[Pdns-users] Transfer zone with lower serial from master to slave

Aki Tuomi cmouse at youzen.ext.b2.fi
Sat Apr 26 18:06:27 UTC 2014


On Wed, Apr 23, 2014 at 08:22:51AM -0500, ktm at rice.edu wrote:
> On Wed, Apr 23, 2014 at 03:07:00PM +0200, Nowaker wrote:
> > Hey,
> > 
> > I work for a company that offers DNS services. Most of the customers
> > use standard service, but some customers choose a plan when our
> > servers are just slaves. Whenever our customer lowers the serial, we
> > have a problem. We get a bug report, we have to investigate what
> > happened, and in most cases the reason is the customer lowered the
> > serial. Is it possible for slave PowerDNS to *ignore* this, and
> > perform the transfer anyway? The ideal solution would be to get the
> > zone transfered if their serial (master) doesn't equal ours (slave).
> > After all, we are a slave, so we should obey what the master says,
> > without trying to question his orders ;)
> > 
> > > The only solution that really makes sense is to change the transfer
> > > rules so that slaves always transfer a zone unless it is equal to the
> > > master number, which is equivalent to what you propose, minus the
> > > arithmetic chicanery.
> > > http://marc.info/?l=pdns-dev&m=121812703211141
> > 
> > Has this ever been implemented in PowerDNS? (I mean "transfer a zone
> > unless it is equal to the master number", not "Serial Number
> > Arithmetic" that is not a case for me) Is there any switch in config
> > file for that? Docs doesn't say anything about that but I just want
> > to make sure.
> > 
> > >If the SOA serial number there is *higher*, the domain is retrieved and inserted into the database.
> > > http://doc.powerdns.com/html/slave.html
> > 
> > However, the docs do say it's possible to define a custom axfrfilter
> > method. Can this be used for my case? Does PowerDNS perform serial
> > arithmetics and decide whether a transfer is going to be performed,
> > or everything depends solely on axfrfilter?
> > 
> > Thanks for your answers.
> > 
> > -- 
> > Kind regards,
> > Damian Nowak
> > StratusHost
> > www.AtlasHost.eu
> > 
> 
> Hi Damian,
> 
> I certainly hope this NEVER, EVER is added to any DNS software ever.
> This would mean that old, outdated DNS information would be cached. I
> think your best bet is to use the lua script option for a zone axfr:
> 
> http://doc.powerdns.com/html/slave.html#lua-axfr-script
> 
> and ensure that your slaves all send a normal, increasing serial
> number at all times. You may need to do some out-of-band monitoring
> of their hidden master to identify a serial number change and force
> a zone axfr on your end.
> 
> Regards,
> Ken

Ken, you might be interested to hear that djbdns does it like this:

http://cr.yp.to/djbdns/axfr-get.html

Aki

> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140426/ae75a8e8/attachment-0001.sig>


More information about the Pdns-users mailing list