[Pdns-users] Need help in starting AXFR
Aki Tuomi
cmouse at youzen.ext.b2.fi
Thu Feb 6 12:56:42 UTC 2014
Problem is that the error is reported by Zerigo, so you'll have to contact them to figure out whats wrong.
> >>Feb 6 02:18:03 powerdns pdns[30068]: Received unsuccessful
> >>notification report for 'example.com' from 68.71.141.22:53, rcode: 5
This line here says that 68.71.141.22 tells you it was unable to comply.
Aki
On Thu, Feb 06, 2014 at 04:59:53PM +0530, sajid-gmail wrote:
>
> Hi Aki Tuomi,
>
> our slave server is Zerigo.net.
> We do not have any access to that slave server for firing that
> command which you have given me,
>
> For that testing purpose, I have put our live IP in axfr setting &
> we got the result which is shown below,
>
> dig axfr example.com @powerdns.bmsend.com
>
> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> axfr example.com @master.server.com
> ;; global options: +cmd
> example.com. 300 IN SOA a.ns.zerigo.net.
> sysad.server1.com. 2014012701 3600 60 604800 86400
> example.com. 300 IN NS a.ns.zerigo.net.
> example.com. 300 IN NS b.ns.zerigo.net.
> example.com. 300 IN NS c.ns.zerigo.net.
> example.com. 300 IN NS d.ns.zerigo.net.
> example.com. 300 IN NS e.ns.zerigo.net.
> example.com. 300 IN NS f.ns.zerigo.net.
> example.com. 300 IN A 76.74.155.235
> www.example.com. 300 IN CNAME example.com.
> example.com. 300 IN MX 10
> mail.rediffmailpro.com.
> example.com. 300 IN SOA a.ns.zerigo.net.
> sysad.server1.com. 2014012701 3600 60 604800 86400
> ;; Query time: 514 msec
> ;; SERVER: 38.x.x.x#53(38.x.x.x)
> ;; WHEN: Thu Feb 6 16:04:52 2014
> ;; XFR size: 12 records (messages 3, bytes 470)
>
>
> From above output,
> AXFR is seem to be working fine
>
> Awaiting your kind reply.
>
> Thanks
>
>
> On 02/06/2014 04:00 PM, Aki Tuomi wrote:
> >Hi Sajid,
> >
> >Please go to your *slave* host and run
> >
> >dig axfr domain @master
> >
> >Also, please check your slave and master log files.
> >
> >Aki
> >
> >On Thu, Feb 06, 2014 at 03:56:08PM +0530, sajid-gmail wrote:
> >>Hello,
> >>
> >>Now, we disabled the IPV6 notification issue,
> >>
> >>But still we got below error,
> >>
> >>Feb 6 01:54:36 powerdns pdns[28933]: *Received unsuccessful*
> >>notification report for 'example.com' from x.x.x.x:53, rcode: 4
> >>
> >>
> >>Also,
> >>
> >>We would like to mentioned that we had setup Powerdns as a hidden master,
> >>& when we notified to our slave DNS server from our Master using
> >>below commands then our Master servers sent notification to all the
> >>real Name servers of the domain which we have not define or specify
> >>in pdns.conf of hidden master server.
> >>
> >>allow-axfr-ips= 68.71.141.22 174.36.24.251
> >>disable-axfr=no
> >>
> >>
> >>Command that we fired on Master:
> >>------------------------------------
> >>*pdns_control notify example .com*
> >>pdns_control notify-host example.com 68.71.141.22
> >>pdns_control notify-host example.com 174.36.24.251
> >>
> >>
> >>But still received unsuccessful notification that you can see in below log:
> >>Feb 6 02:18:02 powerdns pdns[30068]: Notification request to host
> >>68.71.141.22 for domain 'example.com' received
> >>Feb 6 02:18:03 powerdns pdns[30068]: Received unsuccessful
> >>notification report for 'example.com' from 68.71.141.22:53, rcode: 5
> >>Feb 6 02:18:03 powerdns pdns[30068]: Removed from notification
> >>list: 'example.com' to 68.71.141.22:53
> >>
> >>
> >>Please help us in how to configure auto slave notification& auto
> >>axfr on Hidden Master
> >>
> >>
> >>Our pdns.conf as per given below,
> >>
> >>*cat /etc/powerdns/pdns.conf*
> >># Autogenerated configuration file template
> >>#################################
> >># add-superfluous-nsec3-for-old-bind Add superfluous NSEC3 record
> >>to positive wildcard response
> >>#
> >># add-superfluous-nsec3-for-old-bind=yes
> >>
> >>#################################
> >># allow-axfr-ips Allow zonetransfers only to these subnets
> >>#
> >>allow-axfr-ips= 68.71.141.22, 174.36.24.251
> >>
> >>
> >>#################################
> >># allow-recursion List of subnets that are allowed to recurse
> >>#
> >># allow-recursion=0.0.0.0/0
> >>#allow-recursion=127.0.0.1
> >>
> >>#################################
> >># any-to-tcp Answer ANY queries with tc=1, shunting to TCP
> >>#
> >># any-to-tcp=no
> >>
> >>#################################
> >># cache-ttl Seconds to store packets in the PacketCache
> >>#
> >># cache-ttl=20
> >>
> >>#################################
> >># chroot If set, chroot to this directory for more security
> >>#
> >># chroot=./
> >>
> >>#################################
> >># config-dir Location of configuration directory (pdns.conf)
> >>#
> >> config-dir=/etc/powerdns
> >>
> >>#################################
> >># config-name Name of this virtual configuration - will rename
> >>the binary image
> >>#
> >># config-name=
> >>
> >>#################################
> >># control-console Debugging switch - don't use
> >>#
> >># control-console=no
> >>
> >>#################################
> >># daemon Operate as a daemon
> >>#
> >>daemon=yes
> >>
> >>#################################
> >># default-ksk-algorithms Default KSK algorithms
> >>#
> >># default-ksk-algorithms=rsasha256
> >>
> >>#################################
> >># default-ksk-size Default KSK size (0 means default)
> >>#
> >># default-ksk-size=0
> >>
> >>#################################
> >># default-soa-mail mail address to insert in the SOA record if
> >>none set in the backend
> >>#
> >># default-soa-mail=
> >>
> >>#################################
> >># default-soa-name name to insert in the SOA record if none set
> >>in the backend
> >>#
> >># default-soa-name=a.misconfigured.powerdns.server
> >>
> >>#################################
> >># default-ttl Seconds a result is valid if not set otherwise
> >>#
> >># default-ttl=3600
> >>
> >>#################################
> >># default-zsk-algorithms Default ZSK algorithms
> >>#
> >># default-zsk-algorithms=rsasha256
> >>
> >>#################################
> >># default-zsk-size Default KSK size (0 means default)
> >>#
> >># default-zsk-size=0
> >>
> >>#################################
> >># disable-axfr Disable zonetransfers but do allow TCP queries
> >>#
> >>disable-axfr=no
> >>
> >>#################################
> >># disable-tcp Do not listen to TCP queries
> >>#
> >>disable-tcp=no
> >>
> >>#################################
> >># distributor-threads Default number of Distributor (backend)
> >>threads to start
> >>#
> >># distributor-threads=3
> >>
> >>#################################
> >># do-ipv6-additional-processing Do AAAA additional processing
> >>#
> >># do-ipv6-additional-processing=yes
> >>
> >>#################################
> >># edns-subnet-option-number EDNS option number to use
> >>#
> >># edns-subnet-option-number=20730
> >>
> >>#################################
> >># edns-subnet-processing If we should act on EDNS Subnet options
> >>#
> >># edns-subnet-processing=no
> >>
> >>#################################
> >># entropy-source If set, read entropy from this file
> >>#
> >># entropy-source=/dev/urandom
> >>
> >>#################################
> >># experimental-direct-dnskey EXPERIMENTAL: fetch DNSKEY RRs from
> >>backend during DNSKEY synthesis
> >>#
> >># experimental-direct-dnskey=no
> >>
> >>#################################
> >># experimental-json-interface If the webserver should serve JSON data
> >>#
> >># experimental-json-interface=no
> >>
> >>#################################
> >># experimental-logfile Filename of the log file for JSON parser
> >>#
> >># experimental-logfile=/var/log/pdns.log
> >>experimental-logfile=/var/log/pdns.log
> >>#################################
> >># fancy-records Process URL and MBOXFW records
> >>#
> >># fancy-records=no
> >>
> >>#################################
> >># guardian Run within a guardian process
> >>#
> >># guardian=no
> >>
> >>#################################
> >># include-dir Include *.conf files from this directory
> >>#
> >># include-dir=
> >>
> >>#################################
> >># launch Which backends to launch and order to query them in
> >>#
> >># launch=
> >>
> >>#################################
> >># load-modules Load this module - supply absolute or relative path
> >>#
> >># load-modules=
> >>
> >>#################################
> >># local-address Local IP addresses to which we bind
> >>#
> >>#local-address=0.0.0.0
> >>
> >>
> >>#################################
> >># local-ipv6 Local IP address to which we bind
> >>#
> >># local-ipv6=
> >>
> >>#################################
> >># local-port The port on which we listen
> >>#
> >># local-port=53
> >>
> >>#################################
> >># log-dns-details If PDNS should log DNS non-erroneous details
> >>#
> >>log-dns-details=on
> >>
> >>#################################
> >># log-dns-queries If PDNS should log all incoming DNS queries
> >>#
> >># log-dns-queries=no
> >>
> >>#################################
> >># log-failed-updates If PDNS should log failed update requests
> >>#
> >># log-failed-updates=
> >>
> >>#################################
> >># logging-facility Log under a specific facility
> >>#
> >># logging-facility=
> >>
> >>#################################
> >># loglevel Amount of logging. Higher is more. Do not set below 3
> >>#
> >>loglevel=4
> >>
> >>#################################
> >># lua-prequery-script Lua script with prequery handler
> >>#
> >># lua-prequery-script=
> >>
> >>#################################
> >># master Act as a master
> >>#
> >>master=yes
> >>
> >>#################################
> >># max-cache-entries Maximum number of cache entries
> >>#
> >># max-cache-entries=1000000
> >>
> >>#################################
> >># max-ent-entries Maximum number of empty non-terminals in a zone
> >>#
> >># max-ent-entries=100000
> >>
> >>#################################
> >># max-queue-length Maximum queuelength before considering situation lost
> >>#
> >>max-queue-length=5000
> >>
> >>#################################
> >># max-tcp-connections Maximum number of TCP connections
> >>#
> >># max-tcp-connections=10
> >>
> >>#################################
> >># module-dir Default directory for modules
> >>#
> >># module-dir=/usr/local/lib
> >>
> >>#################################
> >># negquery-cache-ttl Seconds to store negative query results in
> >>the QueryCache
> >>#
> >># negquery-cache-ttl=60
> >>
> >>#################################
> >># no-shuffle Set this to prevent random shuffling of answers -
> >>for regression testing
> >>#
> >># no-shuffle=off
> >>
> >>#################################
> >># out-of-zone-additional-processing Do out of zone additional processing
> >>#
> >># out-of-zone-additional-processing=yes
> >>
> >>#################################
> >># overload-queue-length Maximum queuelength moving to packetcache only
> >>#
> >># overload-queue-length=0
> >>
> >>#################################
> >># pipebackend-abi-version Version of the pipe backend ABI
> >>#
> >># pipebackend-abi-version=1
> >>
> >>#################################
> >># prevent-self-notification Don't send notifications to what we
> >>think is ourself
> >>#
> >># prevent-self-notification=yes
> >>
> >>#################################
> >># query-cache-ttl Seconds to store query results in the QueryCache
> >>#
> >># query-cache-ttl=20
> >>
> >>#################################
> >># query-local-address Source IP address for sending queries
> >>#
> >># query-local-address=0.0.0.0
> >>
> >>#################################
> >># query-local-address6 Source IPv6 address for sending queries
> >>#
> >># query-local-address6=::1
> >>query-local-address6=
> >>
> >>#################################
> >># query-logging Hint backends that queries should be logged
> >>#
> >>#query-logging=yes
> >>
> >>#################################
> >># queue-limit Maximum number of milliseconds to queue a query
> >>#
> >># queue-limit=1500
> >>
> >>#################################
> >># receiver-threads Default number of receiver threads to start
> >>#
> >># receiver-threads=1
> >>
> >>#################################
> >># recursive-cache-ttl Seconds to store packets for recursive
> >>queries in the PacketCache
> >>#
> >># recursive-cache-ttl=10
> >>
> >>#################################
> >># recursor If recursion is desired, IP address of a recursing nameserver
> >>#
> >>#recursor=38.126.54.11
> >>
> >>#################################
> >># retrieval-threads Number of AXFR-retrieval threads for slave operation
> >>#
> >># retrieval-threads=2
> >>
> >>#################################
> >># send-root-referral Send out old-fashioned root-referral instead
> >>of ServFail in case of no authority
> >>#
> >># send-root-referral=no
> >>
> >>#################################
> >># server-id Returned when queried for 'server.id' TXT or NSID,
> >>defaults to hostname
> >>#
> >># server-id=
> >>
> >>#################################
> >># setgid If set, change group id to this gid for more security
> >>#
> >># setgid=
> >>
> >>#################################
> >># setuid If set, change user id to this uid for more security
> >>#
> >># setuid=
> >>
> >>#################################
> >># signing-threads Default number of signer threads to start
> >>#
> >># signing-threads=3
> >>
> >>#################################
> >># slave Act as a slave
> >>#
> >># slave=no
> >>
> >>#################################
> >># slave-cycle-interval Reschedule failed SOA serial checks once
> >>every .. seconds
> >>#
> >># slave-cycle-interval=60
> >>
> >>#################################
> >># slave-renotify If we should send out notifications for slaved updates
> >>#
> >># slave-renotify=no
> >>
> >>#################################
> >># smtpredirector Our smtpredir MX host
> >>#
> >># smtpredirector=a.misconfigured.powerdns.smtp.server
> >>
> >>#################################
> >># soa-expire-default Default SOA expire
> >>#
> >># soa-expire-default=604800
> >>
> >>#################################
> >># soa-minimum-ttl Default SOA minimum ttl
> >>#
> >># soa-minimum-ttl=3600
> >>
> >>#################################
> >># soa-refresh-default Default SOA refresh
> >>#
> >># soa-refresh-default=10800
> >>
> >>#################################
> >># soa-retry-default Default SOA retry
> >>#
> >># soa-retry-default=3600
> >>
> >>#################################
> >># soa-serial-offset Make sure that no SOA serial is less than this number
> >>#
> >># soa-serial-offset=0
> >>
> >>#################################
> >># socket-dir Where the controlsocket will live
> >>#
> >># socket-dir=/var/run
> >>
> >>#################################
> >># tcp-control-address If set, PowerDNS can be controlled over TCP
> >>on this address
> >>#
> >># tcp-control-address=
> >>
> >>#################################
> >># tcp-control-port If set, PowerDNS can be controlled over TCP on
> >>this address
> >>#
> >># tcp-control-port=53000
> >>
> >>#################################
> >># tcp-control-range If set, remote control of PowerDNS is
> >>possible over these networks only
> >>#
> >># tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16,
> >>172.16.0.0/12, ::1/128, fe80::/10
> >>
> >>#################################
> >># tcp-control-secret If set, PowerDNS can be controlled over TCP
> >>after passing this secret
> >>#
> >># tcp-control-secret=
> >>
> >>#################################
> >># traceback-handler Enable the traceback handler (Linux only)
> >>#
> >># traceback-handler=yes
> >>
> >>#################################
> >># trusted-notification-proxy IP address of incoming notification proxy
> >>#
> >># trusted-notification-proxy=
> >>
> >>#################################
> >># urlredirector Where we send hosts to that need to be url redirected
> >>#
> >># urlredirector=127.0.0.1
> >>
> >>#################################
> >># version-string PowerDNS version in packets - full, anonymous,
> >>powerdns or custom
> >>#
> >># version-string=full
> >>
> >>#################################
> >># webserver Start a webserver for monitoring
> >>#
> >># webserver=no
> >>
> >>#################################
> >># webserver-address IP Address of webserver to listen on
> >>#
> >># webserver-address=127.0.0.1
> >>
> >>#################################
> >># webserver-password Password required for accessing the webserver
> >>#
> >># webserver-password=
> >>
> >>#################################
> >># webserver-port Port of webserver to listen on
> >>#
> >># webserver-port=8081
> >>
> >>#################################
> >># webserver-print-arguments If the webserver should print arguments
> >>#
> >># webserver-print-arguments=no
> >>
> >>#################################
> >># wildcard-url Process URL and MBOXFW records
> >>#
> >>wildcard-url=yes
> >>##################################
> >>module-dir=/usr/lib64
> >>socket-dir=/var/run/pdns-server
> >>setuid=powerdns
> >>setgid=powerdns
> >>launch=gmysql
> >>gmysql-host=127.0.0.1
> >>gmysql-user=powerdns
> >>gmysql-password=xxxx
> >>gmysql-dbname=xxxx
> >>
> >>
> >>
> >>
> >>Kindly suggest us or give steps which requires in conf file of pdns
> >>for setting up Hidden Master DNS server.
> >>
> >>Awaiting your kind reply.
> >>
> >>Thanks
> >>
> >>
> >>
> >>On 02/06/2014 12:05 PM, sajid-gmail wrote:
> >>>Hello,
> >>>
> >>>I have installed PowerDNS Authoritative Server 3.3 on centos.
> >>>
> >>>when I allow axfr IPs in master then I got follwing below Error,
> >>>
> >>>Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
> >>>'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >>>notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
> >>>Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
> >>>'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >>>notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
> >>>Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve
> >>>'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >>>notify to [2607:fc88:1001:1::4]:53: Network is unreachable
> >>>Feb 5 22:25:30 powerdns pdns[18815]: Query: select
> >>>id,name,master,last_check,type from domains where type='SLAVE'
> >>>Feb 5 22:25:30 powerdns pdns[18815]: Query: select
> >>>id,name,master,last_check,notified_serial,type from domains where
> >>>type='MASTER'
> >>>Feb 5 22:25:30 powerdns pdns[18815]: Query: select
> >>>content,ttl,prio,type,domain_id,name from records where type='SOA'
> >>>and name='example.com'
> >>>Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
> >>>'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >>>notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
> >>>Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
> >>>'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >>>notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
> >>>Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve
> >>>'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
> >>>notify to [2607:fc88:1001:1::4]:53: *Network is unreachable*
> >>>
> >>>
> >>>Note : x:x:x:x::x (IPv6 address)
> >>>
> >>>AXFR setting in master:
> >>>cat /etc/powerdns/pdns.conf | grep -v "#" | grep axfr
> >>>allow-axfr-ips= 192.168.0.1 192.168.1.11
> >>>disable-axfr=no
> >>>
> >>>Why it is go for IPv6 ip which I am not mentioned in axfr settings,
> >>>Why I got "*Network is unreachable*"
> >>>
> >>>Please help me or give me some steps to resolve this issue.
> >>>Please share me with some links that are usefull in this kind of issue,
> >>>Or let me know How to stop ipv6 setting in pdns.conf.
> >>>
> >>>
> >>>Awaiting your kind reply.
> >>>
> >>>Thanks
> >>>
> >>_______________________________________________
> >>Pdns-users mailing list
> >>Pdns-users at mailman.powerdns.com
> >>http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140206/ab90f592/attachment-0001.sig>
More information about the Pdns-users
mailing list