[Pdns-users] Zone Transfers
Matthias Cramer
matthias.cramer at iway.ch
Mon Aug 5 19:22:44 UTC 2019
Hi Curtis
I run 5 powerdns server with MySQL replication over an OpenVPN Tunnel
for encryption. Two in Switzerland, one in Germany one in Singapore and
one in California, this now for several years, without any replication
problems.
Supermaster is only a concept for accepting notifies and the crating
zones for unknown zones. It it not a protocol extension. All that goes
over the wire is still the same old stuff.
Regards Matthias
On 05/08/2019 19:01, Curtis Maurand wrote:
> Hello,
>
> I've been running powerdns pretty much since it came into existence.
> I've been on this list forever. It's been very helpful. I ran pdns
> out of spite for BIND. i figured you all needed a better answer than
> I gave earlier.
>
> For what ever reason I did not receive Matthias' email directly.
> Supermaster doesn't look to be part of the RFC, so why can't it send
> deletions? It's already doing it for individual records.
>
> It's like dnsdist not getting a list of authoritative domains from the
> db server that pdns talks to at startup and having to hard code them
> into a file. I thought powerdns was developed to take advantage of
> the database server. Why am I hard coding txt files when I have this
> lovely database with a domains table full of domains I'm authoritative
> for? Seems like an oversight to me. Feels like I'm editing bind
> backend files again. Just invites error. dnsdist doesn't need to
> maintain the connection. I'm assuming it reads in a list from the
> file at startup and keeps the table in memory for speed. I see no
> reason why it can't read the names from the database at startup, then
> disconnect from the dbserver. Hard coding txt files just invites
> mistakes and reminds me of 1996.
>
> I've never been able to get MySQL replication to operate reliably over
> a wide area network. I've tried several times with several different
> versions of MySQL and MariaDB. I'm certainly not going to try running
> cluster over a WAN. My DNS servers are geographically diverse. 1 is
> in FL and one in ME. My little script works better than anything else
> I've tried.
>
> Thanks for reading,
>
> Curtis
>
> On 8/5/19 10:12 AM, Stanford Mings wrote:
>> Hello All,
>>
>> Thanks for the feedback. The project that I am working on is for a
>> gTLD and I need to be able to have an Anycast provider do a zone
>> transfer of all the domains for the TLD. I am almost certain there
>> is a switch for it somewhere, I just don't know where.
>>
>>
>> Stanford T. Mings Jr. ~Technologist ~
>> stanford at tech.vi <mailto:stanford at tech.vi> ~ http://www.tech.vi
>> <http://www.tech.vi/> ~ 786-269-5718
>>
>> VI Technical Services, LLC ~ 9160 Estate Thomas ~
>> Suite 195 ~ St. Thomas, VI, 00802
>>
>>
>> On Mon, Aug 5, 2019 at 8:53 AM Matthias Cramer
>> <matthias.cramer at iway.ch <mailto:matthias.cramer at iway.ch>> wrote:
>>
>> If you transfer your zones this way, why do you not use mysql
>> replication or a cluster and use native zones?
>>
>> DNS-zonetransfer and notifies do not have any method for deleting
>> a zone as fas as I know.
>>
>> Regards
>>
>> Matthias
>>
>> On 05/08/2019 14:48, Curtis Maurand wrote:
>> > I scripted it. I can't rely on pdns replication. The
>> supermaster won't tell a slave to delete a zone for instance.
>> Adding a new zone may or may not happen properly or in a
>> > timely manner. Sometimes transfers just don't happen and even
>> if they do, the signed zones won't work until they're rectified.
>> Don't get me started on dnsdist. So to that end, I do:
>> >
>> >
>> >
>> > #!/bin/bash
>> > # getdns.sh
>> > mysqldump -u root -p<password> -h <my database host> --opt
>> --databases powerdns >/tmp/pdns.dump.sql
>> >
>> > mysql -u root -p<password> powerdns </tmp/pdns.dump.sql
>> > mysql -u root -p<password> powerdns </usr/local/bin/pdns.sql
>> > /usr/bin/pdnsutil rectify-all-zones
>> >
>> >
>> > pdns.sql contains.
>> >
>> > USE powerdns;
>> > UPDATE domains SET type = 'SLAVE';
>> > UPDATE domains SET master = '<my primary pdns host>';
>> >
>> >
>> >
>> > On 8/5/19 7:54 AM, frank+pdns--- via Pdns-users wrote:
>> >> Hi Thomas,
>> >>
>> >> A zone transfer will only include the contents of that
>> particular zone, so I am a bit confused by your question. Could
>> you rephrase it? (Or give an example how you would
>> >> configure this in a another nameserver?)
>> >>
>> >> Frank
>> >> Frank Louwers
>> >> PowerDNS Certified Consultant @ Kiwazo.be <http://Kiwazo.be>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>> On 5 Aug 2019, at 13:49, Stanford Mings <stanford at tech.vi
>> <mailto:stanford at tech.vi> <mailto:stanford at tech.vi
>> <mailto:stanford at tech.vi>>> wrote:
>> >>>
>> >>> Hello All,
>> >>>
>> >>> This is a newbie question, so forgive me.
>> >>>
>> >>> How do I configure PDNS to return all domains in a zone
>> transfer ?
>> >>>
>> >>> Stanford T. Mings Jr. ~Technologist ~
>> >>> stanford at tech.vi <mailto:stanford at tech.vi>
>> <mailto:stanford at tech.vi
>> <mailto:stanford at tech.vi>> ~ http://www.tech.vi
>> <http://www.tech.vi/> ~ 786-269-5718
>> >>>
>> >>> VI Technical Services, LLC ~ 9160 Estate Thomas ~
>> >>> Suite 195 ~ St. Thomas, VI, 00802
>> >>> _______________________________________________
>> >>> Pdns-users mailing list
>> >>> Pdns-users at mailman.powerdns.com
>> <mailto:Pdns-users at mailman.powerdns.com>
>> <mailto:Pdns-users at mailman.powerdns.com
>> <mailto:Pdns-users at mailman.powerdns.com>>
>> >>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>> >>
>> >> Frank Louwers
>> >> PowerDNS Certified Consultant @ Kiwazo.be <http://Kiwazo.be>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> Pdns-users mailing list
>> >> Pdns-users at mailman.powerdns.com
>> <mailto:Pdns-users at mailman.powerdns.com>
>> >> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>> >
>> > --
>> > Best Regards Curtis Maurand
>> > mailto:curtis at maurand.com <mailto:curtis at maurand.com>
>> >
>> > _______________________________________________
>> > Pdns-users mailing list
>> > Pdns-users at mailman.powerdns.com
>> <mailto:Pdns-users at mailman.powerdns.com>
>> > https://mailman.powerdns.com/mailman/listinfo/pdns-users
>> >
>>
>>
>> --
>> Matthias Cramer / mc322-ripe Senior Network & Security Engineer
>> iway AG Phone +41 43 500 1111
>> Badenerstrasse 569 Fax +41 44 271 3535
>> CH-8048 Zürich http://www.iway.ch/
>> GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C
>> 2D20 8250
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> <mailto:Pdns-users at mailman.powerdns.com>
>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>>
>>
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
> --
> Best Regards Curtis Maurand
> mailto:curtis at maurand.com
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
--
Matthias Cramer / mc322-ripe Senior Network & Security Engineer
iway AG Phone +41 43 500 1111
Badenerstrasse 569 Fax +41 44 271 3535
CH-8048 Zurich http://www.iway.ch/
GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190805/e7f7b8da/attachment.html>
More information about the Pdns-users
mailing list