[Pdns-users] Master/Slaves in docker containers

Christian Tardif christian.tardif at servinfo.ca
Wed May 29 16:42:47 UTC 2019 

TCPDUMP for a dig:   (request was dig @192.168.213.12 SOA 
int.servinfo.stba

16:33:52.289317  In f8:32:e4:8a:b7:b5 ethertype 802.1Q (0x8100), length 
106: vlan 213, p 0, ethertype IPv4, 192.168.213.11.33053 > 
192.168.213.12.53: 64585+ [1au] SOA? int.servinfo.stba. (58)
16:33:52.289317  In f8:32:e4:8a:b7:b5 ethertype 802.1Q (0x8100), length 
106: vlan 213, p 0, ethertype IPv4, 192.168.213.11.33053 > 
192.168.213.12.53: 64585+ [1au] SOA? int.servinfo.stba. (58)
16:33:52.289317  In f8:32:e4:8a:b7:b5 ethertype IPv4 (0x0800), length 
102: 192.168.213.11.33053 > 192.168.213.12.53: 64585+ [1au] SOA? 
int.servinfo.stba. (58)
16:33:52.289371 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
102: 172.17.0.1.1038 > 172.17.0.3.53: 64585+ [1au] SOA? 
int.servinfo.stba. (58)
16:33:52.289376 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
102: 172.17.0.1.1038 > 172.17.0.3.53: 64585+ [1au] SOA? 
int.servinfo.stba. (58)
16:33:52.291796   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
90: 172.17.0.3.53 > 172.17.0.1.1038: 64585 Refused- 0/0/1 (46)
16:33:52.291796  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
90: 172.17.0.3.53 > 192.168.213.11.33053: 64585 Refused- 0/0/1 (46)
16:33:52.291819 Out f8:32:e4:8a:b7:b7 ethertype IPv4 (0x0800), length 
90: 192.168.213.12.53 > 192.168.213.11.33053: 64585 Refused- 0/0/1 (46)
16:33:52.291821 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
94: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.33053: 64585 Refused- 0/0/1 (46)
16:33:52.291824 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
94: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.33053: 64585 Refused- 0/0/1 (46)

The refused is not so surprising right now, as the slave can't reach the 
master to get what it needs to serve...


TCPDUMP on notify:


16:41:39.112723  In f8:32:e4:8a:b7:b5 ethertype 802.1Q (0x8100), length 
83: vlan 213, p 0, ethertype IPv4, 192.168.213.11.11940 > 
192.168.213.12.53: 48109 notify [b2&3=0x2400] SOA? int.servinfo.stba. 
(35)
16:41:39.112723  In f8:32:e4:8a:b7:b5 ethertype 802.1Q (0x8100), length 
83: vlan 213, p 0, ethertype IPv4, 192.168.213.11.11940 > 
192.168.213.12.53: 48109 notify [b2&3=0x2400] SOA? int.servinfo.stba. 
(35)
16:41:39.112723  In f8:32:e4:8a:b7:b5 ethertype IPv4 (0x0800), length 
79: 192.168.213.11.11940 > 192.168.213.12.53: 48109 notify [b2&3=0x2400] 
SOA? int.servinfo.stba. (35)
16:41:39.112806 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
79: 172.17.0.1.17296 > 172.17.0.3.53: 48109 notify [b2&3=0x2400] SOA? 
int.servinfo.stba. (35)
16:41:39.112814 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
79: 172.17.0.1.17296 > 172.17.0.3.53: 48109 notify [b2&3=0x2400] SOA? 
int.servinfo.stba. (35)
16:41:39.113607  In f8:32:e4:8a:b7:b5 ethertype 802.1Q (0x8100), length 
90: vlan 213, p 0, ethertype IPv4, 192.168.213.11.11940 > 
192.168.213.12.53: 24291 notify [b2&3=0x2400] SOA? 
101.168.192.in-addr.arpa. (42)
16:41:39.113607  In f8:32:e4:8a:b7:b5 ethertype 802.1Q (0x8100), length 
90: vlan 213, p 0, ethertype IPv4, 192.168.213.11.11940 > 
192.168.213.12.53: 24291 notify [b2&3=0x2400] SOA? 
101.168.192.in-addr.arpa. (42)
16:41:39.113607  In f8:32:e4:8a:b7:b5 ethertype IPv4 (0x0800), length 
86: 192.168.213.11.11940 > 192.168.213.12.53: 24291 notify [b2&3=0x2400] 
SOA? 101.168.192.in-addr.arpa. (42)
16:41:39.113650 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
86: 172.17.0.1.17296 > 172.17.0.3.53: 24291 notify [b2&3=0x2400] SOA? 
101.168.192.in-addr.arpa. (42)
16:41:39.113663 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
86: 172.17.0.1.17296 > 172.17.0.3.53: 24291 notify [b2&3=0x2400] SOA? 
101.168.192.in-addr.arpa. (42)
16:41:39.114474  In f8:32:e4:8a:b7:b5 ethertype 802.1Q (0x8100), length 
90: vlan 213, p 0, ethertype IPv4, 192.168.213.11.11940 > 
192.168.213.12.53: 45118 notify [b2&3=0x2400] SOA? 
213.168.192.in-addr.arpa. (42)
16:41:39.114474  In f8:32:e4:8a:b7:b5 ethertype 802.1Q (0x8100), length 
90: vlan 213, p 0, ethertype IPv4, 192.168.213.11.11940 > 
192.168.213.12.53: 45118 notify [b2&3=0x2400] SOA? 
213.168.192.in-addr.arpa. (42)
16:41:39.114474  In f8:32:e4:8a:b7:b5 ethertype IPv4 (0x0800), length 
86: 192.168.213.11.11940 > 192.168.213.12.53: 45118 notify [b2&3=0x2400] 
SOA? 213.168.192.in-addr.arpa. (42)
16:41:39.114520 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
86: 172.17.0.1.17296 > 172.17.0.3.53: 45118 notify [b2&3=0x2400] SOA? 
213.168.192.in-addr.arpa. (42)
16:41:39.114528 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
86: 172.17.0.1.17296 > 172.17.0.3.53: 45118 notify [b2&3=0x2400] SOA? 
213.168.192.in-addr.arpa. (42)
16:41:39.115685   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.53 > 172.17.0.1.17296: 45118 notify*- 0/0/0 (42)
16:41:39.115685  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.53 > 192.168.213.11.11940: 45118 notify*- 0/0/0 (42)
16:41:39.115718 Out f8:32:e4:8a:b7:b7 ethertype IPv4 (0x0800), length 
86: 192.168.213.12.53 > 192.168.213.11.11940: 45118 notify*- 0/0/0 (42)
16:41:39.115721 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
90: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.11940: 45118 notify*- 0/0/0 (42)
16:41:39.115726 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
90: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.11940: 45118 notify*- 0/0/0 (42)
16:41:39.115917   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
79: 172.17.0.3.53 > 172.17.0.1.17296: 48109 notify*- 0/0/0 (35)
16:41:39.115917  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
79: 172.17.0.3.53 > 192.168.213.11.11940: 48109 notify*- 0/0/0 (35)
16:41:39.115941 Out f8:32:e4:8a:b7:b7 ethertype IPv4 (0x0800), length 
79: 192.168.213.12.53 > 192.168.213.11.11940: 48109 notify*- 0/0/0 (35)
16:41:39.115944 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
83: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.11940: 48109 notify*- 0/0/0 (35)
16:41:39.115948 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
83: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.11940: 48109 notify*- 0/0/0 (35)
16:41:39.116831   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.53 > 172.17.0.1.17296: 24291 notify*- 0/0/0 (42)
16:41:39.116831  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.53 > 192.168.213.11.11940: 24291 notify*- 0/0/0 (42)
16:41:39.116858 Out f8:32:e4:8a:b7:b7 ethertype IPv4 (0x0800), length 
86: 192.168.213.12.53 > 192.168.213.11.11940: 24291 notify*- 0/0/0 (42)
16:41:39.116861 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
90: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.11940: 24291 notify*- 0/0/0 (42)
16:41:39.116864 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
90: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.11940: 24291 notify*- 0/0/0 (42)
16:41:39.162122   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.13182 > 172.17.0.1.53: 62225 SOA? 
213.168.192.in-addr.arpa. (42)
16:41:39.162122  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.13182 > 172.17.0.1.53: 62225 SOA? 
213.168.192.in-addr.arpa. (42)
16:41:39.162355 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
86: 172.17.0.1.41240 > 172.17.0.3.53: 62225 SOA? 
213.168.192.in-addr.arpa. (42)
16:41:39.162368 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
86: 172.17.0.1.41240 > 172.17.0.3.53: 62225 SOA? 
213.168.192.in-addr.arpa. (42)
16:41:39.164389   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.53 > 172.17.0.1.41240: 62225 Refused- 0/0/0 (42)
16:41:39.164389  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.53 > 172.17.0.1.41240: 62225 Refused- 0/0/0 (42)
16:41:39.164493 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
86: 172.17.0.1.53 > 172.17.0.3.13182: 62225 Refused- 0/0/0 (42)
16:41:39.164505 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
86: 172.17.0.1.53 > 172.17.0.3.13182: 62225 Refused- 0/0/0 (42)
16:41:39.164799   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.53 > 172.17.0.1.17296: 45118 notify ServFail*- 0/0/0 (42)
16:41:39.164799  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.53 > 192.168.213.11.11940: 45118 notify ServFail*- 0/0/0 
(42)
16:41:39.164827 Out f8:32:e4:8a:b7:b7 ethertype IPv4 (0x0800), length 
86: 192.168.213.12.53 > 192.168.213.11.11940: 45118 notify ServFail*- 
0/0/0 (42)
16:41:39.164830 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
90: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.11940: 45118 notify ServFail*- 0/0/0 (42)
16:41:39.164834 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
90: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.11940: 45118 notify ServFail*- 0/0/0 (42)
16:41:39.164923   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
79: 172.17.0.3.16244 > 172.17.0.1.53: 10861 SOA? int.servinfo.stba. (35)
16:41:39.164923  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
79: 172.17.0.3.16244 > 172.17.0.1.53: 10861 SOA? int.servinfo.stba. (35)
16:41:39.165143 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
79: 172.17.0.1.60993 > 172.17.0.3.53: 10861 SOA? int.servinfo.stba. (35)
16:41:39.165164 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
79: 172.17.0.1.60993 > 172.17.0.3.53: 10861 SOA? int.servinfo.stba. (35)
16:41:39.166571   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
79: 172.17.0.3.53 > 172.17.0.1.60993: 10861 Refused- 0/0/0 (35)
16:41:39.166571  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
79: 172.17.0.3.53 > 172.17.0.1.60993: 10861 Refused- 0/0/0 (35)
16:41:39.166654 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
79: 172.17.0.1.53 > 172.17.0.3.16244: 10861 Refused- 0/0/0 (35)
16:41:39.166658 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
79: 172.17.0.1.53 > 172.17.0.3.16244: 10861 Refused- 0/0/0 (35)
16:41:39.166930   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
79: 172.17.0.3.53 > 172.17.0.1.17296: 48109 notify ServFail*- 0/0/0 (35)
16:41:39.166930  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
79: 172.17.0.3.53 > 192.168.213.11.11940: 48109 notify ServFail*- 0/0/0 
(35)
16:41:39.166964 Out f8:32:e4:8a:b7:b7 ethertype IPv4 (0x0800), length 
79: 192.168.213.12.53 > 192.168.213.11.11940: 48109 notify ServFail*- 
0/0/0 (35)
16:41:39.166967 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
83: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.11940: 48109 notify ServFail*- 0/0/0 (35)
16:41:39.166972 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
83: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.11940: 48109 notify ServFail*- 0/0/0 (35)
16:41:39.167053   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.13456 > 172.17.0.1.53: 48066 SOA? 
101.168.192.in-addr.arpa. (42)
16:41:39.167053  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.13456 > 172.17.0.1.53: 48066 SOA? 
101.168.192.in-addr.arpa. (42)
16:41:39.167197 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
86: 172.17.0.1.47557 > 172.17.0.3.53: 48066 SOA? 
101.168.192.in-addr.arpa. (42)
16:41:39.167203 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
86: 172.17.0.1.47557 > 172.17.0.3.53: 48066 SOA? 
101.168.192.in-addr.arpa. (42)
16:41:39.167692   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.53 > 172.17.0.1.47557: 48066 Refused- 0/0/0 (42)
16:41:39.167692  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.53 > 172.17.0.1.47557: 48066 Refused- 0/0/0 (42)
16:41:39.167775 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
86: 172.17.0.1.53 > 172.17.0.3.13456: 48066 Refused- 0/0/0 (42)
16:41:39.167781 Out 02:42:f9:95:2b:46 ethertype IPv4 (0x0800), length 
86: 172.17.0.1.53 > 172.17.0.3.13456: 48066 Refused- 0/0/0 (42)
16:41:39.167970   P 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.53 > 172.17.0.1.17296: 24291 notify ServFail*- 0/0/0 (42)
16:41:39.167970  In 02:42:ac:11:00:03 ethertype IPv4 (0x0800), length 
86: 172.17.0.3.53 > 192.168.213.11.11940: 24291 notify ServFail*- 0/0/0 
(42)
16:41:39.168001 Out f8:32:e4:8a:b7:b7 ethertype IPv4 (0x0800), length 
86: 192.168.213.12.53 > 192.168.213.11.11940: 24291 notify ServFail*- 
0/0/0 (42)
16:41:39.168005 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
90: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.11940: 24291 notify ServFail*- 0/0/0 (42)
16:41:39.168010 Out f8:32:e4:8a:b7:b7 ethertype 802.1Q (0x8100), length 
90: vlan 213, p 0, ethertype IPv4, 192.168.213.12.53 > 
192.168.213.11.11940: 24291 notify ServFail*- 0/0/0 (42)

--------------------------------------------------------------------------------
Christian Tardif
christian.tardif at servinfo.ca

SVP, pensez à l’environnement avant d’imprimer ce message.


------ Message d'origine ------
De: "frank+pdns--- via Pdns-users" <pdns-users at mailman.powerdns.com>
À: "pdns-users-ml" <pdns-users at mailman.powerdns.com>
Envoyé : 2019-05-29 09:18:26
Objet : Re: [Pdns-users] Master/Slaves in docker containers

>Hi Christian,
>
>>pdns master is running on host 192.168.213.11, and container ip is 
>>172.17.0.4
>>
>>pdns slave is running on host 192.168.213.12, and container ip is 
>>172.17.0.3
>>
>>both containers have gateway set to 172.17.0.1, and hosts have gateway 
>>set to 192.168.213.1
>>
>>Both containers publishes udp/53 and tcp/53  (as 0.0.0.0:53) so 
>>basically, I can connect to any of these two, targetting the 
>>192.168.213.x IP
>>
>>But when I do a zone update on the master container, docker logs of 
>>the pdns-slave shows these two things, for all the domains for which 
>>he should be authoritative:
>>
>>- Received NOTIFY for _this_particular_zone_ from 172.17.0.1 for which 
>>we are not authoritative
>>- Error resolving SOA or NS for _this_particular_zone_ at: 172.17.0.1: 
>>Query to '172.17.0.1' for SOA of '_this_particular_zone_' produced no 
>>answer
>>
>
>Could you do the following:
>
>- start a tcpdump on pdns-slave
>- from pdns-master: do a dig something @192.168.213.12
>- from pdns-master: trigger a notify to 192.168.213.12
>
>And show us the tcpdump?
>
>
>
>Frank
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190529/809a46f9/attachment-0001.html>

More information about the Pdns-users mailing list