[Pdns-users] PDNS/BIND Configuration
Nico CARTRON
nicolas at ncartron.org
Mon Feb 18 07:38:53 UTC 2019
Hi Tshepo,
(please reply to the list, not only myself, as having the history is
useful e.g. for archives, but also as other people can then answer).
your configuration is kind of weird, as you have your PDNS Auth sending
notifies to the master - unless you want to use DNS updates to PDNS, and
send them back to Bind?
I don't think that's the case, given what you said earlier.
What would be interesting as well, would be to have logs for both Bind
and PDNS roughly at the same time, when Bind tries to notify PDNS.
Comments in-line below for the rest.
Cheers,
Nico
On 18-Feb-2019 07:17 CET, <hyacinthmsimango at gmail.com> wrote:
> Hi Nico
>
> That would not be a problem, please see the below for pdns(slave) & bind
> (master)
>
> PDNS CONF:
>
> allow-axfr-ips=10.200.1.12
>
> allow-dnsupdate-from=10.200.1.12
not sure this is needed, since you're already doing XFR from this Bind
server.
> allow-notify-from=10.200.1.12
>
> allow-unsigned-notify=yes
>
> allow-unsigned-supermaster=yes
>
> also-notify=10.200.1.12
see my remark above - do you really want your PDNS server to notify your
Bind?
> api=yes
>
> api-key=changeme
>
> config-dir=/etc/pdns
>
> disable-axfr=no
>
> disable-tcp=yes
>
> distributor-threads=10
>
> dnsupdate=yes
>
> forward-dnsupdate=yes
>
> forward-notify=10.200.1.12
same remark as above.
> local-address=0.0.0.0
Please see
https://doc.powerdns.com/authoritative/settings.html#local-address
it is advised to bind to specific IP addresses - in your case,
10.200.1.12
> local-port=53
>
> log-dns-details=yes
>
> log-dns-queries=yes
>
> log-timestamp=yes
>
> logging-facility=0
>
> loglevel=5
>
> master=yes
Not sure you need that, since your PDNS will be slave.
> module-dir=/usr/lib64/pdns
>
> non-local-bind=yes
>
> only-notify=10.1.200.12/23,::/0
same remark as above re notifies, and also the IP address is wrong.
> query-cache-ttl=60
>
> query-local-address=10.1.200.13
The IP address is wrong - I guess this should be 10.200.1.13?
> query-logging=yes
>
>
> security-poll-suffix=secpoll.powerdns.com.
>
>
> setgid=pdns
>
> setuid=pdns
>
> slave=yes
>
> version-string=full
>
> webserver=bserver-address=10.200.1.13
>
> webserver-allow-from=0.0.0.0/0,::/0
>
> webserver-port=8081
>
> launch=gmysql
> gmysql-host=10.200.1.11
> gmysql-port=3306
> gmysql-user=ns1
> gmysql-dbname=pdns_vox
> gmysql-password=ohplease
>
>
> BIND CONF:
>
> options {
> listen-on port 53 { 127.0.0.1;10.200.1.13;any;};
> // listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> recursing-file "/var/named/data/named.recursing";
> secroots-file "/var/named/data/named.secroots";
> allow-query {localhost;10.200.1.12;10.200.1.13;};
> allow-update-forwarding {10.200.1.13;};
> };
>
> */
> recursion no;
>
> dnssec-enable no;
> dnssec-validation no;
>
> /* Path to ISC DLV key */
> bindkeys-file "/etc/named.iscdlv.key";
>
> managed-keys-directory "/var/named/dynamic";
>
> pid-file "/run/named/named.pid";
> session-keyfile "/run/named/session.key";
> };
>
>
> logging {
> channel default_debug {
> file "data/named.run";
> severity dynamic;
> };
> };
>
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> zone "test123.co.za" IN {
> type master;
> file "named.bind-master.zones";
> also-notify {10.200.1.13;};
if your PDNS is slave, it should be listed as NS in your zone, and
therefore you wouldn't need this also-notify statement.
> allow-transfer {10.200.1.13;};
> };
>
> zone "www.voxcloud.co.za" IN {
> type master;
> file "named.bind-rec.zones";
> also-notify {10.200.1.13;};
same remark as for the test123.co.za zone.
> allow-transfer {10.200.1.13;};
> };
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
>
>
>
> ZONE FILE FOR BIND:
>
> $TTL 3600
> @ IN SOA test123.co.za. tshepo.msimango.voxtelecom.co.za. (
>
> 2019020714 ; Serial
> 3600 ; Refresh
> 1800 ; Retry
> 604800 ; Expire
> 3600 ) ; TTL
>
>
>
> ;nameserver -NS records
> @ IN NS ns1
> @ IN A 10.200.3.1
> ns1 IN A 10.200.1.12 ;If you want to assign a server
> to your domain
you should add an entry for ns2 (PDNS) here, so that Bind sends notifies
to PDNS when a change occurs, and then PDNS can XFR the zone.
>
>
> ~
> ~
>
>
> On Fri, 15 Feb 2019, 16:14 Nico CARTRON <nicolas at ncartron.org wrote:
>
> > Hi Tshepo,
> >
> > On 15-Feb-2019 14:50 CET, <hyacinthmsimango at gmail.com> wrote:
> >
> > > Hi Brian
> > >
> > > For PDNS (Slave) i'm using MariaDB and for BIND it's just BIND Flat
> > files,i
> > > think my configuration is wrong.
> >
> > sending your Bind and PowerDNS configuration on this list would be
> > indeed helpful - can you do that?
> >
> > Cheers,
> >
> > --
> > Nico
> >
> >
> > > On Fri, Feb 15, 2019 at 11:06 AM Brian Candler <b.candler at pobox.com>
> > wrote:
> > >
> > > > On 15/02/2019 06:44, TSHEPO MSIMANGO wrote:
> > > >
> > > > PDNS LOGS:
> > > >
> > > >
> > > >
> > > > *Feb 13 11:13:16 pdns-slave pdns_server: Error trying to resolve
> > > > '10.200.1.12:0
> > > > <
> > https://protect-za.mimecast.com/s/0N2hCQ1X9NHopOq7IOwZUT?domain=10.200.1.12
> > >'
> > > > for notifying 'test123.co.za
> > > > <
> > https://protect-za.mimecast.com/s/oMJkCRgX3MH51ElNcEijaK?domain=test123.co.za
> > >'
> > > > to server: Unable to send notify to 10.200.1.12:53
> > > > <
> > https://protect-za.mimecast.com/s/nDKCCVmW35sg63KMTNoQ3S?domain=10.200.1.12
> > >
> > > > Invalid argument*
> > > >
> > > > Maybe you have some invalidation configuration for the zone. Which
> > > > backend are you using? How did you configure the slave zone?
> > > >
> > >
> > >
> > > --
> > > Kind Regards
> > > Tshepo Hyacinth Msimango
> >
> > > _______________________________________________
> > > Pdns-users mailing list
> > > Pdns-users at mailman.powerdns.com
> > > https://mailman.powerdns.com/mailman/listinfo/pdns-users
> >
> >
More information about the Pdns-users
mailing list