[Pdns-users] AXFR Zone Transfer Problem

[Ralph]

Hi @all,

i need your help with my configuration.
I configured PowerDNS Auth and recursor on one vm. Everything works fine - recursion, authoritative zone etc

BUT i have a big problem with zone transfers.
When the pdns is configured as a slave for a zone then it works fine. I can see in my tcpdump that i get the zone from the master successfully.
When the pdns is configured as the master of a zone nobody can start an axfr. Also notifies don't work!

tcpdump:
561 SOA? testdpd.de. (28)
561 1/0/0 SOA (89)
Flags [S], seq 1084877886, win 29200, options [mss 1418,sackOK,TS val 28085004 ecr 0,nop,wscale 7], length 0
Flags [S.], seq 1443554573, ack 1084877887, win 28960, options [mss 1460,sackOK,TS val 25716313 ecr 28085004,nop,wscale 7], length 0
Flags [.], ack 1, win 229, options [nop,nop,TS val 28085004 ecr 25716313], length 0
Flags [P.], seq 1:31, ack 1, win 229, options [nop,nop,TS val 28085004 ecr 25716313], length 30 15122 AXFR? test.de. (28)
Flags [.], ack 31, win 227, options [nop,nop,TS val 25716313 ecr 28085004], length 0
Flags [P.], seq 1:31, ack 31, win 227, options [nop,nop,TS val 25716313 ecr 28085004], length 30 15122 ServFail 0/0/0 (28)
Flags [.], ack 31, win 229, options [nop,nop,TS val 28085005 ecr 25716313], length 0
Flags [F.], seq 31, ack 31, win 229, options [nop,nop,TS val 28085005 ecr 25716313], length 0
Flags [F.], seq 31, ack 32, win 227, options [nop,nop,TS val 25716314 ecr 28085005], length 0
Flags [.], ack 32, win 229, options [nop,nop,TS val 28085005 ecr 25716314], length 0

Has anyone an idea?
I think the problem is the pdns recursor which is configured in front of the construct and forward every query.

Do I really need dnsdist only for zone transfer?


Best regards
Chris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210108/d5bec10d/attachment.htm>