[Pdns-users] PDNS/BIND Configuration

TSHEPO MSIMANGO hyacinthmsimango at gmail.com
Mon Feb 18 10:14:40 UTC 2019 

 see my remark above - do you really want your PDNS server to notify your
Bind?

The reason why we want PDNS(slave) to update BIND is that it has a GUI and
we will be making use of it to update records to BIND

So what we require is to update Bind from PDNS,i take it the confusion
comes where im also updating PDNS from BIND?

On Mon, Feb 18, 2019 at 9:39 AM Nico CARTRON <nicolas at ncartron.org> wrote:

> Hi Tshepo,
>
> (please reply to the list, not only myself, as having the history is
> useful e.g. for archives, but also as other people can then answer).
>
> your configuration is kind of weird, as you have your PDNS Auth sending
> notifies to the master - unless you want to use DNS updates to PDNS, and
> send them back to Bind?
> I don't think that's the case, given what you said earlier.
>
> What would be interesting as well, would be to have logs for both Bind
> and PDNS roughly at the same time, when Bind tries to notify PDNS.
>
> Comments in-line below for the rest.
>
> Cheers,
> Nico
>
> On 18-Feb-2019 07:17 CET, <hyacinthmsimango at gmail.com> wrote:
>
> > Hi Nico
> >
> > That would not be a problem, please see the below for pdns(slave) & bind
> > (master)
> >
> > PDNS CONF:
> >
> > allow-axfr-ips=10.200.1.12
> >
> > allow-dnsupdate-from=10.200.1.12
>
> not sure this is needed, since you're already doing XFR from this Bind
> server.
>
> > allow-notify-from=10.200.1.12
> >
> > allow-unsigned-notify=yes
> >
> > allow-unsigned-supermaster=yes
> >
> > also-notify=10.200.1.12
>
> see my remark above - do you really want your PDNS server to notify your
> Bind?
>
> > api=yes
> >
> > api-key=changeme
> >
> >  config-dir=/etc/pdns
> >
> > disable-axfr=no
> >
> >  disable-tcp=yes
> >
> > distributor-threads=10
> >
> > dnsupdate=yes
> >
> > forward-dnsupdate=yes
> >
> > forward-notify=10.200.1.12
>
> same remark as above.
>
> > local-address=0.0.0.0
>
> Please see
> https://doc.powerdns.com/authoritative/settings.html#local-address
> it is advised to bind to specific IP addresses - in your case,
> 10.200.1.12
>
> > local-port=53
> >
> > log-dns-details=yes
> >
> > log-dns-queries=yes
> >
> > log-timestamp=yes
> >
> > logging-facility=0
> >
> > loglevel=5
> >
> >  master=yes
>
> Not sure you need that, since your PDNS will be slave.
>
> > module-dir=/usr/lib64/pdns
> >
> > non-local-bind=yes
> >
> > only-notify=10.1.200.12/23,::/0
>
> same remark as above re notifies, and also the IP address is wrong.
>
> > query-cache-ttl=60
> >
> > query-local-address=10.1.200.13
>
> The IP address is wrong - I guess this should be 10.200.1.13?
>
> > query-logging=yes
> >
> >
> > security-poll-suffix=secpoll.powerdns.com.
> >
> >
> > setgid=pdns
> >
> > setuid=pdns
> >
> >  slave=yes
> >
> >  version-string=full
> >
> > webserver=bserver-address=10.200.1.13
> >
> > webserver-allow-from=0.0.0.0/0,::/0
> >
> > webserver-port=8081
> >
> > launch=gmysql
> > gmysql-host=10.200.1.11
> > gmysql-port=3306
> > gmysql-user=ns1
> > gmysql-dbname=pdns_vox
> > gmysql-password=ohplease
> >
> >
> > BIND CONF:
> >
> > options {
> >         listen-on port 53 { 127.0.0.1;10.200.1.13;any;};
> > //      listen-on-v6 port 53 { ::1; };
> >         directory       "/var/named";
> >         dump-file       "/var/named/data/cache_dump.db";
> >         statistics-file "/var/named/data/named_stats.txt";
> >         memstatistics-file "/var/named/data/named_mem_stats.txt";
> >         recursing-file  "/var/named/data/named.recursing";
> >         secroots-file   "/var/named/data/named.secroots";
> >         allow-query     {localhost;10.200.1.12;10.200.1.13;};
> >         allow-update-forwarding  {10.200.1.13;};
> > };
> >
> >    */
> >         recursion no;
> >
> >         dnssec-enable no;
> >         dnssec-validation no;
> >
> >         /* Path to ISC DLV key */
> >         bindkeys-file "/etc/named.iscdlv.key";
> >
> >         managed-keys-directory "/var/named/dynamic";
> >
> >         pid-file "/run/named/named.pid";
> >         session-keyfile "/run/named/session.key";
> > };
> >
> >
> > logging {
> >         channel default_debug {
> >                 file "data/named.run";
> >                 severity dynamic;
> >         };
> > };
> >
> > zone "." IN {
> >         type hint;
> >         file "named.ca";
> > };
> >
> > zone "test123.co.za" IN {
> >     type master;
> >     file "named.bind-master.zones";
> >     also-notify {10.200.1.13;};
>
> if your PDNS is slave, it should be listed as NS in your zone, and
> therefore you wouldn't need this also-notify statement.
>
> >     allow-transfer {10.200.1.13;};
> > };
> >
> > zone "www.voxcloud.co.za" IN {
> >         type master;
> >         file "named.bind-rec.zones";
> >         also-notify {10.200.1.13;};
>
> same remark as for the test123.co.za zone.
>
> >         allow-transfer {10.200.1.13;};
> > };
> > include "/etc/named.rfc1912.zones";
> > include "/etc/named.root.key";
> >
> >
> >
> > ZONE FILE FOR BIND:
> >
> > $TTL    3600
> > @          IN SOA  test123.co.za. tshepo.msimango.voxtelecom.co.za. (
> >
> >                             2019020714 ; Serial
> >                             3600       ; Refresh
> >                             1800       ; Retry
> >                             604800    ; Expire
> >                             3600 )     ; TTL
> >
> >
> >
> > ;nameserver -NS records
> > @                                IN   NS      ns1
> > @                                IN   A       10.200.3.1
> > ns1                IN   A       10.200.1.12 ;If you want to assign a
> server
> > to your domain
>
> you should add an entry for ns2 (PDNS) here, so that Bind sends notifies
> to PDNS when a change occurs, and then PDNS can XFR the zone.
>
> >
> >
> > ~
> > ~
> >
> >
> > On Fri, 15 Feb 2019, 16:14 Nico CARTRON <nicolas at ncartron.org wrote:
> >
> > > Hi Tshepo,
> > >
> > > On 15-Feb-2019 14:50 CET, <hyacinthmsimango at gmail.com> wrote:
> > >
> > > > Hi Brian
> > > >
> > > > For PDNS (Slave) i'm using MariaDB and for BIND it's just BIND Flat
> > > files,i
> > > > think my configuration is wrong.
> > >
> > > sending your Bind and PowerDNS configuration on this list would be
> > > indeed helpful - can you do that?
> > >
> > > Cheers,
> > >
> > > --
> > > Nico
> > >
> > >
> > > > On Fri, Feb 15, 2019 at 11:06 AM Brian Candler <b.candler at pobox.com>
> > > wrote:
> > > >
> > > > > On 15/02/2019 06:44, TSHEPO MSIMANGO wrote:
> > > > >
> > > > > PDNS LOGS:
> > > > >
> > > > >
> > > > >
> > > > > *Feb 13 11:13:16 pdns-slave pdns_server: Error trying to resolve
> > > > > '10.200.1.12:0
> > > > > <
> > >
> https://protect-za.mimecast.com/s/0N2hCQ1X9NHopOq7IOwZUT?domain=10.200.1.12
> > > >'
> > > > > for notifying 'test123.co.za
> > > > > <
> > >
> https://protect-za.mimecast.com/s/oMJkCRgX3MH51ElNcEijaK?domain=test123.co.za
> > > >'
> > > > > to server: Unable to send notify to 10.200.1.12:53
> > > > > <
> > >
> https://protect-za.mimecast.com/s/nDKCCVmW35sg63KMTNoQ3S?domain=10.200.1.12
> > > >
> > > > > Invalid argument*
> > > > >
> > > > > Maybe you have some invalidation configuration for the zone.  Which
> > > > > backend are you using?  How did you configure the slave zone?
> > > > >
> > > >
> > > >
> > > > --
> > > > Kind Regards
> > > > Tshepo Hyacinth Msimango
> > >
> > > > _______________________________________________
> > > > Pdns-users mailing list
> > > > Pdns-users at mailman.powerdns.com
> > > > https://mailman.powerdns.com/mailman/listinfo/pdns-users
> > >
> > >
>
>

-- 
Kind Regards
Tshepo Hyacinth Msimango
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190218/d71045e6/attachment-0001.html>

More information about the Pdns-users mailing list