[Pdns-users] Need help in starting AXFR
Aki Tuomi
cmouse at youzen.ext.b2.fi
Thu Feb 6 10:30:44 UTC 2014
Hi Sajid,
Please go to your *slave* host and run
dig axfr domain @master
Also, please check your slave and master log files.
Aki
On Thu, Feb 06, 2014 at 03:56:08PM +0530, sajid-gmail wrote:
>
> Hello,
>
> Now, we disabled the IPV6 notification issue,
>
> But still we got below error,
>
> Feb 6 01:54:36 powerdns pdns[28933]: *Received unsuccessful*
> notification report for 'example.com' from x.x.x.x:53, rcode: 4
>
>
> Also,
>
> We would like to mentioned that we had setup Powerdns as a hidden master,
> & when we notified to our slave DNS server from our Master using
> below commands then our Master servers sent notification to all the
> real Name servers of the domain which we have not define or specify
> in pdns.conf of hidden master server.
>
> allow-axfr-ips= 68.71.141.22 174.36.24.251
> disable-axfr=no
>
>
> Command that we fired on Master:
> ------------------------------------
> *pdns_control notify example .com*
> pdns_control notify-host example.com 68.71.141.22
> pdns_control notify-host example.com 174.36.24.251
>
>
> But still received unsuccessful notification that you can see in below log:
> Feb 6 02:18:02 powerdns pdns[30068]: Notification request to host
> 68.71.141.22 for domain 'example.com' received
> Feb 6 02:18:03 powerdns pdns[30068]: Received unsuccessful
> notification report for 'example.com' from 68.71.141.22:53, rcode: 5
> Feb 6 02:18:03 powerdns pdns[30068]: Removed from notification
> list: 'example.com' to 68.71.141.22:53
>
>
> Please help us in how to configure auto slave notification & auto
> axfr on Hidden Master
>
>
> Our pdns.conf as per given below,
>
> *cat /etc/powerdns/pdns.conf*
> # Autogenerated configuration file template
> #################################
> # add-superfluous-nsec3-for-old-bind Add superfluous NSEC3 record
> to positive wildcard response
> #
> # add-superfluous-nsec3-for-old-bind=yes
>
> #################################
> # allow-axfr-ips Allow zonetransfers only to these subnets
> #
> allow-axfr-ips= 68.71.141.22, 174.36.24.251
>
>
> #################################
> # allow-recursion List of subnets that are allowed to recurse
> #
> # allow-recursion=0.0.0.0/0
> #allow-recursion=127.0.0.1
>
> #################################
> # any-to-tcp Answer ANY queries with tc=1, shunting to TCP
> #
> # any-to-tcp=no
>
> #################################
> # cache-ttl Seconds to store packets in the PacketCache
> #
> # cache-ttl=20
>
> #################################
> # chroot If set, chroot to this directory for more security
> #
> # chroot=./
>
> #################################
> # config-dir Location of configuration directory (pdns.conf)
> #
> config-dir=/etc/powerdns
>
> #################################
> # config-name Name of this virtual configuration - will rename
> the binary image
> #
> # config-name=
>
> #################################
> # control-console Debugging switch - don't use
> #
> # control-console=no
>
> #################################
> # daemon Operate as a daemon
> #
> daemon=yes
>
> #################################
> # default-ksk-algorithms Default KSK algorithms
> #
> # default-ksk-algorithms=rsasha256
>
> #################################
> # default-ksk-size Default KSK size (0 means default)
> #
> # default-ksk-size=0
>
> #################################
> # default-soa-mail mail address to insert in the SOA record if
> none set in the backend
> #
> # default-soa-mail=
>
> #################################
> # default-soa-name name to insert in the SOA record if none set
> in the backend
> #
> # default-soa-name=a.misconfigured.powerdns.server
>
> #################################
> # default-ttl Seconds a result is valid if not set otherwise
> #
> # default-ttl=3600
>
> #################################
> # default-zsk-algorithms Default ZSK algorithms
> #
> # default-zsk-algorithms=rsasha256
>
> #################################
> # default-zsk-size Default KSK size (0 means default)
> #
> # default-zsk-size=0
>
> #################################
> # disable-axfr Disable zonetransfers but do allow TCP queries
> #
> disable-axfr=no
>
> #################################
> # disable-tcp Do not listen to TCP queries
> #
> disable-tcp=no
>
> #################################
> # distributor-threads Default number of Distributor (backend)
> threads to start
> #
> # distributor-threads=3
>
> #################################
> # do-ipv6-additional-processing Do AAAA additional processing
> #
> # do-ipv6-additional-processing=yes
>
> #################################
> # edns-subnet-option-number EDNS option number to use
> #
> # edns-subnet-option-number=20730
>
> #################################
> # edns-subnet-processing If we should act on EDNS Subnet options
> #
> # edns-subnet-processing=no
>
> #################################
> # entropy-source If set, read entropy from this file
> #
> # entropy-source=/dev/urandom
>
> #################################
> # experimental-direct-dnskey EXPERIMENTAL: fetch DNSKEY RRs from
> backend during DNSKEY synthesis
> #
> # experimental-direct-dnskey=no
>
> #################################
> # experimental-json-interface If the webserver should serve JSON data
> #
> # experimental-json-interface=no
>
> #################################
> # experimental-logfile Filename of the log file for JSON parser
> #
> # experimental-logfile=/var/log/pdns.log
> experimental-logfile=/var/log/pdns.log
> #################################
> # fancy-records Process URL and MBOXFW records
> #
> # fancy-records=no
>
> #################################
> # guardian Run within a guardian process
> #
> # guardian=no
>
> #################################
> # include-dir Include *.conf files from this directory
> #
> # include-dir=
>
> #################################
> # launch Which backends to launch and order to query them in
> #
> # launch=
>
> #################################
> # load-modules Load this module - supply absolute or relative path
> #
> # load-modules=
>
> #################################
> # local-address Local IP addresses to which we bind
> #
> #local-address=0.0.0.0
>
>
> #################################
> # local-ipv6 Local IP address to which we bind
> #
> # local-ipv6=
>
> #################################
> # local-port The port on which we listen
> #
> # local-port=53
>
> #################################
> # log-dns-details If PDNS should log DNS non-erroneous details
> #
> log-dns-details=on
>
> #################################
> # log-dns-queries If PDNS should log all incoming DNS queries
> #
> # log-dns-queries=no
>
> #################################
> # log-failed-updates If PDNS should log failed update requests
> #
> # log-failed-updates=
>
> #################################
> # logging-facility Log under a specific facility
> #
> # logging-facility=
>
> #################################
> # loglevel Amount of logging. Higher is more. Do not set below 3
> #
> loglevel=4
>
> #################################
> # lua-prequery-script Lua script with prequery handler
> #
> # lua-prequery-script=
>
> #################################
> # master Act as a master
> #
> master=yes
>
> #################################
> # max-cache-entries Maximum number of cache entries
> #
> # max-cache-entries=1000000
>
> #################################
> # max-ent-entries Maximum number of empty non-terminals in a zone
> #
> # max-ent-entries=100000
>
> #################################
> # max-queue-length Maximum queuelength before considering situation lost
> #
> max-queue-length=5000
>
> #################################
> # max-tcp-connections Maximum number of TCP connections
> #
> # max-tcp-connections=10
>
> #################################
> # module-dir Default directory for modules
> #
> # module-dir=/usr/local/lib
>
> #################################
> # negquery-cache-ttl Seconds to store negative query results in
> the QueryCache
> #
> # negquery-cache-ttl=60
>
> #################################
> # no-shuffle Set this to prevent random shuffling of answers -
> for regression testing
> #
> # no-shuffle=off
>
> #################################
> # out-of-zone-additional-processing Do out of zone additional processing
> #
> # out-of-zone-additional-processing=yes
>
> #################################
> # overload-queue-length Maximum queuelength moving to packetcache only
> #
> # overload-queue-length=0
>
> #################################
> # pipebackend-abi-version Version of the pipe backend ABI
> #
> # pipebackend-abi-version=1
>
> #################################
> # prevent-self-notification Don't send notifications to what we
> think is ourself
> #
> # prevent-self-notification=yes
>
> #################################
> # query-cache-ttl Seconds to store query results in the QueryCache
> #
> # query-cache-ttl=20
>
> #################################
> # query-local-address Source IP address for sending queries
> #
> # query-local-address=0.0.0.0
>
> #################################
> # query-local-address6 Source IPv6 address for sending queries
> #
> # query-local-address6=::1
> query-local-address6=
>
> #################################
> # query-logging Hint backends that queries should be logged
> #
> #query-logging=yes
>
> #################################
> # queue-limit Maximum number of milliseconds to queue a query
> #
> # queue-limit=1500
>
> #################################
> # receiver-threads Default number of receiver threads to start
> #
> # receiver-threads=1
>
> #################################
> # recursive-cache-ttl Seconds to store packets for recursive
> queries in the PacketCache
> #
> # recursive-cache-ttl=10
>
> #################################
> # recursor If recursion is desired, IP address of a recursing nameserver
> #
> #recursor=38.126.54.11
>
> #################################
> # retrieval-threads Number of AXFR-retrieval threads for slave operation
> #
> # retrieval-threads=2
>
> #################################
> # send-root-referral Send out old-fashioned root-referral instead
> of ServFail in case of no authority
> #
> # send-root-referral=no
>
> #################################
> # server-id Returned when queried for 'server.id' TXT or NSID,
> defaults to hostname
> #
> # server-id=
>
> #################################
> # setgid If set, change group id to this gid for more security
> #
> # setgid=
>
> #################################
> # setuid If set, change user id to this uid for more security
> #
> # setuid=
>
> #################################
> # signing-threads Default number of signer threads to start
> #
> # signing-threads=3
>
> #################################
> # slave Act as a slave
> #
> # slave=no
>
> #################################
> # slave-cycle-interval Reschedule failed SOA serial checks once
> every .. seconds
> #
> # slave-cycle-interval=60
>
> #################################
> # slave-renotify If we should send out notifications for slaved updates
> #
> # slave-renotify=no
>
> #################################
> # smtpredirector Our smtpredir MX host
> #
> # smtpredirector=a.misconfigured.powerdns.smtp.server
>
> #################################
> # soa-expire-default Default SOA expire
> #
> # soa-expire-default=604800
>
> #################################
> # soa-minimum-ttl Default SOA minimum ttl
> #
> # soa-minimum-ttl=3600
>
> #################################
> # soa-refresh-default Default SOA refresh
> #
> # soa-refresh-default=10800
>
> #################################
> # soa-retry-default Default SOA retry
> #
> # soa-retry-default=3600
>
> #################################
> # soa-serial-offset Make sure that no SOA serial is less than this number
> #
> # soa-serial-offset=0
>
> #################################
> # socket-dir Where the controlsocket will live
> #
> # socket-dir=/var/run
>
> #################################
> # tcp-control-address If set, PowerDNS can be controlled over TCP
> on this address
> #
> # tcp-control-address=
>
> #################################
> # tcp-control-port If set, PowerDNS can be controlled over TCP on
> this address
> #
> # tcp-control-port=53000
>
> #################################
> # tcp-control-range If set, remote control of PowerDNS is
> possible over these networks only
> #
> # tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16,
> 172.16.0.0/12, ::1/128, fe80::/10
>
> #################################
> # tcp-control-secret If set, PowerDNS can be controlled over TCP
> after passing this secret
> #
> # tcp-control-secret=
>
> #################################
> # traceback-handler Enable the traceback handler (Linux only)
> #
> # traceback-handler=yes
>
> #################################
> # trusted-notification-proxy IP address of incoming notification proxy
> #
> # trusted-notification-proxy=
>
> #################################
> # urlredirector Where we send hosts to that need to be url redirected
> #
> # urlredirector=127.0.0.1
>
> #################################
> # version-string PowerDNS version in packets - full, anonymous,
> powerdns or custom
> #
> # version-string=full
>
> #################################
> # webserver Start a webserver for monitoring
> #
> # webserver=no
>
> #################################
> # webserver-address IP Address of webserver to listen on
> #
> # webserver-address=127.0.0.1
>
> #################################
> # webserver-password Password required for accessing the webserver
> #
> # webserver-password=
>
> #################################
> # webserver-port Port of webserver to listen on
> #
> # webserver-port=8081
>
> #################################
> # webserver-print-arguments If the webserver should print arguments
> #
> # webserver-print-arguments=no
>
> #################################
> # wildcard-url Process URL and MBOXFW records
> #
> wildcard-url=yes
> ##################################
> module-dir=/usr/lib64
> socket-dir=/var/run/pdns-server
> setuid=powerdns
> setgid=powerdns
> launch=gmysql
> gmysql-host=127.0.0.1
> gmysql-user=powerdns
> gmysql-password=xxxx
> gmysql-dbname=xxxx
>
>
>
>
> Kindly suggest us or give steps which requires in conf file of pdns
> for setting up Hidden Master DNS server.
>
> Awaiting your kind reply.
>
> Thanks
>
>
>
> On 02/06/2014 12:05 PM, sajid-gmail wrote:
> >
> >Hello,
> >
> >I have installed PowerDNS Authoritative Server 3.3 on centos.
> >
> >when I allow axfr IPs in master then I got follwing below Error,
> >
> >Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
> >'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
> >Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
> >'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
> >Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
> >'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >notify to [2607:fc88:1001:1::4]:53: Network is unreachable
> >Feb 5 22:25:30 powerdns pdns[18815]: Query: select
> >id,name,master,last_check,type from domains where type='SLAVE'
> >Feb 5 22:25:30 powerdns pdns[18815]: Query: select
> >id,name,master,last_check,notified_serial,type from domains where
> >type='MASTER'
> >Feb 5 22:25:30 powerdns pdns[18815]: Query: select
> >content,ttl,prio,type,domain_id,name from records where type='SOA'
> >and name='cybermaxsolutions.com'
> >Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
> >'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
> >Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
> >'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
> >Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
> >'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >notify to [2607:fc88:1001:1::4]:53: *Network is unreachable*
> >
> >
> >Note : x:x:x:x::x (IPv6 address)
> >
> >AXFR setting in master:
> >cat /etc/powerdns/pdns.conf | grep -v "#" | grep axfr
> >allow-axfr-ips= 192.168.0.1 192.168.1.11
> >disable-axfr=no
> >
> >Why it is go for IPv6 ip which I am not mentioned in axfr settings,
> >Why I got "*Network is unreachable*"
> >
> >Please help me or give me some steps to resolve this issue.
> >Please share me with some links that are usefull in this kind of issue,
> >Or let me know How to stop ipv6 setting in pdns.conf.
> >
> >
> >Awaiting your kind reply.
> >
> >Thanks
> >
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140206/4ac968c8/attachment-0001.sig>
More information about the Pdns-users
mailing list