[Pdns-users] Pdns master-slave replication issue

Satish Patel satish.txt at gmail.com
Fri Oct 16 20:59:40 UTC 2020


This is what i found is i changed port (local-port=5300) to 53 and
stopped pdns-recursor (This is also running on 53) then my replication
worked fine without any issue but it doesn't work with 5300 ports. I
have production pdns running on the 4.1.1 version which has no issue.
looks like 4.3.1 has some strange bug and doesn't like 5300 ports.

I need pdns-recursor because I am using a forwarder to other DNS also.

On Fri, Oct 16, 2020 at 3:25 PM Satish Patel <satish.txt at gmail.com> wrote:
>
> Thanks for reply, I do have whitelisted slave IP (whole subnet
> 10.64.0.0/21) and I am not using TSIG at this point because its
> internal DNS (not looking for any security at this point)
>
> My master config:
>
> setuid=pdns
> setgid=pdns
> launch=bind
> allow-axfr-ips=10.64.0.0/21
> allow-dnsupdate-from=127.0.0.0/8,10.64.0.0/21,::1
> also-notify=10.64.0.11:5300
> only-notify=
> api=yes
> api-key=XXXXXXXXXXXXXXXX
> disable-axfr=no
> dnsupdate=yes
> local-port=5300
> log-dns-details=yes
> log-dns-queries=yes
> master=yes
> webserver=no
> launch=gmysql
> gmysql-host=localhost
> gmysql-user=pdns-admin
> gmysql-password=XXXXXXX
> gmysql-dbname=pdns
>
> My Slave config:
>
> setuid=pdns
> setgid=pdns
> launch=bind
> allow-notify-from=10.64.0.10/32
> allow-dnsupdate-from=10.64.0.10/32
> api=no
> disable-axfr=no
> dnsupdate=yes
> local-port=5300
> log-dns-details=yes
> log-dns-queries=yes
> loglevel=999
> master=no
> slave=yes
> superslave=yes
> slave-cycle-interval=60
> webserver=no
> launch=gmysql
> gmysql-host=localhost
> gmysql-user=pdns-admin
> gmysql-password=XXXXXXXXXX
> gmysql-dbname=pdns
>
> MySQL supermaster
>
> MariaDB [pdns]> select * from supermasters;
> +------------+--------------------------------+---------+
> | ip         | nameserver                     | account |
> +------------+--------------------------------+---------+
> | 10.64.0.10 | ns2.foo.example.net | admin   |
> +------------+--------------------------------+---------+
>
> On Fri, Oct 16, 2020 at 2:54 PM Michael Rommel <rommel at layer-7.net> wrote:
> >
> > Hi,
> >
> > you could look at the config whether you have whitelisted the ip of the slave on the master for zone transfers (AXFR).
> >
> > Secondly, if you have configured, that only signed transfers are allowed, look whether the correct TSIG keys are configured on master and slave.
> >
> > HTH,
> >
> >   Michael.
> >
> > --
> > Michael Rommel, Erlangen, Germany
> >
> > > On 16. Oct 2020, at 20:36, Satish Patel via Pdns-users <pdns-users at mailman.powerdns.com> wrote:
> > >
> > > Folks,
> > >
> > > I have installed fresh PowerDNS version pdns-4.3.1-1 on centOS8 and
> > > setup master-slave for replication. when i added a new zone on master
> > > i got the following error on slave server logs, any idea what is
> > > wrong?
> > >
> > > I did add a supermaster entry and SOA NS record etc so i can confirm
> > > they are good and correct.
> > >
> > > Oct 16 14:01:23 pdns-2.foo.example.net pdns_server[27983]: 1 slave
> > > domain needs checking, 0 queued for AXFR
> > > Oct 16 14:01:23 pdns-2.foo.example.net pdns_server[27983]: Received
> > > serial number updates for 1 zone, had 0 timeouts
> > > Oct 16 14:01:23 pdns-2.foo.example.net pdns_server[27983]: Domain
> > > 'foo.example.net' is empty, master serial 2020101603
> > > Oct 16 14:01:23 pdns-2.foo.example.net pdns_server[27983]: Initiating
> > > transfer of 'foo.example.net' from remote '10.64.0.10'
> > > Oct 16 14:01:23 pdns-2.foo.example.net pdns_server[27983]: Starting
> > > AXFR of 'foo.example.net' from remote 10.64.0.10
> > > Oct 16 14:01:23 pdns-2.foo.example.net pdns_server[27983]: Unable to
> > > AXFR zone 'foo.example.net' from remote '10.64.0.10' (resolver): AXFR
> > > chunk error: Server Failure (This was the first time. Excluding zone
> > > from slave-checks until 1602871343)
> > > _______________________________________________
> > > Pdns-users mailing list
> > > Pdns-users at mailman.powerdns.com
> > > https://mailman.powerdns.com/mailman/listinfo/pdns-users
> >


More information about the Pdns-users mailing list