[Pdns-users] Need help re: Remote tried to sneak in out-of-zone data ''|SOA during AXFR of zone

Peter van Dijk peter.van.dijk at netherlabs.nl
Tue Feb 18 22:07:49 UTC 2014 

Hi Chris,

Just a very quick reply - inline.

On 18 Feb 2014, at 22:51 , Chris Moody <chris at node-nine.com> wrote:

>> ====[ dig axfr @ master ]=====
> root at nyny-dp-1 ~ # dig @206.71.169.116 mysitehealth.com axfr
> 
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @206.71.169.116 mysitehealth.com axfr
> ; (1 server found)
> ;; global options: +cmd
> .            86400    IN    SOA    ns1.mysitehealth.com. postmaster.mysitehealth.com. 61 10800 3600 604800 3600
> ns1.mysitehealth.com.    120    IN    A    206.71.169.116
> ns2.mysitehealth.com.    120    IN    A    64.106.186.196
> mysitehealth.com.    120    IN    NS ns1.mysitehealth.com.
> mysitehealth.com.    120    IN    NS ns2.mysitehealth.com.
> mysitehealth.com.    120    IN    MX    10 mx1.mysitehealth.com.
> mx1.mysitehealth.com.    120    IN    A    206.71.169.116
> www.mysitehealth.com.    120    IN    A    206.71.169.116
> .            86400    IN    SOA    ns1.mysitehealth.com. postmaster.mysitehealth.com. 61 10800 3600 604800 3600
> ;; Query time: 144 msec
> ;; SERVER: 206.71.169.116#53(206.71.169.116)
> ;; WHEN: Tue Feb 18 21:40:53 2014
> ;; XFR size: 9 records (messages 3, bytes 326)
> =====
> 
> Now I suppose it begs the question, why are there duplicate SOA's being returned when they're not in the DB?

An AXFR starts -ands- ends with the SOA. This is a protocol decision and does not mean you have duplicate data in the database.

However, your SOAs have ‘.’ as their name instead of mysitehealth.com. This is an issue.

From the thread I get the impression you are using opendbx (why?) but are following various gmysql-related docs to manage it. These are different backends with different needs. I can’t pinpoint why your SOAs are broken, but I would recommend picking a backend, using the schema that actually goes with it, and taking it from there.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140218/e79079bc/attachment-0001.sig>

More information about the Pdns-users mailing list