[Pdns-users] Need help in starting AXFR
sajid-gmail
sajinux at gmail.com
Thu Feb 6 11:29:53 UTC 2014
Hi Aki Tuomi,
our slave server is Zerigo.net.
We do not have any access to that slave server for firing that command
which you have given me,
For that testing purpose, I have put our live IP in axfr setting & we
got the result which is shown below,
dig axfr example.com @powerdns.bmsend.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> axfr example.com @master.server.com
;; global options: +cmd
example.com. 300 IN SOA a.ns.zerigo.net.
sysad.server1.com. 2014012701 3600 60 604800 86400
example.com. 300 IN NS a.ns.zerigo.net.
example.com. 300 IN NS b.ns.zerigo.net.
example.com. 300 IN NS c.ns.zerigo.net.
example.com. 300 IN NS d.ns.zerigo.net.
example.com. 300 IN NS e.ns.zerigo.net.
example.com. 300 IN NS f.ns.zerigo.net.
example.com. 300 IN A 76.74.155.235
www.example.com. 300 IN CNAME example.com.
example.com. 300 IN MX 10
mail.rediffmailpro.com.
example.com. 300 IN SOA a.ns.zerigo.net.
sysad.server1.com. 2014012701 3600 60 604800 86400
;; Query time: 514 msec
;; SERVER: 38.x.x.x#53(38.x.x.x)
;; WHEN: Thu Feb 6 16:04:52 2014
;; XFR size: 12 records (messages 3, bytes 470)
From above output,
AXFR is seem to be working fine
Awaiting your kind reply.
Thanks
On 02/06/2014 04:00 PM, Aki Tuomi wrote:
> Hi Sajid,
>
> Please go to your *slave* host and run
>
> dig axfr domain @master
>
> Also, please check your slave and master log files.
>
> Aki
>
> On Thu, Feb 06, 2014 at 03:56:08PM +0530, sajid-gmail wrote:
>> Hello,
>>
>> Now, we disabled the IPV6 notification issue,
>>
>> But still we got below error,
>>
>> Feb 6 01:54:36 powerdns pdns[28933]: *Received unsuccessful*
>> notification report for 'example.com' from x.x.x.x:53, rcode: 4
>>
>>
>> Also,
>>
>> We would like to mentioned that we had setup Powerdns as a hidden master,
>> & when we notified to our slave DNS server from our Master using
>> below commands then our Master servers sent notification to all the
>> real Name servers of the domain which we have not define or specify
>> in pdns.conf of hidden master server.
>>
>> allow-axfr-ips= 68.71.141.22 174.36.24.251
>> disable-axfr=no
>>
>>
>> Command that we fired on Master:
>> ------------------------------------
>> *pdns_control notify example .com*
>> pdns_control notify-host example.com 68.71.141.22
>> pdns_control notify-host example.com 174.36.24.251
>>
>>
>> But still received unsuccessful notification that you can see in below log:
>> Feb 6 02:18:02 powerdns pdns[30068]: Notification request to host
>> 68.71.141.22 for domain 'example.com' received
>> Feb 6 02:18:03 powerdns pdns[30068]: Received unsuccessful
>> notification report for 'example.com' from 68.71.141.22:53, rcode: 5
>> Feb 6 02:18:03 powerdns pdns[30068]: Removed from notification
>> list: 'example.com' to 68.71.141.22:53
>>
>>
>> Please help us in how to configure auto slave notification& auto
>> axfr on Hidden Master
>>
>>
>> Our pdns.conf as per given below,
>>
>> *cat /etc/powerdns/pdns.conf*
>> # Autogenerated configuration file template
>> #################################
>> # add-superfluous-nsec3-for-old-bind Add superfluous NSEC3 record
>> to positive wildcard response
>> #
>> # add-superfluous-nsec3-for-old-bind=yes
>>
>> #################################
>> # allow-axfr-ips Allow zonetransfers only to these subnets
>> #
>> allow-axfr-ips= 68.71.141.22, 174.36.24.251
>>
>>
>> #################################
>> # allow-recursion List of subnets that are allowed to recurse
>> #
>> # allow-recursion=0.0.0.0/0
>> #allow-recursion=127.0.0.1
>>
>> #################################
>> # any-to-tcp Answer ANY queries with tc=1, shunting to TCP
>> #
>> # any-to-tcp=no
>>
>> #################################
>> # cache-ttl Seconds to store packets in the PacketCache
>> #
>> # cache-ttl=20
>>
>> #################################
>> # chroot If set, chroot to this directory for more security
>> #
>> # chroot=./
>>
>> #################################
>> # config-dir Location of configuration directory (pdns.conf)
>> #
>> config-dir=/etc/powerdns
>>
>> #################################
>> # config-name Name of this virtual configuration - will rename
>> the binary image
>> #
>> # config-name=
>>
>> #################################
>> # control-console Debugging switch - don't use
>> #
>> # control-console=no
>>
>> #################################
>> # daemon Operate as a daemon
>> #
>> daemon=yes
>>
>> #################################
>> # default-ksk-algorithms Default KSK algorithms
>> #
>> # default-ksk-algorithms=rsasha256
>>
>> #################################
>> # default-ksk-size Default KSK size (0 means default)
>> #
>> # default-ksk-size=0
>>
>> #################################
>> # default-soa-mail mail address to insert in the SOA record if
>> none set in the backend
>> #
>> # default-soa-mail=
>>
>> #################################
>> # default-soa-name name to insert in the SOA record if none set
>> in the backend
>> #
>> # default-soa-name=a.misconfigured.powerdns.server
>>
>> #################################
>> # default-ttl Seconds a result is valid if not set otherwise
>> #
>> # default-ttl=3600
>>
>> #################################
>> # default-zsk-algorithms Default ZSK algorithms
>> #
>> # default-zsk-algorithms=rsasha256
>>
>> #################################
>> # default-zsk-size Default KSK size (0 means default)
>> #
>> # default-zsk-size=0
>>
>> #################################
>> # disable-axfr Disable zonetransfers but do allow TCP queries
>> #
>> disable-axfr=no
>>
>> #################################
>> # disable-tcp Do not listen to TCP queries
>> #
>> disable-tcp=no
>>
>> #################################
>> # distributor-threads Default number of Distributor (backend)
>> threads to start
>> #
>> # distributor-threads=3
>>
>> #################################
>> # do-ipv6-additional-processing Do AAAA additional processing
>> #
>> # do-ipv6-additional-processing=yes
>>
>> #################################
>> # edns-subnet-option-number EDNS option number to use
>> #
>> # edns-subnet-option-number=20730
>>
>> #################################
>> # edns-subnet-processing If we should act on EDNS Subnet options
>> #
>> # edns-subnet-processing=no
>>
>> #################################
>> # entropy-source If set, read entropy from this file
>> #
>> # entropy-source=/dev/urandom
>>
>> #################################
>> # experimental-direct-dnskey EXPERIMENTAL: fetch DNSKEY RRs from
>> backend during DNSKEY synthesis
>> #
>> # experimental-direct-dnskey=no
>>
>> #################################
>> # experimental-json-interface If the webserver should serve JSON data
>> #
>> # experimental-json-interface=no
>>
>> #################################
>> # experimental-logfile Filename of the log file for JSON parser
>> #
>> # experimental-logfile=/var/log/pdns.log
>> experimental-logfile=/var/log/pdns.log
>> #################################
>> # fancy-records Process URL and MBOXFW records
>> #
>> # fancy-records=no
>>
>> #################################
>> # guardian Run within a guardian process
>> #
>> # guardian=no
>>
>> #################################
>> # include-dir Include *.conf files from this directory
>> #
>> # include-dir=
>>
>> #################################
>> # launch Which backends to launch and order to query them in
>> #
>> # launch=
>>
>> #################################
>> # load-modules Load this module - supply absolute or relative path
>> #
>> # load-modules=
>>
>> #################################
>> # local-address Local IP addresses to which we bind
>> #
>> #local-address=0.0.0.0
>>
>>
>> #################################
>> # local-ipv6 Local IP address to which we bind
>> #
>> # local-ipv6=
>>
>> #################################
>> # local-port The port on which we listen
>> #
>> # local-port=53
>>
>> #################################
>> # log-dns-details If PDNS should log DNS non-erroneous details
>> #
>> log-dns-details=on
>>
>> #################################
>> # log-dns-queries If PDNS should log all incoming DNS queries
>> #
>> # log-dns-queries=no
>>
>> #################################
>> # log-failed-updates If PDNS should log failed update requests
>> #
>> # log-failed-updates=
>>
>> #################################
>> # logging-facility Log under a specific facility
>> #
>> # logging-facility=
>>
>> #################################
>> # loglevel Amount of logging. Higher is more. Do not set below 3
>> #
>> loglevel=4
>>
>> #################################
>> # lua-prequery-script Lua script with prequery handler
>> #
>> # lua-prequery-script=
>>
>> #################################
>> # master Act as a master
>> #
>> master=yes
>>
>> #################################
>> # max-cache-entries Maximum number of cache entries
>> #
>> # max-cache-entries=1000000
>>
>> #################################
>> # max-ent-entries Maximum number of empty non-terminals in a zone
>> #
>> # max-ent-entries=100000
>>
>> #################################
>> # max-queue-length Maximum queuelength before considering situation lost
>> #
>> max-queue-length=5000
>>
>> #################################
>> # max-tcp-connections Maximum number of TCP connections
>> #
>> # max-tcp-connections=10
>>
>> #################################
>> # module-dir Default directory for modules
>> #
>> # module-dir=/usr/local/lib
>>
>> #################################
>> # negquery-cache-ttl Seconds to store negative query results in
>> the QueryCache
>> #
>> # negquery-cache-ttl=60
>>
>> #################################
>> # no-shuffle Set this to prevent random shuffling of answers -
>> for regression testing
>> #
>> # no-shuffle=off
>>
>> #################################
>> # out-of-zone-additional-processing Do out of zone additional processing
>> #
>> # out-of-zone-additional-processing=yes
>>
>> #################################
>> # overload-queue-length Maximum queuelength moving to packetcache only
>> #
>> # overload-queue-length=0
>>
>> #################################
>> # pipebackend-abi-version Version of the pipe backend ABI
>> #
>> # pipebackend-abi-version=1
>>
>> #################################
>> # prevent-self-notification Don't send notifications to what we
>> think is ourself
>> #
>> # prevent-self-notification=yes
>>
>> #################################
>> # query-cache-ttl Seconds to store query results in the QueryCache
>> #
>> # query-cache-ttl=20
>>
>> #################################
>> # query-local-address Source IP address for sending queries
>> #
>> # query-local-address=0.0.0.0
>>
>> #################################
>> # query-local-address6 Source IPv6 address for sending queries
>> #
>> # query-local-address6=::1
>> query-local-address6=
>>
>> #################################
>> # query-logging Hint backends that queries should be logged
>> #
>> #query-logging=yes
>>
>> #################################
>> # queue-limit Maximum number of milliseconds to queue a query
>> #
>> # queue-limit=1500
>>
>> #################################
>> # receiver-threads Default number of receiver threads to start
>> #
>> # receiver-threads=1
>>
>> #################################
>> # recursive-cache-ttl Seconds to store packets for recursive
>> queries in the PacketCache
>> #
>> # recursive-cache-ttl=10
>>
>> #################################
>> # recursor If recursion is desired, IP address of a recursing nameserver
>> #
>> #recursor=38.126.54.11
>>
>> #################################
>> # retrieval-threads Number of AXFR-retrieval threads for slave operation
>> #
>> # retrieval-threads=2
>>
>> #################################
>> # send-root-referral Send out old-fashioned root-referral instead
>> of ServFail in case of no authority
>> #
>> # send-root-referral=no
>>
>> #################################
>> # server-id Returned when queried for 'server.id' TXT or NSID,
>> defaults to hostname
>> #
>> # server-id=
>>
>> #################################
>> # setgid If set, change group id to this gid for more security
>> #
>> # setgid=
>>
>> #################################
>> # setuid If set, change user id to this uid for more security
>> #
>> # setuid=
>>
>> #################################
>> # signing-threads Default number of signer threads to start
>> #
>> # signing-threads=3
>>
>> #################################
>> # slave Act as a slave
>> #
>> # slave=no
>>
>> #################################
>> # slave-cycle-interval Reschedule failed SOA serial checks once
>> every .. seconds
>> #
>> # slave-cycle-interval=60
>>
>> #################################
>> # slave-renotify If we should send out notifications for slaved updates
>> #
>> # slave-renotify=no
>>
>> #################################
>> # smtpredirector Our smtpredir MX host
>> #
>> # smtpredirector=a.misconfigured.powerdns.smtp.server
>>
>> #################################
>> # soa-expire-default Default SOA expire
>> #
>> # soa-expire-default=604800
>>
>> #################################
>> # soa-minimum-ttl Default SOA minimum ttl
>> #
>> # soa-minimum-ttl=3600
>>
>> #################################
>> # soa-refresh-default Default SOA refresh
>> #
>> # soa-refresh-default=10800
>>
>> #################################
>> # soa-retry-default Default SOA retry
>> #
>> # soa-retry-default=3600
>>
>> #################################
>> # soa-serial-offset Make sure that no SOA serial is less than this number
>> #
>> # soa-serial-offset=0
>>
>> #################################
>> # socket-dir Where the controlsocket will live
>> #
>> # socket-dir=/var/run
>>
>> #################################
>> # tcp-control-address If set, PowerDNS can be controlled over TCP
>> on this address
>> #
>> # tcp-control-address=
>>
>> #################################
>> # tcp-control-port If set, PowerDNS can be controlled over TCP on
>> this address
>> #
>> # tcp-control-port=53000
>>
>> #################################
>> # tcp-control-range If set, remote control of PowerDNS is
>> possible over these networks only
>> #
>> # tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16,
>> 172.16.0.0/12, ::1/128, fe80::/10
>>
>> #################################
>> # tcp-control-secret If set, PowerDNS can be controlled over TCP
>> after passing this secret
>> #
>> # tcp-control-secret=
>>
>> #################################
>> # traceback-handler Enable the traceback handler (Linux only)
>> #
>> # traceback-handler=yes
>>
>> #################################
>> # trusted-notification-proxy IP address of incoming notification proxy
>> #
>> # trusted-notification-proxy=
>>
>> #################################
>> # urlredirector Where we send hosts to that need to be url redirected
>> #
>> # urlredirector=127.0.0.1
>>
>> #################################
>> # version-string PowerDNS version in packets - full, anonymous,
>> powerdns or custom
>> #
>> # version-string=full
>>
>> #################################
>> # webserver Start a webserver for monitoring
>> #
>> # webserver=no
>>
>> #################################
>> # webserver-address IP Address of webserver to listen on
>> #
>> # webserver-address=127.0.0.1
>>
>> #################################
>> # webserver-password Password required for accessing the webserver
>> #
>> # webserver-password=
>>
>> #################################
>> # webserver-port Port of webserver to listen on
>> #
>> # webserver-port=8081
>>
>> #################################
>> # webserver-print-arguments If the webserver should print arguments
>> #
>> # webserver-print-arguments=no
>>
>> #################################
>> # wildcard-url Process URL and MBOXFW records
>> #
>> wildcard-url=yes
>> ##################################
>> module-dir=/usr/lib64
>> socket-dir=/var/run/pdns-server
>> setuid=powerdns
>> setgid=powerdns
>> launch=gmysql
>> gmysql-host=127.0.0.1
>> gmysql-user=powerdns
>> gmysql-password=xxxx
>> gmysql-dbname=xxxx
>>
>>
>>
>>
>> Kindly suggest us or give steps which requires in conf file of pdns
>> for setting up Hidden Master DNS server.
>>
>> Awaiting your kind reply.
>>
>> Thanks
>>
>>
>>
>> On 02/06/2014 12:05 PM, sajid-gmail wrote:
>>> Hello,
>>>
>>> I have installed PowerDNS Authoritative Server 3.3 on centos.
>>>
>>> when I allow axfr IPs in master then I got follwing below Error,
>>>
>>> Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
>>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>>> notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
>>> Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
>>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>>> notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
>>> Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
>>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>>> notify to [2607:fc88:1001:1::4]:53: Network is unreachable
>>> Feb 5 22:25:30 powerdns pdns[18815]: Query: select
>>> id,name,master,last_check,type from domains where type='SLAVE'
>>> Feb 5 22:25:30 powerdns pdns[18815]: Query: select
>>> id,name,master,last_check,notified_serial,type from domains where
>>> type='MASTER'
>>> Feb 5 22:25:30 powerdns pdns[18815]: Query: select
>>> content,ttl,prio,type,domain_id,name from records where type='SOA'
>>> and name='example.com'
>>> Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
>>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>>> notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
>>> Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
>>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>>> notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
>>> Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
>>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>>> notify to [2607:fc88:1001:1::4]:53: *Network is unreachable*
>>>
>>>
>>> Note : x:x:x:x::x (IPv6 address)
>>>
>>> AXFR setting in master:
>>> cat /etc/powerdns/pdns.conf | grep -v "#" | grep axfr
>>> allow-axfr-ips= 192.168.0.1 192.168.1.11
>>> disable-axfr=no
>>>
>>> Why it is go for IPv6 ip which I am not mentioned in axfr settings,
>>> Why I got "*Network is unreachable*"
>>>
>>> Please help me or give me some steps to resolve this issue.
>>> Please share me with some links that are usefull in this kind of issue,
>>> Or let me know How to stop ipv6 setting in pdns.conf.
>>>
>>>
>>> Awaiting your kind reply.
>>>
>>> Thanks
>>>
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list