[Pdns-users] AXFR error using dnsdist
Marc Wijtkamp
marc at linuxpro.nl
Thu Apr 25 18:24:42 UTC 2019
Hi fooks,
I've something strange: When I don't use dnsdist on my master dns, axfr
to my slave works. When I place dnsdist in front of the master dns I get
and AXFR error. The exact error is, when running a pdns_control retrieve
example.com (replaced the actual domainname with example.com:
pdns_server: Starting AXFR of 'example.com' from remote 192.168.1.1:53
pdns_server: Unable to AXFR zone 'example.com' from remote '192.168.1.1'
(resolver): AXFR chunk error: Server Failure
I've read https://dnsdist.org/advanced/axfr.html and next dnsdist config
file on the master (192.168.1.1), slave is on 192.168.1.2:
setLocal('192.168.1.1')
addLocal('127.0.0.1:53')
setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access
newServer({address='127.0.0.1:5300', pool='auth'})
newServer({address='127.0.0.1:54', pool='recursor'})
newServer({address='192.168.1.1', name='master', pool={'master'}})
recursive_ips = newNMG()
recursive_ips:addMask('192.168.1.2/32')
recursive_ips:addMask('127.0.0.1/32')
recursive_ips:addMask('192.168.1.3/32')
addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
addAction(AllRule(), PoolAction('auth'))
addAction(OrRule({QTypeRule(dnsdist.SOA), QTypeRule(dnsdist.AXFR),
QTypeRule(dnsdist.IXFR)}), PoolAction('master'))
addAction(AndRule({OrRule({QTypeRule(dnsdist.AXFR),
QTypeRule(dnsdist.IXFR)}), NotRule(makeRule('192.168.1.1/32'))}),
RCodeAction(dnsdist.REFUSED))
setECSOverride(true)
setECSSourcePrefixV4(32)
setECSSourcePrefixV6(128)
Using:
Master: CentOS 7.6 running: pdns-4.0.7-1, pdns-backend-mysql-4.0.7-1,
pdns-recursor-4.1.12-1 and dnsdist-1.3.3-1
Slave: CentOS 7.6 running: pdns-4.1.8-1, pdns-backend-mysql-4.1.8-1,
pdns-recursor-4.1.9-1 and dnsdist-1.3.3-1
Someone suggestions? I also tried updating pdns-server and
pdns-recursor to 4.1x but that doesn't make any difference.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190425/d04cf16d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190425/d04cf16d/attachment.sig>
More information about the Pdns-users
mailing list