[Pdns-users] domainmetadata ALSO-NOTIFY appears to not work?
David B Harris
dbharris at eelf.ddts.net
Thu Mar 13 20:06:00 UTC 2014
Sorry, my mistake; it turns out I hadn't in fact successfully tried
pgpsql-dnssec - including that in my pdns.conf worked like a charm.
Thanks again,
David
On Thu Mar 13, 03:55pm -0400, David B Harris wrote:
> Good afternoon all,
>
> I'm deploying PowerDNS for the first time. We needed a simple standalone
> web interface for robust/fatfinger-free and easy editing of our zones.
> Our configuration is/will be:
>
> 1. A single hidden PowerDNS 3.3.1 master
> 2. Two public slaves we control (running PowerDNS 3.3.1 with the
> hidden master configured as supermaster)
> 3. "Three" slaves run by EasyDNS, which themselves use a hidden
> master
>
> Everything between our PowerDNS instances is working great. I haven't
> finished going through the default config file to see if we want to
> change anything, but as-is it's working fine.
>
> We're having problems using the third-party slave(s) though. EasyDNS has
> a hidden master/central system that serves as the AXFR initiator.
> Currently, that's 64.68.200.91. The slaves do not initiate AXFRs, and
> ignore NOTIFYs (returning RCODE 5).
>
> My 'domainmetadata' has the following:
>
> pdns=# SELECT * FROM domainmetadata;
> id | domain_id | kind | content
> ----+-----------+-----------------+--------------
> 2 | 2 | ALLOW-AXFR-FROM | 64.68.200.91
> 4 | 2 | ALSO-NOTIFY | 64.68.200.91
> (2 rows)
>
> pdns=#
>
> (Please give me the benefit of the doubt on using the correct domain_id. :)
>
> Now I read in a mailing list post that perhaps gpgsql-dnssec had to be
> loaded for 'domainmetadata' to be read at all? I added that to my
> pdns.conf and still, NOTIFYs appear to not be sent. Here's my
> (effective) pdns.conf:
>
> master
>
> launch=gpgsql
> gpgsql-dbname=pdns
> gpgsql-user=pdns
> gpgsql-password=foobar
>
> When I make a change to the zone (using the PowerAdmin PHP frontend,
> incidentally), these are the log messages I get (note nothing about
> 64.68.200.91, though a number of failed NOTIFYs to the EasyDNS public slaves):
>
> Mar 13 15:39:47 apricot pdns[7206]: 1 domain for which we are master needs notifications
> Mar 13 15:39:48 apricot pdns[7206]: Queued notification of domain 'foocorp.com' to 2001:1838:f001::10
> Mar 13 15:39:48 apricot pdns[7206]: Queued notification of domain 'foocorp.com' to 64.68.192.210
> Mar 13 15:39:48 apricot pdns[7206]: Queued notification of domain 'foocorp.com' to 64.68.196.10
> Mar 13 15:39:48 apricot pdns[7206]: Queued notification of domain 'foocorp.com' to 67.205.89.78
> Mar 13 15:39:48 apricot pdns[7206]: Queued notification of domain 'foocorp.com' to 72.52.2.1
> Mar 13 15:39:48 apricot pdns[7206]: Queued notification of domain 'foocorp.com' to 74.52.92.34
> Mar 13 15:39:48 apricot pdns[7206]: Error trying to resolve '2001:1838:f001::10' for notifying 'foocorp.com' to server: Unable to send notify to [2001:1838:f001::10]:53: Network is unreachable
> Mar 13 15:39:49 apricot pdns[7206]: AXFR of domain 'foocorp.com' initiated by 74.52.92.34
> Mar 13 15:39:49 apricot pdns[7206]: AXFR of domain 'foocorp.com' allowed: client IP 74.52.92.34 is in allow-axfr-ips
> Mar 13 15:39:49 apricot pdns[7206]: AXFR of domain 'foocorp.com' to 74.52.92.34 finished
> Mar 13 15:39:49 apricot pdns[7206]: AXFR of domain 'foocorp.com' initiated by 67.205.89.78
> Mar 13 15:39:49 apricot pdns[7206]: AXFR of domain 'foocorp.com' allowed: client IP 67.205.89.78 is in allow-axfr-ips
> Mar 13 15:39:49 apricot pdns[7206]: AXFR of domain 'foocorp.com' to 67.205.89.78 finished
> Mar 13 15:39:49 apricot pdns[7206]: Removed from notification list: 'foocorp.com' to 67.205.89.78:53 (was acknowledged)
> Mar 13 15:39:49 apricot pdns[7206]: Received unsuccessful notification report for 'foocorp.com' from 64.68.192.210:53, rcode: 5
> Mar 13 15:39:49 apricot pdns[7206]: Removed from notification list: 'foocorp.com' to 64.68.192.210:53
> Mar 13 15:39:49 apricot pdns[7206]: Removed from notification list: 'foocorp.com' to 74.52.92.34:53 (was acknowledged)
> Mar 13 15:39:49 apricot pdns[7206]: Received unsuccessful notification report for 'foocorp.com' from 72.52.2.1:53, rcode: 5
> Mar 13 15:39:49 apricot pdns[7206]: Removed from notification list: 'foocorp.com' to 72.52.2.1:53
> Mar 13 15:39:49 apricot pdns[7206]: Received unsuccessful notification report for 'foocorp.com' from 64.68.196.10:53, rcode: 5
> Mar 13 15:39:49 apricot pdns[7206]: Removed from notification list: 'foocorp.com' to 64.68.196.10:53
> Mar 13 15:39:51 apricot pdns[7206]: Error trying to resolve '2001:1838:f001::10' for notifying 'foocorp.com' to server: Unable to send notify to [2001:1838:f001::10]:53: Network is unreachable
> Mar 13 15:39:51 apricot pdns[7206]: No master domains need notifications
> Mar 13 15:39:56 apricot pdns[7206]: Error trying to resolve '2001:1838:f001::10' for notifying 'foocorp.com' to server: Unable to send notify to [2001:1838:f001::10]:53: Network is unreachable
> Mar 13 15:40:05 apricot pdns[7206]: Error trying to resolve '2001:1838:f001::10' for notifying 'foocorp.com' to server: Unable to send notify to [2001:1838:f001::10]:53: Network is unreachable
>
>
>
>
> ^C
> [ dbharris at apricot: /var/log/ (1)]$ date
> Thu Mar 13 15:47:59 EDT 2014
> [ dbharris at apricot: /var/log/ (1)]$
>
>
> Anybody have any ideas? Is there something I'm doing obviously wrong? If I
> don't need it, can I take gpgsql-dnssec out of my pdns.conf?
>
> Thanks very much in advance,
>
> David
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
--
Arguing with an engineer is like wrestling with a pig in mud.
After a while, you realise the pig is enjoying it.
OpenPGP v4 key ID: 4096R/59DDCB9F
Fingerprint: CC53 F124 35C0 7BC2 58FE 7A3C 157D DFD9 59DD CB9F
Retrieve from subkeys.pgp.net
More information about the Pdns-users
mailing list