for it already. We will merge it as time permits. You can find it at https://github.com/Habbie/powerdns/pull/71

> Further, I wonder why and how Powerdns synthesis the NSEC3 records on the fly? In our setup PDNS is a secondary, the signing happens on the master. Thus, PDNS receives the zone with AXFR, including the NSEC3 records and the corresponding RRSIG records. Then, PDNS ignores all the NSEC3 records and synthesis them newly. Therefore there is great chance that the original signature does not work anymore, and that's also the reason why a zone without opt-out gets broken by PDNS.


Apart from opt out vs. no opt out, we have had zero reports of our synthesis breaking original signatures. I'll admit that it does not feel robust, but all modern signers appear to agree on what the canonical NSEC3 chain for a zone is.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/




From akunz at wishmedia.de  Fri Mar 29 06:16:36 2013
From: akunz at wishmedia.de (Alexander Kunz)
Date: Fri, 29 Mar 2013 07:16:36 +0100
Subject: [Pdns-users] Some more exampels or informations about LUA?
In-Reply-To: <0ED070BC-D5E8-45A9-9503-D493D790E53E@netherlabs.nl>
References: <51532702.7020207@pernau.at> <51542392.3090900@pernau.at>
	<0ED070BC-D5E8-45A9-9503-D493D790E53E@netherlabs.nl>
Message-ID: <1A6D29D2-ABF5-498E-9C7B-11C6037103F8@wishmedia.de>


Hello PDNS users,

are there some more examples or informations about embedded LUA backends? 

I try to use some geo informations about the requester IP address, and redis use age. I only found the small example in the backends manual. Perhaps anyone know a more complex example?

Any hints are welcome.

Thanks, and have a nice day...

Kind regards,

Alexander Kunz




From akunz at wishmedia.de  Fri Mar 29 17:24:43 2013
From: akunz at wishmedia.de (Alexander Kunz)
Date: Fri, 29 Mar 2013 18:24:43 +0100
Subject: [Pdns-users] Some more exampels or informations about LUA?
In-Reply-To: <515571E1.9050704@fredan.org>
References: <51532702.7020207@pernau.at> <51542392.3090900@pernau.at>
	<0ED070BC-D5E8-45A9-9503-D493D790E53E@netherlabs.nl>
	<1A6D29D2-ABF5-498E-9C7B-11C6037103F8@wishmedia.de>
	<515571E1.9050704@fredan.org>
Message-ID: <5155CE5B.8030303@wishmedia.de>



Hello fredrik,

thanks for your answer. Im not sure why, but my mail goes out of the 
mailinglist. But i think my answer is not really interesting for 
everyone. Thanks for yor link, i missed the surce because the "with-lua" 
switch, i looked not into the modules, i thought it is a core feature. 
The new Lua backend looks awsome, i will try to build it and try to 
write my lua code, if it works, i write some lines to the list. Thats so 
great, nginx can also use lua... So, it will be easy writing custom 
logic to such essential (core)services like DNS with one powerful 
language. Hope you keep on developing this module.

Thanks so much,

Alexander Kunz



Am 29.03.2013 11:50, schrieb fredrik danerklint:
> You are talking about the Luabackend which I wrote?
>
> You can find a more updated version here:
>
> https://github.com/fredan/luabackend
>
> This version has the prefix function which will help you to build your 
> geo informations to the backend.
>
> 2013-03-29 07:16, Alexander Kunz skrev:
>>
>> Hello PDNS users,
>>
>> are there some more examples or informations about embedded LUA 
>> backends?
>>
>> I try to use some geo informations about the requester IP address, 
>> and redis use age. I only found the small example in the backends 
>> manual. Perhaps anyone know a more complex example?
>>
>> Any hints are welcome.
>>
>> Thanks, and have a nice day...
>>
>> Kind regards,
>>
>> Alexander Kunz
>>
>>
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>>
>>
>
>




From akunz at wishmedia.de  Sun Mar 31 12:17:19 2013
From: akunz at wishmedia.de (Alexander Kunz)
Date: Sun, 31 Mar 2013 14:17:19 +0200
Subject: [Pdns-users] Some more exampels or informations about LUA?
In-Reply-To: <5155CE5B.8030303@wishmedia.de>
References: <51532702.7020207@pernau.at> <51542392.3090900@pernau.at>
	<0ED070BC-D5E8-45A9-9503-D493D790E53E@netherlabs.nl>
	<1A6D29D2-ABF5-498E-9C7B-11C6037103F8@wishmedia.de>
	<515571E1.9050704@fredan.org> <5155CE5B.8030303@wishmedia.de>
Message-ID: <5158294F.6030106@wishmedia.de>

Hello,

sorry again. But i have still two questions which are not clear to me.

First of all, what are the difference between --enable-lua and the 
module / backend lua setting. Is it right to set both options during 
configure?

I try to use redis.lua in my pdns.lua file. But i get this error. I 
think its not really pdns related - do i miss some path informations 
during configure?

Google says somthing about LDPATH, but i am not sure where to set this 
path, because lua looks at the right path, but search this undefined symbol.

TCP server is unable to launch backends - will try again when questions 
come in:

[LUABackend 1] Error running the file '/usr/local/etc/pdns/pdns.lua' : 
error loading module 'socket.core'
from file '/usr/local/lib/lua/5.1/socket/core.so':
#012#011/usr/local/lib/lua/5.1/socket/core.so: undefined symbol:
lua_getmetatable

Thanks for any hints.



Am 29.03.2013 18:24, schrieb Alexander Kunz:
>
>
> Hello fredrik,
>
> thanks for your answer. Im not sure why, but my mail goes out of the
> mailinglist. But i think my answer is not really interesting for
> everyone. Thanks for yor link, i missed the surce because the "with-lua"
> switch, i looked not into the modules, i thought it is a core feature.
> The new Lua backend looks awsome, i will try to build it and try to
> write my lua code, if it works, i write some lines to the list. Thats so
> great, nginx can also use lua... So, it will be easy writing custom
> logic to such essential (core)services like DNS with one powerful
> language. Hope you keep on developing this module.
>
> Thanks so much,
>
> Alexander Kunz
>
>
>
> Am 29.03.2013 11:50, schrieb fredrik danerklint:
>> You are talking about the Luabackend which I wrote?
>>
>> You can find a more updated version here:
>>
>> https://github.com/fredan/luabackend
>>
>> This version has the prefix function which will help you to build your
>> geo informations to the backend.
>>
>> 2013-03-29 07:16, Alexander Kunz skrev:
>>>
>>> Hello PDNS users,
>>>
>>> are there some more examples or informations about embedded LUA
>>> backends?
>>>
>>> I try to use some geo informations about the requester IP address,
>>> and redis use age. I only found the small example in the backends
>>> manual. Perhaps anyone know a more complex example?
>>>
>>> Any hints are welcome.
>>>
>>> Thanks, and have a nice day...
>>>
>>> Kind regards,
>>>
>>> Alexander Kunz
>>>
>>>
>>> _______________________________________________
>>> Pdns-users mailing list
>>> Pdns-users at mailman.powerdns.com
>>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>>>
>>>
>>
>>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



From akunz at wishmedia.de  Sun Mar 31 13:21:43 2013
From: akunz at wishmedia.de (Alexander Kunz)
Date: Sun, 31 Mar 2013 15:21:43 +0200
Subject: [Pdns-users] Some more exampels or informations about LUA?
In-Reply-To: <51582D29.8040401@fredan.org>
References: <51532702.7020207@pernau.at> <51542392.3090900@pernau.at>
	<0ED070BC-D5E8-45A9-9503-D493D790E53E@netherlabs.nl>
	<1A6D29D2-ABF5-498E-9C7B-11C6037103F8@wishmedia.de>
	<515571E1.9050704@fredan.org> <5155CE5B.8030303@wishmedia.de>
	<5158294F.6030106@wishmedia.de> <51582D29.8040401@fredan.org>
Message-ID: <51583867.6080301@wishmedia.de>


Thanks so much,

--with-modules="" --with-dynmodules="lua"

does the trick, i used

--with-modules="lua" --enable-lua

have a nice day ...

Alexander


Am 31.03.2013 14:33, schrieb fredrik danerklint:
> http://tlmc.fredan.se/tlmc-20130207-r1.tar.gz
>
> Download that and go to the directory 'tlmc' and run './pdns'
>
> There you have the latest version of the Luabackend.
>


> This is a pre-compiled version for X86_64.
>
> 2013-03-31 14:17, Alexander Kunz skrev:
>> Hello,
>>
>> sorry again. But i have still two questions which are not clear to me.
>>
>> First of all, what are the difference between --enable-lua and the
>> module / backend lua setting. Is it right to set both options during
>> configure?
>>
>> I try to use redis.lua in my pdns.lua file. But i get this error. I
>> think its not really pdns related - do i miss some path informations
>> during configure?
>>
>> Google says somthing about LDPATH, but i am not sure where to set this
>> path, because lua looks at the right path, but search this undefined
>> symbol.
>>
>> TCP server is unable to launch backends - will try again when questions
>> come in:
>>
>> [LUABackend 1] Error running the file '/usr/local/etc/pdns/pdns.lua' :
>> error loading module 'socket.core'
>> from file '/usr/local/lib/lua/5.1/socket/core.so':
>> #012#011/usr/local/lib/lua/5.1/socket/core.so: undefined symbol:
>> lua_getmetatable
>>
>> Thanks for any hints.
>>
>
>