[Pdns-users] SOA serial strange behaviour

Frank Altpeter frank.altpeter at gmail.com
Thu Jul 26 10:15:03 UTC 2018 

Hi list,

I came across a very strange problem with my powerdns installation. As
info, I'm using powredns since some years now, started with replacing bind
slaves with pdns. No I finally got to replace the last bind based one, my
master/slave server.

p-dns:~ # pdns_server --version
Jul 26 11:54:46 PowerDNS Authoritative Server 4.1.3 (C) 2001-2018
PowerDNS.COM BV

It is configured as master and slave, since it's hosting some zones as
hidden primary. Because of some customers with lots of domains sharing the
same bind zonefile, I have set up the system to both bind backend and
gmysql backend.

So, I got a zone where the serial doesn't do what it should. Please see
here:

The value returned from the real primary:
freddy at hades ~ % dig +short +noshort floppysheep.com soa @koef.zs64.net
floppysheep.com. 432000 IN SOA koef.zs64.net. hostmaster.zs64.net.
2018072400 86400 3600 3888000 300

The value returned from the hidden primary:
freddy at hades ~ % dig +short +noshort floppysheep.com soa @p-dns.irz42.net
floppysheep.com. 432000 IN SOA koef.zs64.net. hostmaster.zs64.net.
2018072601 86400 3600 3888000 300

The value returned from the second slave (directly syncing from the real
primary):
freddy at hades ~ % dig +short +noshort floppysheep.com soa @s-dns.irz42.net
floppysheep.com. 432000 IN SOA koef.zs64.net. hostmaster.zs64.net.
2018072400 86400 3600 3888000 300


As you see, both the master and the second slave have 2018072400 as serial,
but the hidden primary has the serial 2018072601.

The problem is, I have no clue where this serial is coming from. The domain
is configured via bind backend so the serial has to come from the zonefile
itself, but it isn't:

p-dns:~ # grep SOA /var/named/slave/floppysheep.com
@ 432000 SOA koef.zs64.net. hostmaster.zs64.net. 2018072400 86400 3600
3888000 300

So it seems that pdns silently rewrites the serial value for whatever
reason.

Any idea where this serial comes from?

While writing this email I had another little idea and checked my config.
I have these configured:

p-dns:~ # egrep -i 'soa|serial' /etc/pdns/pdns.conf | grep -v '^#'
axfr-lower-serial=yes
default-soa-edit=INCEPTION-INCREMENT
default-soa-edit-signed=INCEPTION-INCREMENT

but according to the docs, I don't see them in charge for this.
Interestingly, when disabling these, the SOA records for the zone are
returned exactly like they are configured in the zone file. When
re-enabling these, the SOA record jumps back on 2018072601.

So, why is this?
If I understood correctly, I need INCEPTION-INCREMENT to make sure that
changes on the sql zones get saved with a new serial without having to
'pdnsutil increase-serial' every time. But when this setting makes my bind
zones return wrong serials I don't see how I can live with that variable
setting...



-- 
with kind regards

        Frank Altpeter

-- 
FA-RIPE || https://about.me/frank.altpeter/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20180726/ca348fce/attachment.html>

More information about the Pdns-users mailing list