[Pdns-users] Multiple A records cause AXFR failure

Aki Tuomi cmouse at youzen.ext.b2.fi
Sun Nov 22 11:01:54 UTC 2015 

You can also try pdnssec check-zone zonename to find out why it's broken.

It works even if you aren't using dnssec.

Aki

On Sun, Nov 22, 2015 at 11:37:25AM +0100, leen at consolejunkie.net wrote:
> Hi a b,
> 
> Based on your queries below, you seem to not be using the default
> table schema and queries:
> 
> https://doc.powerdns.com/md/authoritative/backend-generic-mypgsql/#regular-queries
> 
> Can you post your query configuration and schema ?
> 
> Seems to me it might be related to that.
> 
> Have a good day,
>  Leen.
> 
> On 2015-11-22 11:26, a b wrote:
> >I added two A records, as follows:
> >
> >SQL> insert into records(id, zone_id, fqdn, content, type) values(16,
> >(select id from zones where name = 'dmz'), 'ntp.dmz', '172.16.2.2',
> >'A');
> >
> >1 row created.
> >
> >SQL> insert into records(id, zone_id, fqdn, content, type) values(66,
> >(select id from zones where name = 'dmz'), 'ntp.dmz', '172.16.2.3',
> >'A');
> >
> >1 row created.
> >
> >SQL> update zones set serial = 2015112208 where name = 'dmz';
> >
> >1 row updated.
> >
> >SQL> commit;
> >
> >Commit complete.
> >
> >As soon as I do that, AXFR no longer works:
> >
> >Nov 22 11:12:45 supermaster.domain.tld pdns[4849]: [ID 702911
> >local0.error] 1 domain for which we are master needs notifications
> >Nov 22 11:12:55 supermaster.domain.tld pdns[4849]: [ID 702911
> >local0.warning] Queued notification of domain 'dmz' to 172.16.2.5:53
> >Nov 22 11:12:56 supermaster.domain.tld pdns[4849]: [ID 702911
> >local0.error] AXFR of domain 'dmz' initiated by 172.16.2.5
> >Nov 22 11:12:56 supermaster.domain.tld pdns[4849]: [ID 702911
> >local0.error] TCP server is without backend connections in doAXFR,
> >launching
> >Nov 22 11:12:56 supermaster.domain.tld pdns[4849]: [ID 702911
> >local0.warning] Removed from notification list: 'dmz' to
> >172.16.2.5:53
> >(was acknowledged)
> >Nov 22 11:12:56 supermaster.domain.tld pdns[4849]: [ID 702911
> >local0.warning] AXFR of domain 'dmz' allowed: client IP 172.16.2.5 is
> >in per-domain ACL
> >Nov 22 11:12:56 supermaster.domain.tld pdns[4849]: [ID 702911
> >local0.error] TCP Connection Thread unable to answer a question
> >because of a backend error, cycling
> >Nov 22 11:12:58 supermaster.domain.tld pdns[4849]: [ID 702911
> >local0.warning] No master domains need notifications
> >
> >Nov 22 11:12:56 superslave.domain.tld pdns[3656]: [ID 702911
> >local0.warning] 1 slave domain needs checking, 0 queued for AXFR
> >Nov 22 11:12:56 superslave.domain.tld pdns[3656]: [ID 702911
> >local0.warning] Received serial number updates for 1 zones, had 0
> >timeouts
> >Nov 22 11:12:56 superslave.domain.tld pdns[3656]: [ID 702911
> >local0.warning] Domain 'dmz' is stale, master serial 2015112209, our
> >serial 0
> >Nov 22 11:12:56 superslave.domain.tld pdns[3656]: [ID 702911
> >local0.error] Initiating transfer of 'dmz' from remote '172.16.2.4'
> >Nov 22 11:12:56 superslave.domain.tld pdns[3656]: [ID 702911
> >local0.error] AXFR started for 'dmz'
> >Nov 22 11:12:56 superslave.domain.tld pdns[3656]: [ID 702911
> >local0.error] Unable to AXFR zone 'dmz' from remote '172.16.2.4'
> >(resolver): Remote nameserver closed TCP connection
> >
> >...what do the errors "TCP Connection Thread unable to answer a
> >question because of a backend error, cycling",
> >and
> >"Unable to AXFR zone 'dmz' from remote '172.16.2.4' (resolver):
> >Remote nameserver closed TCP connection"
> >mean?
> >
> >If I am doing something wrong, what is it?
> 
> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>

More information about the Pdns-users mailing list