[Pdns-users] domainmetadata ALSO-NOTIFY appears to not work?

David B Harris dbharris at eelf.ddts.net
Thu Mar 13 19:55:17 UTC 2014 

Good afternoon all,

I'm deploying PowerDNS for the first time. We needed a simple standalone
web interface for robust/fatfinger-free and easy editing of our zones.
Our configuration is/will be:

    1. A single hidden PowerDNS 3.3.1 master
    2. Two public slaves we control (running PowerDNS 3.3.1 with the
       hidden master configured as supermaster)
    3. "Three" slaves run by EasyDNS, which themselves use a hidden
       master

Everything between our PowerDNS instances is working great. I haven't
finished going through the default config file to see if we want to
change anything, but as-is it's working fine.

We're having problems using the third-party slave(s) though. EasyDNS has
a hidden master/central system that serves as the AXFR initiator.
Currently, that's 64.68.200.91. The slaves do not initiate AXFRs, and
ignore NOTIFYs (returning RCODE 5).

My 'domainmetadata' has the following:

    pdns=# SELECT * FROM domainmetadata;
    id | domain_id |      kind       |   content    
    ----+-----------+-----------------+--------------
    2 |         2 | ALLOW-AXFR-FROM | 64.68.200.91
    4 |         2 | ALSO-NOTIFY     | 64.68.200.91
    (2 rows)

    pdns=# 

(Please give me the benefit of the doubt on using the correct domain_id. :)

Now I read in a mailing list post that perhaps gpgsql-dnssec had to be
loaded for 'domainmetadata' to be read at all? I added that to my
pdns.conf and still, NOTIFYs appear to not be sent. Here's my
(effective) pdns.conf:

    master

    launch=gpgsql
    gpgsql-dbname=pdns
    gpgsql-user=pdns
    gpgsql-password=foobar

When I make a change to the zone (using the PowerAdmin PHP frontend,
incidentally), these are the log messages I get (note nothing about
64.68.200.91, though a number of failed NOTIFYs to the EasyDNS public slaves):

    Mar 13 15:39:47 apricot pdns[7206]: 1 domain for which we are master needs notifications
    Mar 13 15:39:48 apricot pdns[7206]: Queued notification of domain 'foocorp.com' to 2001:1838:f001::10
    Mar 13 15:39:48 apricot pdns[7206]: Queued notification of domain 'foocorp.com' to 64.68.192.210
    Mar 13 15:39:48 apricot pdns[7206]: Queued notification of domain 'foocorp.com' to 64.68.196.10
    Mar 13 15:39:48 apricot pdns[7206]: Queued notification of domain 'foocorp.com' to 67.205.89.78
    Mar 13 15:39:48 apricot pdns[7206]: Queued notification of domain 'foocorp.com' to 72.52.2.1
    Mar 13 15:39:48 apricot pdns[7206]: Queued notification of domain 'foocorp.com' to 74.52.92.34
    Mar 13 15:39:48 apricot pdns[7206]: Error trying to resolve '2001:1838:f001::10' for notifying 'foocorp.com' to server: Unable to send notify to [2001:1838:f001::10]:53: Network is unreachable
    Mar 13 15:39:49 apricot pdns[7206]: AXFR of domain 'foocorp.com' initiated by 74.52.92.34
    Mar 13 15:39:49 apricot pdns[7206]: AXFR of domain 'foocorp.com' allowed: client IP 74.52.92.34 is in allow-axfr-ips
    Mar 13 15:39:49 apricot pdns[7206]: AXFR of domain 'foocorp.com' to 74.52.92.34 finished
    Mar 13 15:39:49 apricot pdns[7206]: AXFR of domain 'foocorp.com' initiated by 67.205.89.78
    Mar 13 15:39:49 apricot pdns[7206]: AXFR of domain 'foocorp.com' allowed: client IP 67.205.89.78 is in allow-axfr-ips
    Mar 13 15:39:49 apricot pdns[7206]: AXFR of domain 'foocorp.com' to 67.205.89.78 finished
    Mar 13 15:39:49 apricot pdns[7206]: Removed from notification list: 'foocorp.com' to 67.205.89.78:53 (was acknowledged)
    Mar 13 15:39:49 apricot pdns[7206]: Received unsuccessful notification report for 'foocorp.com' from 64.68.192.210:53, rcode: 5
    Mar 13 15:39:49 apricot pdns[7206]: Removed from notification list: 'foocorp.com' to 64.68.192.210:53
    Mar 13 15:39:49 apricot pdns[7206]: Removed from notification list: 'foocorp.com' to 74.52.92.34:53 (was acknowledged)
    Mar 13 15:39:49 apricot pdns[7206]: Received unsuccessful notification report for 'foocorp.com' from 72.52.2.1:53, rcode: 5
    Mar 13 15:39:49 apricot pdns[7206]: Removed from notification list: 'foocorp.com' to 72.52.2.1:53
    Mar 13 15:39:49 apricot pdns[7206]: Received unsuccessful notification report for 'foocorp.com' from 64.68.196.10:53, rcode: 5
    Mar 13 15:39:49 apricot pdns[7206]: Removed from notification list: 'foocorp.com' to 64.68.196.10:53
    Mar 13 15:39:51 apricot pdns[7206]: Error trying to resolve '2001:1838:f001::10' for notifying 'foocorp.com' to server: Unable to send notify to [2001:1838:f001::10]:53: Network is unreachable
    Mar 13 15:39:51 apricot pdns[7206]: No master domains need notifications
    Mar 13 15:39:56 apricot pdns[7206]: Error trying to resolve '2001:1838:f001::10' for notifying 'foocorp.com' to server: Unable to send notify to [2001:1838:f001::10]:53: Network is unreachable
    Mar 13 15:40:05 apricot pdns[7206]: Error trying to resolve '2001:1838:f001::10' for notifying 'foocorp.com' to server: Unable to send notify to [2001:1838:f001::10]:53: Network is unreachable




    ^C
    [ dbharris at apricot: /var/log/ (1)]$ date
    Thu Mar 13 15:47:59 EDT 2014
    [ dbharris at apricot: /var/log/ (1)]$ 


Anybody have any ideas? Is there something I'm doing obviously wrong? If I
don't need it, can I take gpgsql-dnssec out of my pdns.conf?

Thanks very much in advance,

David

More information about the Pdns-users mailing list