[Pdns-users] Zone Transfers

frank+pdns at tembo.be frank+pdns at tembo.be
Mon Aug 5 20:05:33 UTC 2019

Hi Curtis,

> Supermaster doesn't look to be part of the RFC, so why can't it send deletions?  It's already doing it for individual records.

Well no. Supermaster isn’t part of “the” (let’s not get started about the dns-camel here) RFC, but it’s not changing anything either: Supermaster is a way to describe what happens when a slave receives a (completely standard and rfc-compliant) NOTIFY message for a domain name it doesn’t know anything about. So “Supermaster” is just plain old NOTIFY messages, nothing “out of rfc” here. Note that you can use the pdns “supermaster functionality” to slave from any pdns authorative software that supports NOTIFY and AXFR. 

The problem is that there’s no way to signal the deletion of a domain.

If the pdns community wants to add that, they’d need to define something truely “outside of the rfc”: either by using a modification of the DNS protocol (brr) or something out of band. Which PowerDNS has: it has supported the “native” (as in: db replication or rsync method) for ages, and the API for a good number of years now.

> It's like dnsdist not getting a list of authoritative domains from the db server that pdns talks to at startup and having to hard code them into a file.  I thought powerdns was developed to take advantage of the database server.  Why am I hard coding txt files when I have this lovely database with a domains table full of domains I'm authoritative for?  Seems like an oversight to me.  Feels like I'm editing bind backend files again.  Just invites error.  dnsdist doesn't need to maintain the connection.  I'm assuming it reads in a list from the file at startup and keeps the table in memory for speed.  I see no reason why it can't read the names from the database at startup, then disconnect from the dbserver.  Hard coding txt files just invites mistakes and reminds me of 1996.

I am not sure what you are referring to, or why in your use-case you’d want to do that (it could be easier to check for the RD bit, or set up something like Scenario 2: Authoritative Server as Recursor for clients and serving public domains <https://doc.powerdns.com/authoritative/guides/recursion.html#scenario-2-authoritative-server-as-recursor-for-clients-and-serving-public-domains>, but again: no idea what your use-case is). Feel free to create a new topic (on the correct ML) to describe what you want to do and why, and we’ll see what the best solution is. But the point is that this is not helping the topic starter.

> I've never been able to get MySQL replication to operate reliably over a wide area network.  I've tried several times with several different versions of MySQL and MariaDB.  I'm certainly not going to try running cluster over a WAN.  My DNS servers are geographically diverse.  1 is in FL and one in ME.  My little script works better than anything else I've tried. 

Again no idea what FL and ME mean to you, but I have run pdns auth servers across OpenVPN tunnels across multiple continents using both MySQL and PostgreSQL replication. Note that the skills to setup a database replication setup, are quite different than the ones to setup a DNS server. Most of the good database administrators I know, are not DNS experts. A lot of DNS experts I know, are certainly not database replication experts… (I happen to know a tiny bit about both, which is why I love my job)

Kind Regards,

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be <http://kiwazo.be/>

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190805/7fca371f/attachment.html>

More information about the Pdns-users mailing list