[Pdns-users] dynamic-updates / NOTIFY-DNSUPDATE not taking effect

David Jones djones at ena.com
Sun Jan 6 12:40:05 UTC 2019 

On 1/5/19 10:19 PM, mike wrote:
> Hello,
> 
> 
>      I am configuring dynamic updates on my (hidden) master server, and
> having trouble getting it to automatically notify the slaves on a change
> to the zone.
> 
>      My master server is running pdns 4.1.5 on Ubuntu 18 (bionic) with
> gmysql backend and I have it configured for dynamic updates. This is
> working great and I can clearly see the updated records hit the zone
> database and the zone serial number is correctly incremented. However,
> the slaves are never sent a notify. I have metadata set thusly:
> 
> pdnsutil get-meta <somedomain>
> Jan 05 20:12:13 Reading random entropy from '/dev/urandom'
> Jan 05 20:12:13 gmysql Connection successful. Connected to database
> 'powerdns' on 'preferred-local-db'.
> Jan 05 20:12:13 gmysql Connection successful. Connected to database
> 'powerdns' on 'preferred-local-db'.
> Metadata for '<somedomain>'
> 
> ALLOW-DNSUPDATE-FROM = <ipv4>/mask, <ipv6>/mask
> 
> NOTIFY-DNSUPDATE = 1
> SOA-EDIT-DNSUPDATE = increase
> TSIG-ALLOW-DNSUPDATE = <tsig key name>
> 
> 
>      I am expecting the server, based on the presence of the
> 'NOTIFY-DNSUPDATE' metadata, to automatically issue the notify, but it
> does not. I am able to issue a manual notify for the domain and that
> immediately works:
> 
> pdns_control notify <somedomain>
> Added to queue
> 
>      And in the logs of course I can see the slaves did axfr the updated
> zone after this.
> 
> 
>      I'm stumped. Can anyone suggest what I might be doing wrong?
> 
> 
> Thank you.
> 
> Mike-
> 

On both of my hidden masters, I have:

master=yes
slave=yes
also-notify=96.4.0.36,96.5.0.36
allow-axfr-ips=127.0.0.0/8,::1,96.4.0.36,96.5.0.36,2610:128:1200:ad::36,2610:128:2100:ad::36

On my public masters, I have:

master=no
slave=yes
allow-notify-from=96.4.0.37,96.5.0.37,2610:128:1200:ad::37,2610:128:2100:ad::37

Try setting loglevel=5, systemctl restart pdns, then:

journalctl -fu pdns

In another window update a zone by changing a TTL or something and your 
logs should show something like:

pdnsutil edit-zone in.ena.net

Jan 06 05:06:03 pdns01 pdns_server[26930]: Queued notification of domain 
'in.ena.net' to [2610:128:2100:ad::36]:53
Jan 06 05:06:03 pdns01 pdns_server[26930]: Queued also-notification of 
domain 'in.ena.net' to 96.4.0.36:53
Jan 06 05:06:03 pdns01 pdns_server[26930]: Queued also-notification of 
domain 'in.ena.net' to 96.5.0.36:53
Jan 06 05:06:04 pdns01 pdns_server[26930]: Removed from notification 
list: 'in.ena.net' to 96.4.0.36:53 (was acknowledged)
Jan 06 05:06:04 pdns01 pdns_server[26930]: Removed from notification 
list: 'in.ena.net' to [2610:128:1200:ad::36]:53 (was acknowledged)

Note that if you have IPv6 enabled on your servers, some of the 
communications will happen over IPv6 even if you only notify via IPv4. 
This means you need to have IPv6 enabled on all of your pdns servers so 
keep that in mind.

-- 
David Jones

More information about the Pdns-users mailing list