[Pdns-users] Need help in starting AXFR

Aki Tuomi cmouse at youzen.ext.b2.fi
Thu Feb 6 10:30:44 UTC 2014


Hi Sajid,

Please go to your *slave* host and run

dig axfr domain @master

Also, please check your slave and master log files. 

Aki

On Thu, Feb 06, 2014 at 03:56:08PM +0530, sajid-gmail wrote:
> 
> Hello,
> 
> Now, we disabled the IPV6 notification issue,
> 
> But still we got below error,
> 
> Feb  6 01:54:36 powerdns pdns[28933]: *Received unsuccessful*
> notification report for 'example.com' from x.x.x.x:53, rcode: 4
> 
> 
> Also,
> 
> We would like to mentioned that we had setup Powerdns as a hidden master,
> & when we notified to our slave DNS server from our Master using
> below commands then our Master servers sent notification to all the
> real Name servers of the domain which we have not define or specify
> in pdns.conf of hidden master server.
> 
> allow-axfr-ips= 68.71.141.22 174.36.24.251
> disable-axfr=no
> 
> 
> Command that we fired on Master:
> ------------------------------------
> *pdns_control notify example .com*
> pdns_control notify-host example.com 68.71.141.22
> pdns_control notify-host example.com 174.36.24.251
> 
> 
> But still received unsuccessful notification that you can see in below log:
> Feb  6 02:18:02 powerdns pdns[30068]: Notification request to host
> 68.71.141.22 for domain 'example.com' received
> Feb  6 02:18:03 powerdns pdns[30068]: Received unsuccessful
> notification report for 'example.com' from 68.71.141.22:53, rcode: 5
> Feb  6 02:18:03 powerdns pdns[30068]: Removed from notification
> list: 'example.com' to 68.71.141.22:53
> 
> 
> Please help us in how to configure auto slave notification & auto
> axfr on Hidden Master
> 
> 
> Our pdns.conf as per given below,
> 
> *cat /etc/powerdns/pdns.conf*
> # Autogenerated configuration file template
> #################################
> # add-superfluous-nsec3-for-old-bind    Add superfluous NSEC3 record
> to positive wildcard response
> #
> # add-superfluous-nsec3-for-old-bind=yes
> 
> #################################
> # allow-axfr-ips    Allow zonetransfers only to these subnets
> #
> allow-axfr-ips= 68.71.141.22, 174.36.24.251
> 
> 
> #################################
> # allow-recursion    List of subnets that are allowed to recurse
> #
> # allow-recursion=0.0.0.0/0
> #allow-recursion=127.0.0.1
> 
> #################################
> # any-to-tcp    Answer ANY queries with tc=1, shunting to TCP
> #
> # any-to-tcp=no
> 
> #################################
> # cache-ttl    Seconds to store packets in the PacketCache
> #
> # cache-ttl=20
> 
> #################################
> # chroot    If set, chroot to this directory for more security
> #
> # chroot=./
> 
> #################################
> # config-dir    Location of configuration directory (pdns.conf)
> #
>  config-dir=/etc/powerdns
> 
> #################################
> # config-name    Name of this virtual configuration - will rename
> the binary image
> #
> # config-name=
> 
> #################################
> # control-console    Debugging switch - don't use
> #
> # control-console=no
> 
> #################################
> # daemon    Operate as a daemon
> #
> daemon=yes
> 
> #################################
> # default-ksk-algorithms    Default KSK algorithms
> #
> # default-ksk-algorithms=rsasha256
> 
> #################################
> # default-ksk-size    Default KSK size (0 means default)
> #
> # default-ksk-size=0
> 
> #################################
> # default-soa-mail    mail address to insert in the SOA record if
> none set in the backend
> #
> # default-soa-mail=
> 
> #################################
> # default-soa-name    name to insert in the SOA record if none set
> in the backend
> #
> # default-soa-name=a.misconfigured.powerdns.server
> 
> #################################
> # default-ttl    Seconds a result is valid if not set otherwise
> #
> # default-ttl=3600
> 
> #################################
> # default-zsk-algorithms    Default ZSK algorithms
> #
> # default-zsk-algorithms=rsasha256
> 
> #################################
> # default-zsk-size    Default KSK size (0 means default)
> #
> # default-zsk-size=0
> 
> #################################
> # disable-axfr    Disable zonetransfers but do allow TCP queries
> #
> disable-axfr=no
> 
> #################################
> # disable-tcp    Do not listen to TCP queries
> #
> disable-tcp=no
> 
> #################################
> # distributor-threads    Default number of Distributor (backend)
> threads to start
> #
> # distributor-threads=3
> 
> #################################
> # do-ipv6-additional-processing    Do AAAA additional processing
> #
> # do-ipv6-additional-processing=yes
> 
> #################################
> # edns-subnet-option-number    EDNS option number to use
> #
> # edns-subnet-option-number=20730
> 
> #################################
> # edns-subnet-processing    If we should act on EDNS Subnet options
> #
> # edns-subnet-processing=no
> 
> #################################
> # entropy-source    If set, read entropy from this file
> #
> # entropy-source=/dev/urandom
> 
> #################################
> # experimental-direct-dnskey    EXPERIMENTAL: fetch DNSKEY RRs from
> backend during DNSKEY synthesis
> #
> # experimental-direct-dnskey=no
> 
> #################################
> # experimental-json-interface    If the webserver should serve JSON data
> #
> # experimental-json-interface=no
> 
> #################################
> # experimental-logfile    Filename of the log file for JSON parser
> #
> # experimental-logfile=/var/log/pdns.log
> experimental-logfile=/var/log/pdns.log
> #################################
> # fancy-records    Process URL and MBOXFW records
> #
> # fancy-records=no
> 
> #################################
> # guardian    Run within a guardian process
> #
> # guardian=no
> 
> #################################
> # include-dir    Include *.conf files from this directory
> #
> # include-dir=
> 
> #################################
> # launch    Which backends to launch and order to query them in
> #
> # launch=
> 
> #################################
> # load-modules    Load this module - supply absolute or relative path
> #
> # load-modules=
> 
> #################################
> # local-address    Local IP addresses to which we bind
> #
> #local-address=0.0.0.0
> 
> 
> #################################
> # local-ipv6    Local IP address to which we bind
> #
> # local-ipv6=
> 
> #################################
> # local-port    The port on which we listen
> #
> # local-port=53
> 
> #################################
> # log-dns-details    If PDNS should log DNS non-erroneous details
> #
> log-dns-details=on
> 
> #################################
> # log-dns-queries    If PDNS should log all incoming DNS queries
> #
> # log-dns-queries=no
> 
> #################################
> # log-failed-updates    If PDNS should log failed update requests
> #
> # log-failed-updates=
> 
> #################################
> # logging-facility    Log under a specific facility
> #
> # logging-facility=
> 
> #################################
> # loglevel    Amount of logging. Higher is more. Do not set below 3
> #
> loglevel=4
> 
> #################################
> # lua-prequery-script    Lua script with prequery handler
> #
> # lua-prequery-script=
> 
> #################################
> # master    Act as a master
> #
> master=yes
> 
> #################################
> # max-cache-entries    Maximum number of cache entries
> #
> # max-cache-entries=1000000
> 
> #################################
> # max-ent-entries    Maximum number of empty non-terminals in a zone
> #
> # max-ent-entries=100000
> 
> #################################
> # max-queue-length    Maximum queuelength before considering situation lost
> #
> max-queue-length=5000
> 
> #################################
> # max-tcp-connections    Maximum number of TCP connections
> #
> # max-tcp-connections=10
> 
> #################################
> # module-dir    Default directory for modules
> #
> # module-dir=/usr/local/lib
> 
> #################################
> # negquery-cache-ttl    Seconds to store negative query results in
> the QueryCache
> #
> # negquery-cache-ttl=60
> 
> #################################
> # no-shuffle    Set this to prevent random shuffling of answers -
> for regression testing
> #
> # no-shuffle=off
> 
> #################################
> # out-of-zone-additional-processing    Do out of zone additional processing
> #
> # out-of-zone-additional-processing=yes
> 
> #################################
> # overload-queue-length    Maximum queuelength moving to packetcache only
> #
> # overload-queue-length=0
> 
> #################################
> # pipebackend-abi-version    Version of the pipe backend ABI
> #
> # pipebackend-abi-version=1
> 
> #################################
> # prevent-self-notification    Don't send notifications to what we
> think is ourself
> #
> # prevent-self-notification=yes
> 
> #################################
> # query-cache-ttl    Seconds to store query results in the QueryCache
> #
> # query-cache-ttl=20
> 
> #################################
> # query-local-address    Source IP address for sending queries
> #
> # query-local-address=0.0.0.0
> 
> #################################
> # query-local-address6    Source IPv6 address for sending queries
> #
> # query-local-address6=::1
> query-local-address6=
> 
> #################################
> # query-logging    Hint backends that queries should be logged
> #
> #query-logging=yes
> 
> #################################
> # queue-limit    Maximum number of milliseconds to queue a query
> #
> # queue-limit=1500
> 
> #################################
> # receiver-threads    Default number of receiver threads to start
> #
> # receiver-threads=1
> 
> #################################
> # recursive-cache-ttl    Seconds to store packets for recursive
> queries in the PacketCache
> #
> # recursive-cache-ttl=10
> 
> #################################
> # recursor    If recursion is desired, IP address of a recursing nameserver
> #
> #recursor=38.126.54.11
> 
> #################################
> # retrieval-threads    Number of AXFR-retrieval threads for slave operation
> #
> # retrieval-threads=2
> 
> #################################
> # send-root-referral    Send out old-fashioned root-referral instead
> of ServFail in case of no authority
> #
> # send-root-referral=no
> 
> #################################
> # server-id    Returned when queried for 'server.id' TXT or NSID,
> defaults to hostname
> #
> # server-id=
> 
> #################################
> # setgid    If set, change group id to this gid for more security
> #
> # setgid=
> 
> #################################
> # setuid    If set, change user id to this uid for more security
> #
> # setuid=
> 
> #################################
> # signing-threads    Default number of signer threads to start
> #
> # signing-threads=3
> 
> #################################
> # slave    Act as a slave
> #
> # slave=no
> 
> #################################
> # slave-cycle-interval    Reschedule failed SOA serial checks once
> every .. seconds
> #
> # slave-cycle-interval=60
> 
> #################################
> # slave-renotify    If we should send out notifications for slaved updates
> #
> # slave-renotify=no
> 
> #################################
> # smtpredirector    Our smtpredir MX host
> #
> # smtpredirector=a.misconfigured.powerdns.smtp.server
> 
> #################################
> # soa-expire-default    Default SOA expire
> #
> # soa-expire-default=604800
> 
> #################################
> # soa-minimum-ttl    Default SOA minimum ttl
> #
> # soa-minimum-ttl=3600
> 
> #################################
> # soa-refresh-default    Default SOA refresh
> #
> # soa-refresh-default=10800
> 
> #################################
> # soa-retry-default    Default SOA retry
> #
> # soa-retry-default=3600
> 
> #################################
> # soa-serial-offset    Make sure that no SOA serial is less than this number
> #
> # soa-serial-offset=0
> 
> #################################
> # socket-dir    Where the controlsocket will live
> #
> # socket-dir=/var/run
> 
> #################################
> # tcp-control-address    If set, PowerDNS can be controlled over TCP
> on this address
> #
> # tcp-control-address=
> 
> #################################
> # tcp-control-port    If set, PowerDNS can be controlled over TCP on
> this address
> #
> # tcp-control-port=53000
> 
> #################################
> # tcp-control-range    If set, remote control of PowerDNS is
> possible over these networks only
> #
> # tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16,
> 172.16.0.0/12, ::1/128, fe80::/10
> 
> #################################
> # tcp-control-secret    If set, PowerDNS can be controlled over TCP
> after passing this secret
> #
> # tcp-control-secret=
> 
> #################################
> # traceback-handler    Enable the traceback handler (Linux only)
> #
> # traceback-handler=yes
> 
> #################################
> # trusted-notification-proxy    IP address of incoming notification proxy
> #
> # trusted-notification-proxy=
> 
> #################################
> # urlredirector    Where we send hosts to that need to be url redirected
> #
> # urlredirector=127.0.0.1
> 
> #################################
> # version-string    PowerDNS version in packets - full, anonymous,
> powerdns or custom
> #
> # version-string=full
> 
> #################################
> # webserver    Start a webserver for monitoring
> #
> # webserver=no
> 
> #################################
> # webserver-address    IP Address of webserver to listen on
> #
> # webserver-address=127.0.0.1
> 
> #################################
> # webserver-password    Password required for accessing the webserver
> #
> # webserver-password=
> 
> #################################
> # webserver-port    Port of webserver to listen on
> #
> # webserver-port=8081
> 
> #################################
> # webserver-print-arguments    If the webserver should print arguments
> #
> # webserver-print-arguments=no
> 
> #################################
> # wildcard-url    Process URL and MBOXFW records
> #
> wildcard-url=yes
> ##################################
> module-dir=/usr/lib64
> socket-dir=/var/run/pdns-server
> setuid=powerdns
> setgid=powerdns
> launch=gmysql
> gmysql-host=127.0.0.1
> gmysql-user=powerdns
> gmysql-password=xxxx
> gmysql-dbname=xxxx
> 
> 
> 
> 
> Kindly suggest us or give steps which requires in conf file of pdns
> for setting up Hidden Master DNS server.
> 
> Awaiting your kind reply.
> 
> Thanks
> 
> 
> 
> On 02/06/2014 12:05 PM, sajid-gmail wrote:
> >
> >Hello,
> >
> >I have installed PowerDNS Authoritative Server 3.3 on centos.
> >
> >when I allow axfr IPs in master then I got follwing below Error,
> >
> >Feb  5 22:25:30 powerdns pdns[18815]: Error trying to resolve
> >'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
> >Feb  5 22:25:30 powerdns pdns[18815]: Error trying to resolve
> >'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
> >Feb  5 22:25:30 powerdns pdns[18815]: Error trying to resolve
> >'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >notify to [2607:fc88:1001:1::4]:53: Network is unreachable
> >Feb  5 22:25:30 powerdns pdns[18815]: Query: select
> >id,name,master,last_check,type from domains where type='SLAVE'
> >Feb  5 22:25:30 powerdns pdns[18815]: Query: select
> >id,name,master,last_check,notified_serial,type from domains where
> >type='MASTER'
> >Feb  5 22:25:30 powerdns pdns[18815]: Query: select
> >content,ttl,prio,type,domain_id,name from records where type='SOA'
> >and name='cybermaxsolutions.com'
> >Feb  5 22:25:39 powerdns pdns[18815]: Error trying to resolve
> >'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
> >Feb  5 22:25:39 powerdns pdns[18815]: Error trying to resolve
> >'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
> >Feb  5 22:25:39 powerdns pdns[18815]: Error trying to resolve
> >'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >notify to [2607:fc88:1001:1::4]:53: *Network is unreachable*
> >
> >
> >Note : x:x:x:x::x (IPv6 address)
> >
> >AXFR setting in master:
> >cat /etc/powerdns/pdns.conf | grep -v "#" | grep axfr
> >allow-axfr-ips= 192.168.0.1 192.168.1.11
> >disable-axfr=no
> >
> >Why it is go for IPv6 ip which I am not mentioned in axfr settings,
> >Why I got "*Network is unreachable*"
> >
> >Please help me or give me some steps to  resolve this issue.
> >Please share me with some links that are usefull in this kind of issue,
> >Or let me know How to stop ipv6 setting in pdns.conf.
> >
> >
> >Awaiting your kind reply.
> >
> >Thanks
> >
> 

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140206/4ac968c8/attachment-0001.sig>


More information about the Pdns-users mailing list