[Pdns-users] How should my backend tell pdns that pdns_server that it has changed the zone
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Sep 26 05:34:46 UTC 2019
Am 24.09.2019 um 17:00 schrieb jb-wisemo via Pdns-users:
> On 24/09/2019 14:25, Pieter Lexis wrote:
>> Hi Jakob,
>>
>> On 9/24/19 12:31 AM, jb-wisemo via Pdns-users wrote:
>>> I am creating a custom master-mode backend for a special use. But some
>>> questions are left open or vague by the documentation, here is the first
>>> one:
>>>
>>> How shall I tell pdns_server that I have changed my zone and increased
>>> the zone serial in the database?
>>>
>>> Idea is to trigger notify and replication to ordinary slaves as quickly
>>> as possible, being able to tell code elsewhere that the changes should
>>> now be available in the global DNS (doing my own TTL calculations).
>> Increasing the SOA serial will be enough. PowerDNS will check the
>> serials every slave-cycle-interval[1] seconds and queue NOTIFY messages
>> to slaves when needed.
>>
>> If that is not fast enough for you, you could have your provisioning
>> system send the NOTIFY by itself to the slaves.
>>
>> Best regards,
>>
>> Pieter
>>
>> 1 -
>> https://docs.powerdns.com/authoritative/settings.html#setting-slave-cycle-interval
>>
>>
>
> Indeed, having pdns_server poll the database at a regular interval is too
> slow for my use case. Sending an external NOTIFY to slaves and having them
> attempt an AXFR makes me worry if PowerDNS will be ready to answer with the
> latest database contents, as opposed to returning something cached or
> partially processed (DNSSEC rectification etc.).
>
> This is why I am looking for a way to make PowerDNS check the serial in the
> database and trigger all resulting actions in the correct order as soon as
> the database management process has written a new set of changes. Almost as
> if the "cycle interval" had ended at exactly that moment, for that
> particular
> zone.
>
> I was hoping for something available via pdnsutil, a call that could be
> made
> from the backend, or less securely (increases attack surface) the REST API.
>
> Ideally, the idle CPU/memory load would be kept low between changes.
If you want slow delays, you have to turn off caching. Otherwise the SOA
check from the slave may be answered with old serial. We do this. But
only on our master without public traffic. So, the hidden master has
packet-cache and query-cache set to 0. you can then trigger the NOTIFY
with pdnsutil notify <zone> after you modified the data in the backend.
regards
Klaus
More information about the Pdns-users
mailing list