[Pdns-users] Need help in starting AXFR
sajid-gmail
sajinux at gmail.com
Thu Feb 6 10:25:18 UTC 2014
Thanks for your good support,
Now, we disabled the IPV6 notification issue,
But still we got below error,
Feb 6 01:54:36 powerdns pdns[28933]: *Received unsuccessful*
notification report for 'example.com' from x.x.x.x:53, rcode: 4
Also,
We would like to mentioned that we had setup Powerdns as a hidden master,
& when we notified to our slave DNS server from our Master using below
commands then our Master servers sent notification to all the real Name
servers of the domain which we have not define or specify in pdns.conf
of hidden master server.
allow-axfr-ips= 68.71.141.22 174.36.24.251
disable-axfr=no
Command that we fired on Master:
------------------------------------
*pdns_control notify example .com*
pdns_control notify-host example.com 68.71.141.22
pdns_control notify-host example.com 174.36.24.251
But still received unsuccessful notification that you can see in below log:
Feb 6 02:18:02 powerdns pdns[30068]: Notification request to host
68.71.141.22 for domain 'example.com' received
Feb 6 02:18:03 powerdns pdns[30068]: Received unsuccessful notification
report for 'example.com' from 68.71.141.22:53, rcode: 5
Feb 6 02:18:03 powerdns pdns[30068]: Removed from notification list:
'example.com' to 68.71.141.22:53
Please help us in how to configure auto slave notification & auto axfr
on Hidden Master
Our pdns.conf as per given below,
*cat /etc/powerdns/pdns.conf*
# Autogenerated configuration file template
#################################
# add-superfluous-nsec3-for-old-bind Add superfluous NSEC3 record to
positive wildcard response
#
# add-superfluous-nsec3-for-old-bind=yes
#################################
# allow-axfr-ips Allow zonetransfers only to these subnets
#
allow-axfr-ips= 68.71.141.22, 174.36.24.251
#################################
# allow-recursion List of subnets that are allowed to recurse
#
# allow-recursion=0.0.0.0/0
#allow-recursion=127.0.0.1
#################################
# any-to-tcp Answer ANY queries with tc=1, shunting to TCP
#
# any-to-tcp=no
#################################
# cache-ttl Seconds to store packets in the PacketCache
#
# cache-ttl=20
#################################
# chroot If set, chroot to this directory for more security
#
# chroot=./
#################################
# config-dir Location of configuration directory (pdns.conf)
#
config-dir=/etc/powerdns
#################################
# config-name Name of this virtual configuration - will rename the
binary image
#
# config-name=
#################################
# control-console Debugging switch - don't use
#
# control-console=no
#################################
# daemon Operate as a daemon
#
daemon=yes
#################################
# default-ksk-algorithms Default KSK algorithms
#
# default-ksk-algorithms=rsasha256
#################################
# default-ksk-size Default KSK size (0 means default)
#
# default-ksk-size=0
#################################
# default-soa-mail mail address to insert in the SOA record if none
set in the backend
#
# default-soa-mail=
#################################
# default-soa-name name to insert in the SOA record if none set in
the backend
#
# default-soa-name=a.misconfigured.powerdns.server
#################################
# default-ttl Seconds a result is valid if not set otherwise
#
# default-ttl=3600
#################################
# default-zsk-algorithms Default ZSK algorithms
#
# default-zsk-algorithms=rsasha256
#################################
# default-zsk-size Default KSK size (0 means default)
#
# default-zsk-size=0
#################################
# disable-axfr Disable zonetransfers but do allow TCP queries
#
disable-axfr=no
#################################
# disable-tcp Do not listen to TCP queries
#
disable-tcp=no
#################################
# distributor-threads Default number of Distributor (backend) threads
to start
#
# distributor-threads=3
#################################
# do-ipv6-additional-processing Do AAAA additional processing
#
# do-ipv6-additional-processing=yes
#################################
# edns-subnet-option-number EDNS option number to use
#
# edns-subnet-option-number=20730
#################################
# edns-subnet-processing If we should act on EDNS Subnet options
#
# edns-subnet-processing=no
#################################
# entropy-source If set, read entropy from this file
#
# entropy-source=/dev/urandom
#################################
# experimental-direct-dnskey EXPERIMENTAL: fetch DNSKEY RRs from
backend during DNSKEY synthesis
#
# experimental-direct-dnskey=no
#################################
# experimental-json-interface If the webserver should serve JSON data
#
# experimental-json-interface=no
#################################
# experimental-logfile Filename of the log file for JSON parser
#
# experimental-logfile=/var/log/pdns.log
experimental-logfile=/var/log/pdns.log
#################################
# fancy-records Process URL and MBOXFW records
#
# fancy-records=no
#################################
# guardian Run within a guardian process
#
# guardian=no
#################################
# include-dir Include *.conf files from this directory
#
# include-dir=
#################################
# launch Which backends to launch and order to query them in
#
# launch=
#################################
# load-modules Load this module - supply absolute or relative path
#
# load-modules=
#################################
# local-address Local IP addresses to which we bind
#
#local-address=0.0.0.0
#################################
# local-ipv6 Local IP address to which we bind
#
# local-ipv6=
#################################
# local-port The port on which we listen
#
# local-port=53
#################################
# log-dns-details If PDNS should log DNS non-erroneous details
#
log-dns-details=on
#################################
# log-dns-queries If PDNS should log all incoming DNS queries
#
# log-dns-queries=no
#################################
# log-failed-updates If PDNS should log failed update requests
#
# log-failed-updates=
#################################
# logging-facility Log under a specific facility
#
# logging-facility=
#################################
# loglevel Amount of logging. Higher is more. Do not set below 3
#
loglevel=4
#################################
# lua-prequery-script Lua script with prequery handler
#
# lua-prequery-script=
#################################
# master Act as a master
#
master=yes
#################################
# max-cache-entries Maximum number of cache entries
#
# max-cache-entries=1000000
#################################
# max-ent-entries Maximum number of empty non-terminals in a zone
#
# max-ent-entries=100000
#################################
# max-queue-length Maximum queuelength before considering situation lost
#
max-queue-length=5000
#################################
# max-tcp-connections Maximum number of TCP connections
#
# max-tcp-connections=10
#################################
# module-dir Default directory for modules
#
# module-dir=/usr/local/lib
#################################
# negquery-cache-ttl Seconds to store negative query results in the
QueryCache
#
# negquery-cache-ttl=60
#################################
# no-shuffle Set this to prevent random shuffling of answers - for
regression testing
#
# no-shuffle=off
#################################
# out-of-zone-additional-processing Do out of zone additional processing
#
# out-of-zone-additional-processing=yes
#################################
# overload-queue-length Maximum queuelength moving to packetcache only
#
# overload-queue-length=0
#################################
# pipebackend-abi-version Version of the pipe backend ABI
#
# pipebackend-abi-version=1
#################################
# prevent-self-notification Don't send notifications to what we think
is ourself
#
# prevent-self-notification=yes
#################################
# query-cache-ttl Seconds to store query results in the QueryCache
#
# query-cache-ttl=20
#################################
# query-local-address Source IP address for sending queries
#
# query-local-address=0.0.0.0
#################################
# query-local-address6 Source IPv6 address for sending queries
#
# query-local-address6=::1
query-local-address6=
#################################
# query-logging Hint backends that queries should be logged
#
#query-logging=yes
#################################
# queue-limit Maximum number of milliseconds to queue a query
#
# queue-limit=1500
#################################
# receiver-threads Default number of receiver threads to start
#
# receiver-threads=1
#################################
# recursive-cache-ttl Seconds to store packets for recursive queries
in the PacketCache
#
# recursive-cache-ttl=10
#################################
# recursor If recursion is desired, IP address of a recursing nameserver
#
#recursor=38.126.54.11
#################################
# retrieval-threads Number of AXFR-retrieval threads for slave operation
#
# retrieval-threads=2
#################################
# send-root-referral Send out old-fashioned root-referral instead of
ServFail in case of no authority
#
# send-root-referral=no
#################################
# server-id Returned when queried for 'server.id' TXT or NSID,
defaults to hostname
#
# server-id=
#################################
# setgid If set, change group id to this gid for more security
#
# setgid=
#################################
# setuid If set, change user id to this uid for more security
#
# setuid=
#################################
# signing-threads Default number of signer threads to start
#
# signing-threads=3
#################################
# slave Act as a slave
#
# slave=no
#################################
# slave-cycle-interval Reschedule failed SOA serial checks once every
.. seconds
#
# slave-cycle-interval=60
#################################
# slave-renotify If we should send out notifications for slaved updates
#
# slave-renotify=no
#################################
# smtpredirector Our smtpredir MX host
#
# smtpredirector=a.misconfigured.powerdns.smtp.server
#################################
# soa-expire-default Default SOA expire
#
# soa-expire-default=604800
#################################
# soa-minimum-ttl Default SOA minimum ttl
#
# soa-minimum-ttl=3600
#################################
# soa-refresh-default Default SOA refresh
#
# soa-refresh-default=10800
#################################
# soa-retry-default Default SOA retry
#
# soa-retry-default=3600
#################################
# soa-serial-offset Make sure that no SOA serial is less than this number
#
# soa-serial-offset=0
#################################
# socket-dir Where the controlsocket will live
#
# socket-dir=/var/run
#################################
# tcp-control-address If set, PowerDNS can be controlled over TCP on
this address
#
# tcp-control-address=
#################################
# tcp-control-port If set, PowerDNS can be controlled over TCP on
this address
#
# tcp-control-port=53000
#################################
# tcp-control-range If set, remote control of PowerDNS is possible
over these networks only
#
# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16,
172.16.0.0/12, ::1/128, fe80::/10
#################################
# tcp-control-secret If set, PowerDNS can be controlled over TCP
after passing this secret
#
# tcp-control-secret=
#################################
# traceback-handler Enable the traceback handler (Linux only)
#
# traceback-handler=yes
#################################
# trusted-notification-proxy IP address of incoming notification proxy
#
# trusted-notification-proxy=
#################################
# urlredirector Where we send hosts to that need to be url redirected
#
# urlredirector=127.0.0.1
#################################
# version-string PowerDNS version in packets - full, anonymous,
powerdns or custom
#
# version-string=full
#################################
# webserver Start a webserver for monitoring
#
# webserver=no
#################################
# webserver-address IP Address of webserver to listen on
#
# webserver-address=127.0.0.1
#################################
# webserver-password Password required for accessing the webserver
#
# webserver-password=
#################################
# webserver-port Port of webserver to listen on
#
# webserver-port=8081
#################################
# webserver-print-arguments If the webserver should print arguments
#
# webserver-print-arguments=no
#################################
# wildcard-url Process URL and MBOXFW records
#
wildcard-url=yes
##################################
module-dir=/usr/lib64
socket-dir=/var/run/pdns-server
setuid=powerdns
setgid=powerdns
launch=gmysql
gmysql-host=127.0.0.1
gmysql-user=powerdns
gmysql-password=xxxx
gmysql-dbname=xxxx
Kindly suggest us or give steps which requires in conf file of pdns for
setting up Hidden Master DNS server.
Awaiting your kind reply.
Thanks
On 02/06/2014 03:11 PM, Aki Tuomi wrote:
> On Thu, Feb 06, 2014 at 12:05:56PM +0530, sajid-gmail wrote:
>> Hello,
>>
>> I have installed PowerDNS Authoritative Server 3.3 on centos.
>>
>> when I allow axfr IPs in master then I got follwing below Error,
>>
>> Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>> notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
>> Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>> notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
>> Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>> notify to [2607:fc88:1001:1::4]:53: Network is unreachable
>> Feb 5 22:25:30 powerdns pdns[18815]: Query: select
>> id,name,master,last_check,type from domains where type='SLAVE'
>> Feb 5 22:25:30 powerdns pdns[18815]: Query: select
>> id,name,master,last_check,notified_serial,type from domains where
>> type='MASTER'
>> Feb 5 22:25:30 powerdns pdns[18815]: Query: select
>> content,ttl,prio,type,domain_id,name from records where type='SOA'
>> and name='example.com'
>> Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>> notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
>> Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>> notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
>> Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>> notify to [2607:fc88:1001:1::4]:53: *Network is unreachable*
>>
> You are using IPv6 for notifications, set query-local-address6= to disable this
> (yes, leave it empty)
>
> Or fix your IPv6 routing.
>
>> Note : x:x:x:x::x (IPv6 address)
>>
>> AXFR setting in master:
>> cat /etc/powerdns/pdns.conf | grep -v "#" | grep axfr
>> allow-axfr-ips= 192.168.0.1 192.168.1.11
>> disable-axfr=no
>>
>> Why it is go for IPv6 ip which I am not mentioned in axfr settings,
>> Why I got "*Network is unreachable*"
>>
>> Please help me or give me some steps to resolve this issue.
>> Please share me with some links that are usefull in this kind of issue,
>> Or let me know How to stop ipv6 setting in pdns.conf.
>>
>>
>> Awaiting your kind reply.
>>
>> Thanks
>>
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140206/8e1f7a77/attachment-0001.html>
More information about the Pdns-users
mailing list