[Pdns-users] R: - also-notify global configuration parameter - unclear behavior
Angelo Colucci
angelo.colucci at vianova.it
Tue Jul 27 23:12:05 UTC 2021
Hi Klaus,
thanks for you support.
Yes, the SERIAL is automatically increased after saving the change on the RR of the domain, on the powerdns-admin web gui. But after your explanation, I compared the notified_serial on the domains table with the the output of dig of the SOA RR of the same domain example.com.
The SERIAL that I see via dig is correctly updated (2021072703) as the value indicated in the SOA RR on the records table; instead the notified_serial contains the old value (2021072703).
Output of the dig command launched on HM:
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51857
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;example.com. IN SOA
;; ANSWER SECTION:
example.com. 86400 IN SOA dns.example.it. welcomeadmin.example.it. 2021072703 86400 1800 2592000 3600
;; Query time: 2 msec
;; SERVER: 10.131.239.114#53(10.131.239.114)
;; WHEN: Tue Jul 27 23:37:16 CEST 2021
;; MSG SIZE rcvd: 109
MariaDB [pdns]> select * from domains where name like 'example.com';
+------+-------------+--------+------------+--------+-----------------+---------+
| id | name | master | last_check | type | notified_serial | account |
+------+-------------+--------+------------+--------+-----------------+---------+
| 6344 | example.com | | NULL | MASTER | 2021072601 | |
+------+-------------+--------+------------+--------+-----------------+---------+
1 row in set (0.000 sec)
MariaDB [pdns]> select * from records where name like 'example.com';
+--------+-----------+-------------+------+---------------------------------------------------------------------------------------+-------+------+----------+-----------+------+
| id | domain_id | name | type | content | ttl | prio | disabled | ordername | auth |
+--------+-----------+-------------+------+---------------------------------------------------------------------------------------+-------+------+----------+-----------+------+
| 380536 | 6344 | example.com | MX | mail.example.it | 900 | 10 | 0 | NULL | 1 |
| 380537 | 6344 | example.com | NS | dns.example.it | 3600 | 0 | 0 | NULL | 1 |
| 380538 | 6344 | example.com | NS | dnsslave.example.it | 3600 | 0 | 0 | NULL | 1 |
| 380539 | 6344 | example.com | SOA | dns.example.it welcomeadmin.example.it 2021072703 86400 1800 2592000 3600 | 86400 | 0 | 0 | NULL | 1 |
+--------+-----------+-------------+------+---------------------------------------------------------------------------------------+-------+------+----------+-----------+------+
4 rows in set (0.000 sec)
So , in my scenario, even if the notified_serial is less than SOA RR SERIAL, the notification isn’t triggerd because I configured the HMs with master=no.
Based on your exaplanation, I understand that when I’ll put in service the new HM infrastructure, putting master=yes on them, the notification mechanism will work properly. Is it right?
Best Regards
Angelo
Da: Klaus Darilion [mailto:klaus.darilion at nic.at]
Inviato: martedì 27 luglio 2021 22:25
A: Angelo Colucci <angelo.colucci at vianova.it>
Oggetto: AW: [Pdns-users] - also-notify global configuration parameter - unclear behavior
Hi Angelo!
Are you increasing the SERIAL in the SOA record of example.com?
With master=yes PowerDNS will regularly (I think every slave-check-intervall) compare the zone's SERIAL with the "notified_serial" column in the domains table - and only if the SERIAL in the records table is higher PowerDNS will send NOTIFYs and then update the notified_serial in the domains table.
regards
Klaus
Von: Pdns-users <pdns-users-bounces at mailman.powerdns.com> Im Auftrag von Angelo Colucci via Pdns-users
Gesendet: Dienstag, 27. Juli 2021 22:19
An: pdns-users at mailman.powerdns.com
Betreff: [Pdns-users] - also-notify global configuration parameter - unclear behavior
Hi,
I'm configuring a new anycast dns authoritative infrastructure, composed by:
- two Hidden Master with PowerDNS 4.5.0 with MySql backend
- four Authoritative public nameserver (NSD 4.2.4/ Knot 3.0.8)
At the moment the two HMs are configured as secondary in the pdns.conf, they download (via AXFR/IXFR) the zones from the old dns auth infrastructure and they update the four slave nameservers.
At the moment the slave nameservers don't announce yet the service ip address specified in the glue record.
Any changes on the zones on the old dns nameservers are correctly delivered to the HMs and then to the slave nameservers (thanks to secondary-do-renotify globally enabled and also-notify that specifies the unicast ip addresses of the four slave nameservers).
But In this scenario I'm experimenting an unclear behavior of the "also-notify" configuration parameter in pdns.conf, when i modify/add a RR on a test zone that is master on the HMs.
In particular the test is the following:
- I add the domain example.com as master on the two HM, as slave on the four slave nameservers.
- I modify/add one RR on the example.com on the two HMs.
I'm expecting that all 4 nameservers will receive on their unicast-ip address the notification and they download via ixfr those changes (thanks to also-notify configuration parameter), but pdns on both HMs doesn't send any notification.
In this case I force the notification with the following command launched from one of the HM:
pdns_control notify example.com
Is it a normal behavior of also-notify or does it depends by the configuration of the HMs as secondary (so the notifications will be correctly generated when I’ll reconfigure the HMs as primary)? Otherwise, what did I forget in the pdns.conf?
Thanks in advance for any help
Angelo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210728/c01717f2/attachment-0001.htm>
More information about the Pdns-users
mailing list