[Pdns-users] Zone Transfers

frank+pdns at tembo.be frank+pdns at tembo.be
Mon Aug 5 19:52:41 UTC 2019


Hi,

So to get this right, you need to be able to have a secondary (the anycast provider) be able to AXFR all the individual domains, right? To configure that, you’d first setup all the domains as MASTER domains (as opposed to SLAVE or NATIVE), and set these settings in the config file: (replace 10.10.10.10/32 with the IP addresses your provider will give you). 

allow-axfr-ips=10.10.10.10/32
master=yes

Also, be sure to read https://docs.powerdns.com/authoritative/modes-of-operation.html#master-operation <https://docs.powerdns.com/authoritative/modes-of-operation.html#master-operation> regarding the master operation.


Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be <http://kiwazo.be/>


> On 5 Aug 2019, at 16:12, Stanford Mings <stanford at tech.vi <mailto:stanford at tech.vi>> wrote:
> 
> Hello All,
> 
> Thanks for the feedback. The project that I am working on is for a gTLD and I need to be able to have an Anycast provider do a zone transfer of all the domains for the TLD.   I am almost certain there is a switch for it somewhere, I just don't know where.
> 
> 
> Stanford T. Mings Jr. ~Technologist  ~ 
> stanford at tech.vi <mailto:stanford at tech.vi> ~ http://www.tech.vi <http://www.tech.vi/> ~ 786-269-5718
> 
> VI Technical Services, LLC ~ 9160 Estate Thomas ~ 
> Suite 195 ~ St. Thomas, VI, 00802
> 
> 
> On Mon, Aug 5, 2019 at 8:53 AM Matthias Cramer <matthias.cramer at iway.ch <mailto:matthias.cramer at iway.ch>> wrote:
> If you transfer your zones this way, why do you not use mysql replication or a cluster and use native zones?
> 
> DNS-zonetransfer and notifies do not have any method for deleting a zone as fas as I know.
> 
> Regards
> 
>   Matthias
> 
> On 05/08/2019 14:48, Curtis Maurand wrote:
> > I scripted it.  I can't rely on pdns replication.  The supermaster won't tell a slave to delete a zone for instance.  Adding a new zone may or may not happen properly or in a
> > timely manner.  Sometimes transfers just don't happen and even if they do, the signed zones won't work until they're rectified. Don't get me started on dnsdist.  So to that end, I do:
> > 
> > 
> > 
> > #!/bin/bash
> > # getdns.sh
> > mysqldump -u root -p<password> -h <my database host> --opt --databases powerdns >/tmp/pdns.dump.sql
> > 
> > mysql -u root -p<password> powerdns </tmp/pdns.dump.sql
> > mysql -u root -p<password> powerdns </usr/local/bin/pdns.sql
> > /usr/bin/pdnsutil rectify-all-zones
> > 
> > 
> > pdns.sql contains.
> > 
> > USE powerdns;
> > UPDATE domains SET type = 'SLAVE';
> > UPDATE domains SET master = '<my primary pdns host>';
> > 
> > 
> > 
> > On 8/5/19 7:54 AM, frank+pdns--- via Pdns-users wrote:
> >> Hi Thomas,
> >>
> >> A zone transfer will only include the contents of that particular zone, so I am a bit confused by your question. Could you rephrase it? (Or give an example how you would
> >> configure this in a another nameserver?)
> >>
> >> Frank
> >> Frank Louwers
> >> PowerDNS Certified Consultant @ Kiwazo.be <http://kiwazo.be/> <http://Kiwazo.be <http://kiwazo.be/>>
> >>
> >>
> >>
> >>
> >>
> >>> On 5 Aug 2019, at 13:49, Stanford Mings <stanford at tech.vi <mailto:stanford at tech.vi> <mailto:stanford at tech.vi <mailto:stanford at tech.vi>>> wrote:
> >>>
> >>> Hello All,
> >>>
> >>> This is a newbie question, so forgive me.
> >>>
> >>> How do I configure PDNS to return all domains in a zone transfer ?
> >>>
> >>> Stanford T. Mings Jr. ~Technologist  ~ 
> >>> stanford at tech.vi <mailto:stanford at tech.vi> <mailto:stanford at tech.vi <mailto:stanford at tech.vi>> ~ http://www.tech.vi <http://www.tech.vi/> <http://www.tech.vi/ <http://www.tech.vi/>> ~ 786-269-5718
> >>>
> >>> VI Technical Services, LLC ~ 9160 Estate Thomas ~ 
> >>> Suite 195 ~ St. Thomas, VI, 00802
> >>> _______________________________________________
> >>> Pdns-users mailing list
> >>> Pdns-users at mailman.powerdns.com <mailto:Pdns-users at mailman.powerdns.com> <mailto:Pdns-users at mailman.powerdns.com <mailto:Pdns-users at mailman.powerdns.com>>
> >>> https://mailman.powerdns.com/mailman/listinfo/pdns-users <https://mailman.powerdns.com/mailman/listinfo/pdns-users>
> >>
> >> Frank Louwers
> >> PowerDNS Certified Consultant @ Kiwazo.be <http://kiwazo.be/> <http://Kiwazo.be <http://kiwazo.be/>>
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Pdns-users mailing list
> >> Pdns-users at mailman.powerdns.com <mailto:Pdns-users at mailman.powerdns.com>
> >> https://mailman.powerdns.com/mailman/listinfo/pdns-users <https://mailman.powerdns.com/mailman/listinfo/pdns-users>
> > 
> > -- 
> > Best Regards Curtis Maurand
> > mailto:curtis at maurand.com <mailto:curtis at maurand.com>
> > 
> > _______________________________________________
> > Pdns-users mailing list
> > Pdns-users at mailman.powerdns.com <mailto:Pdns-users at mailman.powerdns.com>
> > https://mailman.powerdns.com/mailman/listinfo/pdns-users <https://mailman.powerdns.com/mailman/listinfo/pdns-users>
> > 
> 
> 
> -- 
> Matthias Cramer / mc322-ripe   Senior Network & Security Engineer
> iway AG                        Phone +41 43 500 1111
> Badenerstrasse 569             Fax   +41 44 271 3535
> CH-8048 Zürich                 http://www.iway.ch/ <http://www.iway.ch/>
> GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E  3959 B62F DF1C 2D20 8250
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com <mailto:Pdns-users at mailman.powerdns.com>
> https://mailman.powerdns.com/mailman/listinfo/pdns-users <https://mailman.powerdns.com/mailman/listinfo/pdns-users>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com <mailto:Pdns-users at mailman.powerdns.com>
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190805/6c9cc2bf/attachment-0001.html>


More information about the Pdns-users mailing list