[Pdns-users] Need help in starting AXFR

sajid-gmail sajinux at gmail.com
Thu Feb 6 13:17:46 UTC 2014


Hi Aki,

Thanks a lot.







On 02/06/2014 06:26 PM, Aki Tuomi wrote:
> Problem is that the error is reported by Zerigo, so you'll have to contact them to figure out whats wrong.
>
>>>> Feb  6 02:18:03 powerdns pdns[30068]: Received unsuccessful
>>>> notification report for 'example.com' from 68.71.141.22:53, rcode: 5
> This line here says that 68.71.141.22 tells you it was unable to comply.
>
> Aki
>
> On Thu, Feb 06, 2014 at 04:59:53PM +0530, sajid-gmail wrote:
>> Hi Aki Tuomi,
>>
>> our slave server is Zerigo.net.
>> We do not have any access to that slave server for firing that
>> command which you have given me,
>>
>> For that testing purpose, I have put our live IP in axfr setting&
>> we got the result which is shown below,
>>
>> dig axfr example.com @powerdns.bmsend.com
>>
>> ;<<>>  DiG 9.8.4-rpz2+rl005.12-P1<<>>  axfr example.com @master.server.com
>> ;; global options: +cmd
>> example.com.        300        IN        SOA        a.ns.zerigo.net.
>> sysad.server1.com. 2014012701 3600 60 604800 86400
>> example.com.        300        IN        NS        a.ns.zerigo.net.
>> example.com.        300        IN        NS        b.ns.zerigo.net.
>> example.com.        300        IN        NS        c.ns.zerigo.net.
>> example.com.        300        IN        NS        d.ns.zerigo.net.
>> example.com.        300        IN        NS        e.ns.zerigo.net.
>> example.com.        300        IN        NS        f.ns.zerigo.net.
>> example.com.        300        IN        A        76.74.155.235
>> www.example.com. 300        IN        CNAME        example.com.
>> example.com.        300        IN        MX        10
>> mail.rediffmailpro.com.
>> example.com.        300        IN        SOA        a.ns.zerigo.net.
>> sysad.server1.com. 2014012701 3600 60 604800 86400
>> ;; Query time: 514 msec
>> ;; SERVER: 38.x.x.x#53(38.x.x.x)
>> ;; WHEN: Thu Feb  6 16:04:52 2014
>> ;; XFR size: 12 records (messages 3, bytes 470)
>>
>>
>>  From above output,
>> AXFR is seem to be working fine
>>
>> Awaiting your kind reply.
>>
>> Thanks
>>
>>
>> On 02/06/2014 04:00 PM, Aki Tuomi wrote:
>>> Hi Sajid,
>>>
>>> Please go to your *slave* host and run
>>>
>>> dig axfr domain @master
>>>
>>> Also, please check your slave and master log files.
>>>
>>> Aki
>>>
>>> On Thu, Feb 06, 2014 at 03:56:08PM +0530, sajid-gmail wrote:
>>>> Hello,
>>>>
>>>> Now, we disabled the IPV6 notification issue,
>>>>
>>>> But still we got below error,
>>>>
>>>> Feb  6 01:54:36 powerdns pdns[28933]: *Received unsuccessful*
>>>> notification report for 'example.com' from x.x.x.x:53, rcode: 4
>>>>
>>>>
>>>> Also,
>>>>
>>>> We would like to mentioned that we had setup Powerdns as a hidden master,
>>>> &   when we notified to our slave DNS server from our Master using
>>>> below commands then our Master servers sent notification to all the
>>>> real Name servers of the domain which we have not define or specify
>>>> in pdns.conf of hidden master server.
>>>>
>>>> allow-axfr-ips= 68.71.141.22 174.36.24.251
>>>> disable-axfr=no
>>>>
>>>>
>>>> Command that we fired on Master:
>>>> ------------------------------------
>>>> *pdns_control notify example .com*
>>>> pdns_control notify-host example.com 68.71.141.22
>>>> pdns_control notify-host example.com 174.36.24.251
>>>>
>>>>
>>>> But still received unsuccessful notification that you can see in below log:
>>>> Feb  6 02:18:02 powerdns pdns[30068]: Notification request to host
>>>> 68.71.141.22 for domain 'example.com' received
>>>> Feb  6 02:18:03 powerdns pdns[30068]: Received unsuccessful
>>>> notification report for 'example.com' from 68.71.141.22:53, rcode: 5
>>>> Feb  6 02:18:03 powerdns pdns[30068]: Removed from notification
>>>> list: 'example.com' to 68.71.141.22:53
>>>>
>>>>
>>>> Please help us in how to configure auto slave notification&   auto
>>>> axfr on Hidden Master
>>>>
>>>>
>>>> Our pdns.conf as per given below,
>>>>
>>>> *cat /etc/powerdns/pdns.conf*
>>>> # Autogenerated configuration file template
>>>> #################################
>>>> # add-superfluous-nsec3-for-old-bind    Add superfluous NSEC3 record
>>>> to positive wildcard response
>>>> #
>>>> # add-superfluous-nsec3-for-old-bind=yes
>>>>
>>>> #################################
>>>> # allow-axfr-ips    Allow zonetransfers only to these subnets
>>>> #
>>>> allow-axfr-ips= 68.71.141.22, 174.36.24.251
>>>>
>>>>
>>>> #################################
>>>> # allow-recursion    List of subnets that are allowed to recurse
>>>> #
>>>> # allow-recursion=0.0.0.0/0
>>>> #allow-recursion=127.0.0.1
>>>>
>>>> #################################
>>>> # any-to-tcp    Answer ANY queries with tc=1, shunting to TCP
>>>> #
>>>> # any-to-tcp=no
>>>>
>>>> #################################
>>>> # cache-ttl    Seconds to store packets in the PacketCache
>>>> #
>>>> # cache-ttl=20
>>>>
>>>> #################################
>>>> # chroot    If set, chroot to this directory for more security
>>>> #
>>>> # chroot=./
>>>>
>>>> #################################
>>>> # config-dir    Location of configuration directory (pdns.conf)
>>>> #
>>>>   config-dir=/etc/powerdns
>>>>
>>>> #################################
>>>> # config-name    Name of this virtual configuration - will rename
>>>> the binary image
>>>> #
>>>> # config-name=
>>>>
>>>> #################################
>>>> # control-console    Debugging switch - don't use
>>>> #
>>>> # control-console=no
>>>>
>>>> #################################
>>>> # daemon    Operate as a daemon
>>>> #
>>>> daemon=yes
>>>>
>>>> #################################
>>>> # default-ksk-algorithms    Default KSK algorithms
>>>> #
>>>> # default-ksk-algorithms=rsasha256
>>>>
>>>> #################################
>>>> # default-ksk-size    Default KSK size (0 means default)
>>>> #
>>>> # default-ksk-size=0
>>>>
>>>> #################################
>>>> # default-soa-mail    mail address to insert in the SOA record if
>>>> none set in the backend
>>>> #
>>>> # default-soa-mail=
>>>>
>>>> #################################
>>>> # default-soa-name    name to insert in the SOA record if none set
>>>> in the backend
>>>> #
>>>> # default-soa-name=a.misconfigured.powerdns.server
>>>>
>>>> #################################
>>>> # default-ttl    Seconds a result is valid if not set otherwise
>>>> #
>>>> # default-ttl=3600
>>>>
>>>> #################################
>>>> # default-zsk-algorithms    Default ZSK algorithms
>>>> #
>>>> # default-zsk-algorithms=rsasha256
>>>>
>>>> #################################
>>>> # default-zsk-size    Default KSK size (0 means default)
>>>> #
>>>> # default-zsk-size=0
>>>>
>>>> #################################
>>>> # disable-axfr    Disable zonetransfers but do allow TCP queries
>>>> #
>>>> disable-axfr=no
>>>>
>>>> #################################
>>>> # disable-tcp    Do not listen to TCP queries
>>>> #
>>>> disable-tcp=no
>>>>
>>>> #################################
>>>> # distributor-threads    Default number of Distributor (backend)
>>>> threads to start
>>>> #
>>>> # distributor-threads=3
>>>>
>>>> #################################
>>>> # do-ipv6-additional-processing    Do AAAA additional processing
>>>> #
>>>> # do-ipv6-additional-processing=yes
>>>>
>>>> #################################
>>>> # edns-subnet-option-number    EDNS option number to use
>>>> #
>>>> # edns-subnet-option-number=20730
>>>>
>>>> #################################
>>>> # edns-subnet-processing    If we should act on EDNS Subnet options
>>>> #
>>>> # edns-subnet-processing=no
>>>>
>>>> #################################
>>>> # entropy-source    If set, read entropy from this file
>>>> #
>>>> # entropy-source=/dev/urandom
>>>>
>>>> #################################
>>>> # experimental-direct-dnskey    EXPERIMENTAL: fetch DNSKEY RRs from
>>>> backend during DNSKEY synthesis
>>>> #
>>>> # experimental-direct-dnskey=no
>>>>
>>>> #################################
>>>> # experimental-json-interface    If the webserver should serve JSON data
>>>> #
>>>> # experimental-json-interface=no
>>>>
>>>> #################################
>>>> # experimental-logfile    Filename of the log file for JSON parser
>>>> #
>>>> # experimental-logfile=/var/log/pdns.log
>>>> experimental-logfile=/var/log/pdns.log
>>>> #################################
>>>> # fancy-records    Process URL and MBOXFW records
>>>> #
>>>> # fancy-records=no
>>>>
>>>> #################################
>>>> # guardian    Run within a guardian process
>>>> #
>>>> # guardian=no
>>>>
>>>> #################################
>>>> # include-dir    Include *.conf files from this directory
>>>> #
>>>> # include-dir=
>>>>
>>>> #################################
>>>> # launch    Which backends to launch and order to query them in
>>>> #
>>>> # launch=
>>>>
>>>> #################################
>>>> # load-modules    Load this module - supply absolute or relative path
>>>> #
>>>> # load-modules=
>>>>
>>>> #################################
>>>> # local-address    Local IP addresses to which we bind
>>>> #
>>>> #local-address=0.0.0.0
>>>>
>>>>
>>>> #################################
>>>> # local-ipv6    Local IP address to which we bind
>>>> #
>>>> # local-ipv6=
>>>>
>>>> #################################
>>>> # local-port    The port on which we listen
>>>> #
>>>> # local-port=53
>>>>
>>>> #################################
>>>> # log-dns-details    If PDNS should log DNS non-erroneous details
>>>> #
>>>> log-dns-details=on
>>>>
>>>> #################################
>>>> # log-dns-queries    If PDNS should log all incoming DNS queries
>>>> #
>>>> # log-dns-queries=no
>>>>
>>>> #################################
>>>> # log-failed-updates    If PDNS should log failed update requests
>>>> #
>>>> # log-failed-updates=
>>>>
>>>> #################################
>>>> # logging-facility    Log under a specific facility
>>>> #
>>>> # logging-facility=
>>>>
>>>> #################################
>>>> # loglevel    Amount of logging. Higher is more. Do not set below 3
>>>> #
>>>> loglevel=4
>>>>
>>>> #################################
>>>> # lua-prequery-script    Lua script with prequery handler
>>>> #
>>>> # lua-prequery-script=
>>>>
>>>> #################################
>>>> # master    Act as a master
>>>> #
>>>> master=yes
>>>>
>>>> #################################
>>>> # max-cache-entries    Maximum number of cache entries
>>>> #
>>>> # max-cache-entries=1000000
>>>>
>>>> #################################
>>>> # max-ent-entries    Maximum number of empty non-terminals in a zone
>>>> #
>>>> # max-ent-entries=100000
>>>>
>>>> #################################
>>>> # max-queue-length    Maximum queuelength before considering situation lost
>>>> #
>>>> max-queue-length=5000
>>>>
>>>> #################################
>>>> # max-tcp-connections    Maximum number of TCP connections
>>>> #
>>>> # max-tcp-connections=10
>>>>
>>>> #################################
>>>> # module-dir    Default directory for modules
>>>> #
>>>> # module-dir=/usr/local/lib
>>>>
>>>> #################################
>>>> # negquery-cache-ttl    Seconds to store negative query results in
>>>> the QueryCache
>>>> #
>>>> # negquery-cache-ttl=60
>>>>
>>>> #################################
>>>> # no-shuffle    Set this to prevent random shuffling of answers -
>>>> for regression testing
>>>> #
>>>> # no-shuffle=off
>>>>
>>>> #################################
>>>> # out-of-zone-additional-processing    Do out of zone additional processing
>>>> #
>>>> # out-of-zone-additional-processing=yes
>>>>
>>>> #################################
>>>> # overload-queue-length    Maximum queuelength moving to packetcache only
>>>> #
>>>> # overload-queue-length=0
>>>>
>>>> #################################
>>>> # pipebackend-abi-version    Version of the pipe backend ABI
>>>> #
>>>> # pipebackend-abi-version=1
>>>>
>>>> #################################
>>>> # prevent-self-notification    Don't send notifications to what we
>>>> think is ourself
>>>> #
>>>> # prevent-self-notification=yes
>>>>
>>>> #################################
>>>> # query-cache-ttl    Seconds to store query results in the QueryCache
>>>> #
>>>> # query-cache-ttl=20
>>>>
>>>> #################################
>>>> # query-local-address    Source IP address for sending queries
>>>> #
>>>> # query-local-address=0.0.0.0
>>>>
>>>> #################################
>>>> # query-local-address6    Source IPv6 address for sending queries
>>>> #
>>>> # query-local-address6=::1
>>>> query-local-address6=
>>>>
>>>> #################################
>>>> # query-logging    Hint backends that queries should be logged
>>>> #
>>>> #query-logging=yes
>>>>
>>>> #################################
>>>> # queue-limit    Maximum number of milliseconds to queue a query
>>>> #
>>>> # queue-limit=1500
>>>>
>>>> #################################
>>>> # receiver-threads    Default number of receiver threads to start
>>>> #
>>>> # receiver-threads=1
>>>>
>>>> #################################
>>>> # recursive-cache-ttl    Seconds to store packets for recursive
>>>> queries in the PacketCache
>>>> #
>>>> # recursive-cache-ttl=10
>>>>
>>>> #################################
>>>> # recursor    If recursion is desired, IP address of a recursing nameserver
>>>> #
>>>> #recursor=38.126.54.11
>>>>
>>>> #################################
>>>> # retrieval-threads    Number of AXFR-retrieval threads for slave operation
>>>> #
>>>> # retrieval-threads=2
>>>>
>>>> #################################
>>>> # send-root-referral    Send out old-fashioned root-referral instead
>>>> of ServFail in case of no authority
>>>> #
>>>> # send-root-referral=no
>>>>
>>>> #################################
>>>> # server-id    Returned when queried for 'server.id' TXT or NSID,
>>>> defaults to hostname
>>>> #
>>>> # server-id=
>>>>
>>>> #################################
>>>> # setgid    If set, change group id to this gid for more security
>>>> #
>>>> # setgid=
>>>>
>>>> #################################
>>>> # setuid    If set, change user id to this uid for more security
>>>> #
>>>> # setuid=
>>>>
>>>> #################################
>>>> # signing-threads    Default number of signer threads to start
>>>> #
>>>> # signing-threads=3
>>>>
>>>> #################################
>>>> # slave    Act as a slave
>>>> #
>>>> # slave=no
>>>>
>>>> #################################
>>>> # slave-cycle-interval    Reschedule failed SOA serial checks once
>>>> every .. seconds
>>>> #
>>>> # slave-cycle-interval=60
>>>>
>>>> #################################
>>>> # slave-renotify    If we should send out notifications for slaved updates
>>>> #
>>>> # slave-renotify=no
>>>>
>>>> #################################
>>>> # smtpredirector    Our smtpredir MX host
>>>> #
>>>> # smtpredirector=a.misconfigured.powerdns.smtp.server
>>>>
>>>> #################################
>>>> # soa-expire-default    Default SOA expire
>>>> #
>>>> # soa-expire-default=604800
>>>>
>>>> #################################
>>>> # soa-minimum-ttl    Default SOA minimum ttl
>>>> #
>>>> # soa-minimum-ttl=3600
>>>>
>>>> #################################
>>>> # soa-refresh-default    Default SOA refresh
>>>> #
>>>> # soa-refresh-default=10800
>>>>
>>>> #################################
>>>> # soa-retry-default    Default SOA retry
>>>> #
>>>> # soa-retry-default=3600
>>>>
>>>> #################################
>>>> # soa-serial-offset    Make sure that no SOA serial is less than this number
>>>> #
>>>> # soa-serial-offset=0
>>>>
>>>> #################################
>>>> # socket-dir    Where the controlsocket will live
>>>> #
>>>> # socket-dir=/var/run
>>>>
>>>> #################################
>>>> # tcp-control-address    If set, PowerDNS can be controlled over TCP
>>>> on this address
>>>> #
>>>> # tcp-control-address=
>>>>
>>>> #################################
>>>> # tcp-control-port    If set, PowerDNS can be controlled over TCP on
>>>> this address
>>>> #
>>>> # tcp-control-port=53000
>>>>
>>>> #################################
>>>> # tcp-control-range    If set, remote control of PowerDNS is
>>>> possible over these networks only
>>>> #
>>>> # tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16,
>>>> 172.16.0.0/12, ::1/128, fe80::/10
>>>>
>>>> #################################
>>>> # tcp-control-secret    If set, PowerDNS can be controlled over TCP
>>>> after passing this secret
>>>> #
>>>> # tcp-control-secret=
>>>>
>>>> #################################
>>>> # traceback-handler    Enable the traceback handler (Linux only)
>>>> #
>>>> # traceback-handler=yes
>>>>
>>>> #################################
>>>> # trusted-notification-proxy    IP address of incoming notification proxy
>>>> #
>>>> # trusted-notification-proxy=
>>>>
>>>> #################################
>>>> # urlredirector    Where we send hosts to that need to be url redirected
>>>> #
>>>> # urlredirector=127.0.0.1
>>>>
>>>> #################################
>>>> # version-string    PowerDNS version in packets - full, anonymous,
>>>> powerdns or custom
>>>> #
>>>> # version-string=full
>>>>
>>>> #################################
>>>> # webserver    Start a webserver for monitoring
>>>> #
>>>> # webserver=no
>>>>
>>>> #################################
>>>> # webserver-address    IP Address of webserver to listen on
>>>> #
>>>> # webserver-address=127.0.0.1
>>>>
>>>> #################################
>>>> # webserver-password    Password required for accessing the webserver
>>>> #
>>>> # webserver-password=
>>>>
>>>> #################################
>>>> # webserver-port    Port of webserver to listen on
>>>> #
>>>> # webserver-port=8081
>>>>
>>>> #################################
>>>> # webserver-print-arguments    If the webserver should print arguments
>>>> #
>>>> # webserver-print-arguments=no
>>>>
>>>> #################################
>>>> # wildcard-url    Process URL and MBOXFW records
>>>> #
>>>> wildcard-url=yes
>>>> ##################################
>>>> module-dir=/usr/lib64
>>>> socket-dir=/var/run/pdns-server
>>>> setuid=powerdns
>>>> setgid=powerdns
>>>> launch=gmysql
>>>> gmysql-host=127.0.0.1
>>>> gmysql-user=powerdns
>>>> gmysql-password=xxxx
>>>> gmysql-dbname=xxxx
>>>>
>>>>
>>>>
>>>>
>>>> Kindly suggest us or give steps which requires in conf file of pdns
>>>> for setting up Hidden Master DNS server.
>>>>
>>>> Awaiting your kind reply.
>>>>
>>>> Thanks
>>>>
>>>>
>>>>
>>>> On 02/06/2014 12:05 PM, sajid-gmail wrote:
>>>>> Hello,
>>>>>
>>>>> I have installed PowerDNS Authoritative Server 3.3 on centos.
>>>>>
>>>>> when I allow axfr IPs in master then I got follwing below Error,
>>>>>
>>>>> Feb  5 22:25:30 powerdns pdns[18815]: Error trying to resolve
>>>>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>>>>> notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
>>>>> Feb  5 22:25:30 powerdns pdns[18815]: Error trying to resolve
>>>>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>>>>> notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
>>>>> Feb  5 22:25:30 powerdns pdns[18815]: Error trying to resolve
>>>>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>>>>> notify to [2607:fc88:1001:1::4]:53: Network is unreachable
>>>>> Feb  5 22:25:30 powerdns pdns[18815]: Query: select
>>>>> id,name,master,last_check,type from domains where type='SLAVE'
>>>>> Feb  5 22:25:30 powerdns pdns[18815]: Query: select
>>>>> id,name,master,last_check,notified_serial,type from domains where
>>>>> type='MASTER'
>>>>> Feb  5 22:25:30 powerdns pdns[18815]: Query: select
>>>>> content,ttl,prio,type,domain_id,name from records where type='SOA'
>>>>> and name='example.com'
>>>>> Feb  5 22:25:39 powerdns pdns[18815]: Error trying to resolve
>>>>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>>>>> notify to [2607:f0d0:1004:82::4]:53: Network is unreachable
>>>>> Feb  5 22:25:39 powerdns pdns[18815]: Error trying to resolve
>>>>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>>>>> notify to [2607:f0d0:3001:90::4]:53: Network is unreachable
>>>>> Feb  5 22:25:39 powerdns pdns[18815]: Error trying to resolve
>>>>> 'x:x:x:x::x' for notifying 'example.com' to server: Unable to send
>>>>> notify to [2607:fc88:1001:1::4]:53: *Network is unreachable*
>>>>>
>>>>>
>>>>> Note : x:x:x:x::x (IPv6 address)
>>>>>
>>>>> AXFR setting in master:
>>>>> cat /etc/powerdns/pdns.conf | grep -v "#" | grep axfr
>>>>> allow-axfr-ips= 192.168.0.1 192.168.1.11
>>>>> disable-axfr=no
>>>>>
>>>>> Why it is go for IPv6 ip which I am not mentioned in axfr settings,
>>>>> Why I got "*Network is unreachable*"
>>>>>
>>>>> Please help me or give me some steps to  resolve this issue.
>>>>> Please share me with some links that are usefull in this kind of issue,
>>>>> Or let me know How to stop ipv6 setting in pdns.conf.
>>>>>
>>>>>
>>>>> Awaiting your kind reply.
>>>>>
>>>>> Thanks
>>>>>
>>>> _______________________________________________
>>>> Pdns-users mailing list
>>>> Pdns-users at mailman.powerdns.com
>>>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>>





More information about the Pdns-users mailing list