[Pdns-users] "GSQLBackend unable to list metadata" with dnssec disabled?

Oli Schacher pdns at lists.wgwh.ch
Tue Nov 4 14:53:47 UTC 2014


On Tue, 4 Nov 2014 16:02:43 +0200
Aki Tuomi <cmouse at youzen.ext.b2.fi> wrote:

> On Tue, Nov 04, 2014 at 02:32:34PM +0100, Oli Schacher wrote:
> > On Tue, 4 Nov 2014 15:10:28 +0200
> > Aki Tuomi <cmouse at youzen.ext.b2.fi> wrote:
> > > 
> > > Domain table is consulted in some cases, not metadata. You need to
> > > fix those queries as well, and permit read access to the domains
> > > table.
> > > 
> > > Aki
> > 
> > Which additional queries do I have to fix? The documentation on
> > http://doc.powerdns.com/html/generic-mypgsql-backends.html states
> > that only the basic queries are used if I don't enable features like
> > dnssec and master/slave. 
> > 
> > Of course I could just override all queries listed there, but I'd
> > really like to know why this configuration works on two servers but
> > not on the third. Could you give an example situation which would
> > cause the domains table to be queried and cause this error?
> > 
> > Thanks
> > Oli
> > 
> 
> Look at the 
> 
> # gmysql-get-all-domains-query  Retrieve all domains
> # gmysql-get-all-domains-query=select domains.id, domains.name,
> records.content, domains.type, domains.master,
> domains.notified_serial, domains.last_check from domains LEFT JOIN
> records ON records.domain_id=domains.id AND records.type='SOA' AND
> records.name=domains.name WHERE records.disabled=0 OR %d #
> gmysql-info-zone-query=select
> id,name,master,last_check,notified_serial,type from domains where
> name='%s'
> 
> i'm pretty sure it's one of these.

Changing these  didn't help, same error. I enabled the query log on
the mysql server which shows powerdns running the following
query: 

select content from domains, domainmetadata where
domainmetadata.domain_id=domains.id and name='<munged>' and
domainmetadata.kind='SOA-EDIT'

This corresponds to the "get-domain-metadata-query" setting. The doc
on metadata however states: "Domain metadata is only available for
DNSSEC capable backends! Make sure to enable the proper '-dnssec'
setting to benefit, and to have performed the DNSSEC schema update."

I did not enable gmysql-dnssec - so why is pdns trying to run this
query?


-- 
message transmitted on 100% recycled electrons




More information about the Pdns-users mailing list