[Pdns-users] Help with mydns backend

David Jones djones at ena.com
Sun Feb 10 14:43:25 UTC 2019 

FYI, there are many ways to transfer the data from one DNS auth server into pdns.  This method should work with any type of DNS master and is pretty simple to do without having to do direct database inserts that are tough to understand when first learning PowerDNS.  Later on when PowerDNS has been running for a while and one understands the database layout better, direct database updates are a very powerful/flexible way to manage the data along with using the PowerDNS API.

Note:  The pdns server will be a hidden DNS server temporarily until you are ready for step #8.

  1.  Setup your new PowerDNS Auth server as a superslave to the mydns supermaster server (add the master IP to the supermasters table and enable slave=yes in the pdns.conf).  Set master=yes in the pdns.conf as well to be ready for #8 below.
  2.  Set the pdns server hostname to match the mydns server or set the pdns.conf "server-id" to match the mydns server or one of the other NS records.  This will allow pdns to respond to the supermaster's NOTIFY and auto-provision the zone.  If the hostname or server-id doesn't match any of the NS records, the NOTIFY will be ignored.
  3.  Set the mydns server to also-notify the pdns server IP address.
  4.  Create a script to send a NOTIFY from the mydns server to all slaves or just the pdns server if that is an option.  This depends on the features/flexibility of the DNS server but it could be an update to the serial, add a dummy record then remove it, or any other way that DNS server supports sending a NOTIFY to slaves.  The pdns equivalent to this is:
pdns_control notify <domain>           (or)
pdns_control notify-host <domain> <host>
  5.  Watch the pdns logs while running the script from #4:
journalctl -fu pdns      (or)
tail -f /var/log/<pdns log file>
  6.  If all of the setup details are correct from #1-#3 above, you should have a fully populated pdns master.  If not, check the logs and adjust accordingly.  You may want to blast the pdns backend database and recreate each time until a good run fully populates all domains and records without errors.
  7.  Use https://github.com/joemiller/dns_compare to check pdns against the mydns server.
  8.  When ready to go live, swap the IPs to make the PDNS the active master, correct/remove the "server-id" in the pdns.conf, update the domains "type" from SLAVE to either MASTER or NATIVE depending on how you have slaves configured.
In a pure PowerDNS environment with database replication handling updates to slaves, this would be NATIVE.  If you have any traditional master/slaves using NOTIFY (including pdns slaves not using database replication), then this would be set to MASTER.  Note that this can be mixed per domain (obviously since this field in the database is per domain) but I wanted to point this out so the pdns master could also be a slave for some partner zones.  This is very powerful/flexible when you have hidden masters that manage some/most of the domains but you also want to be able to be a slave to other masters for other domains/zones.

Dave

________________________________
From: Pdns-users <pdns-users-bounces at mailman.powerdns.com> on behalf of Rob Campbell <rob.j.campbell at gmail.com>
Sent: Thursday, February 7, 2019 11:33 AM
To: pdns-users at mailman.powerdns.com
Subject: Re: [Pdns-users] Help with mydns backend

Thanks, at least I know it's not something silly I've done! I'd prefer to move to the generic database backend as well but the plan was to use the mydns backend to switch over quickly then migrate to the generic backend later. Maybe we'll have to skip the mydns backend and get our data migrated.

Thanks,
Rob.


On Thu, 7 Feb 2019 at 17:22, Vincent Hoffman-Kazlauskas <vince at unsane.co.uk<mailto:vince at unsane.co.uk>> wrote:
We've actually seen similar at work as we're currently running on
pdns-3.4.10 and want to move to a supported version. I haven't raised it
here as the decision was made to move to the gmysql backend, then
upgrade so we got the the extra features such as DNSSEC.

Sorry its not very helpful but I thought better a me too than silence.
I might be able to persuade them to test/provide data if needed, but no
promises.

Vince

On 07/02/2019 17:11, Rob Campbell wrote:
> Hi,
>
> I'm trying to switch from mydns-ng to powerdns 4.1.6 with the mydns
> backend. It seems to be working fine on my quietest nameserver but on a
> busy one it starts returning REFUSED to queries after a few minutes and
> I can't work out why as it's not logging any errors. I tried setting
> loglevel=6 and still didn't get anything logged. How can I get some logs
> showing why it's returning REFUSED?
> Seems like we ramp up to over 70 TCP connections quite quickly and we're
> fine at first but once we hit that many either the backend can't keep up
> or we're hitting some limit I've not found.
>
> Config is:
>
> launch=
> security-poll-suffix=
> server-id=
> include-dir=/etc/powerdns/pdns.d
> setgid=pdns
> setuid=pdns
> version-string=anonymous
> max-tcp-connections=1024
> receiver-threads=8
> reuseport=yes
> cache-ttl=60
> loglevel=6
> launch+=mydns
> mydns-soa-active=no
> mydns-rr-active=no
>
> Can anyone help me work out why it's refusing queries?
>
> Kind regards,
> Rob Campbell.
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com<mailto:Pdns-users at mailman.powerdns.com>
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
_______________________________________________
Pdns-users mailing list
Pdns-users at mailman.powerdns.com<mailto:Pdns-users at mailman.powerdns.com>
https://mailman.powerdns.com/mailman/listinfo/pdns-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190210/c0058015/attachment.html>

More information about the Pdns-users mailing list