[Pdns-users] Need help re: Remote tried to sneak in out-of-zone data ''|SOA during AXFR of zone
Chris Moody
chris at node-nine.com
Tue Feb 18 21:51:49 UTC 2014
Replies inline.
On 2/18/14 2:56 PM, Aki Tuomi wrote:
> On Tue, Feb 18, 2014 at 02:47:33PM -0500, Chris Moody wrote:
>> Could all this perhaps be related to using opendbx as the backend?
>>
>> =====
>> Feb 18 19:25:22 nyny-dp-1 pdns[7979]: Received NOTIFY for
>> mysitehealth.com from 206.71.169.116 for which we are not
>> authoritative
>> Feb 18 19:25:23 nyny-dp-1 pdns[7979]: Unable to find backend willing
>> to host mysitehealth.com for potential supermaster 206.71.169.116. 4
>> remote nameservers:
>> =====
>>
> This issue is due to misconfiguration for supermasters. The supermasters table
> must have matching hostname and ip address in it. It has to match ns1.mysitehealth.com and 206.71.169.116.
Face palm - my mistake on this bit. When I dropped the table I forgot
to re-add the supermaster records. They're back and again reporting the
AXFR issue.
>
>> Here's the brand new zone that's got the same issue.
>> =====
>> mysql> SELECT * FROM records WHERE domain_id = 635;
>> +-------+-----------+----------------------+------+-------+------+----------------------------------------------------------------------------+-----------+------+----------+
>> | id | domain_id | name | type | ttl | prio |
>> content | ordername | auth | disabled |
>> +-------+-----------+----------------------+------+-------+------+----------------------------------------------------------------------------+-----------+------+----------+
>> | 35276 | 635 | mysitehealth.com | SOA | 86400 | NULL |
>> ns1.mysitehealth.com. postmaster at mysitehealth.com 0 10800 3600
>> 604800 3600 | NULL | NULL | NULL |
>> | 35277 | 635 | ns1.mysitehealth.com | A | 120 | NULL |
>> 206.71.169.116 | NULL | NULL | NULL |
>> | 35278 | 635 | ns2.mysitehealth.com | A | 120 | NULL |
>> 64.106.186.196 | NULL | NULL | NULL |
>> | 35279 | 635 | mysitehealth.com | NS | 120 | NULL |
>> ns1.mysitehealth.com | NULL | NULL | NULL |
>> | 35280 | 635 | mysitehealth.com | NS | 120 | NULL |
>> ns2.mysitehealth.com | NULL | NULL | NULL |
>> | 35282 | 635 | mysitehealth.com | MX | 120 | 10 |
>> mx1.node-nine.com | NULL | NULL | NULL |
>> +-------+-----------+----------------------+------+-------+------+----------------------------------------------------------------------------+-----------+------+----------+
>> 6 rows in set (0.00 sec)
>>
>> mysql>
>> =====
>>
> Can you try dig axfr mysitehealth.com @localhost (if you have axfr from localhost permitted)
>
> Please check master logs as well
So this is strange - I -do- see duplicate SOA records in the axfr but
not in the master's DB.
ex>
=====[ master ]=====
mysql> SELECT * FROM records WHERE name = "." OR name = "";
Empty set (0.00 sec)
=====
=====[ dig axfr @ master ]=====
root at nyny-dp-1 ~ # dig @206.71.169.116 mysitehealth.com axfr
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @206.71.169.116
mysitehealth.com axfr
; (1 server found)
;; global options: +cmd
. 86400 IN SOA ns1.mysitehealth.com.
postmaster.mysitehealth.com. 61 10800 3600 604800 3600
ns1.mysitehealth.com. 120 IN A 206.71.169.116
ns2.mysitehealth.com. 120 IN A 64.106.186.196
mysitehealth.com. 120 IN NS ns1.mysitehealth.com.
mysitehealth.com. 120 IN NS ns2.mysitehealth.com.
mysitehealth.com. 120 IN MX 10 mx1.mysitehealth.com.
mx1.mysitehealth.com. 120 IN A 206.71.169.116
www.mysitehealth.com. 120 IN A 206.71.169.116
. 86400 IN SOA ns1.mysitehealth.com.
postmaster.mysitehealth.com. 61 10800 3600 604800 3600
;; Query time: 144 msec
;; SERVER: 206.71.169.116#53(206.71.169.116)
;; WHEN: Tue Feb 18 21:40:53 2014
;; XFR size: 9 records (messages 3, bytes 326)
=====
Now I suppose it begs the question, why are there duplicate SOA's being
returned when they're not in the DB?
(I -REALLY- appreciate the help on this)
-Chris
>
>> Cheers,
>> -Chris
>>
>> On 2/18/14 2:14 PM, Aki Tuomi wrote:
>>> SELECT * FROM records WHERE domain_id =
>>
More information about the Pdns-users
mailing list