[Pdns-users] Only REFUSED responses after upgrade.
Chris
pdns at cbserviceslondon.com
Wed May 29 04:50:54 UTC 2019
On 2019-05-28 22:04, Walter Parker wrote:
> On Tue, May 28, 2019 at 5:54 PM Chris <pdns at cbserviceslondon.com>
> wrote:
>
>> On 2019-05-28 15:23, bert hubert wrote:
>>> On Tue, May 28, 2019 at 03:06:33PM -0400, Chris wrote:
>>>> This DNS server has been running on Debian 7 Wheezy for years
>> without
>>>> issue.
>>>> Debian 7.11 packaged PowerDNS 2.9.22.
>>>
>>> Since 2.9.22 PowerDNS has changed a lot. Run pdnsutil check-zone
>> on
>>> your
>>> zones. You are likely missing SOA records, or have defective ones,
>>
>>> which
>>> makes modern PowerDNS conclude the whole zone isn't there, leading
>> to a
>>> 'Refused'.
>>>
>>> Good luck!
>>>
>>> Bert
>>
>> Hmmm. You're right. I get:
>>
>> [error] No SOA record present, or active, in zone 'remote.local'.
>>
>> I have an SOA record, but I obviously have something wrong with it.
>>
>> I'm using the PowerAdmin web interface, and in the hostmaster email
>> address it's replacing the @ with a .
>> Could that have something to do with it?
>>
>> Chris
>>
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
> Another thing to be aware of, if you move to version 4.1 or later,
> recursion was removed from PowerDNS. You will have to a separate
> server application to make non authoritative (recursive) DNS requests
> at that point.
>
> Walter
>
> --
> The greatest dangers to liberty lurk in insidious encroachment by men
> of zeal, well-meaning but without understanding. -- Justice Louis D.
> Brandeis
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
I got it working!
I did some Googling, looking for the proper syntax for a PowerDNS SOA
record, and in the process stumbled across the:
pdnsutil create-zone
command.
I figured since this zone had been made with PowerAdmin at some distant
point in the past, that probably the easiest way to fix it was to just
delete it and recreate it with the proper command.
This won't work for everyone, at least without a lot of work, but since
the script that updates my DNS from the OpenVPN status file also creates
DNS entries for anything that doesn't currently exist, all my host
records would be recreated simply by running the script.
So, I deleted it, recreated it, then went into the database and changed
the domain id to match what it used to be (the script is dependent on
the id), including the SOA and NS records that were during creation.
Ran the script, ran a host query, and got results!
Awesome!
I then tried to manually fix a second domain running on the same server
for similar purposes, by updating the SOA to match the one that now
worked.
pdnsutil check-zone
then told me I had no NS record, which was correct; I didn't.
Adding an NS didn't fix it, though. For this one, I was always getting
NXDOMAIN results, even for hosts I _knew_ were in the database, because
I was looking at them.
I think it's safe to say that more recent versions of PowerDNS are
_very_ picky about zone record configuration.
Deleting and recreating this zone in the same way also fixed it, though,
so all is up and running properly now.
Thanks for the assistance.
Chris
More information about the Pdns-users
mailing list