[Pdns-users] IXFR confuses dig, Godaddy

Peter van Dijk peter.van.dijk at netherlabs.nl
Mon Jan 6 07:48:01 UTC 2014


Hello Pierre,

On 30 Dec 2013, at 16:39 , Pierre Beck <pbeck at videobuster.de> wrote:

> sorry for the confusion, I'm still new to DNS terminology. Yes, it is
> three *messages*, and as far as I can see that makes the difference for
> dig / BIND. The request is IXFR with a serial < current serial. Dig does
> expect an AXFR-style response, but not in multiple messages. So that's
> issue #1 dig failing to parse IXFR responses from PowerDNS. I'm in
> contact with ISC about that issue, but it would be wise to workaround in
> PowerDNS as well to increase compatibility mid-term by putting more /
> all information in one message.

Please file a ticket at https://github.com/PowerDNS/pdns/issues/new with a clear reproduction scenario.

> Issue #2 is sending an AXFR conditionless. When request serial >=
> current serial, only the current SOA should be sent, but PowerDNS always
> sends full AXFR. This does not break dig, as dig will just cut off the
> connection when the first message with SOA serial equal or lower
> arrived. But that may change when issue #1 is fixed and is a protocol
> violation anyways.

It is not, see paragraph 1 of section 4 of RFC 1955. However, we could perhaps do better here. Please file a ticket (which we will treat as a feature request unless we find a serious interoperability issue even after fixing #1).

> Should be easy to fix: Just compare serials before answering and put
> everything in one message. Send only SOA when request serial >= current
> serial.
> 
> Issue #3 is GoDaddy somewhat running into the same problem as dig (do
> they use BIND servers?), but that's more of an anecdote. A live example
> of what happens when compat issues arise between PowerDNS and BIND.

Once one or both of tickets above have been handled, we’re hoping to hear back from you about this :)

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140106/f4d96fce/attachment.sig>


More information about the Pdns-users mailing list