[Pdns-users] DNS Forwarding on Master/Slave Servers
pieter.lexis at powerdns.com
Fri May 7 08:05:34 UTC 2021
On 5/7/21 7:14 AM, Steven Garner via Pdns-users wrote:
> I have a noob question about DNS forwarding - just implemented pdns
> version 4.2.1 on three servers on separate networks, intending for one
> to be a master (primary) and the other two to be slaves (secondaries).
> So far I love it, but I think I may be doing something wrong with DNS
4.2 will be EOL in the coming month, see . I recommend you upgrade to
4.4 from our repo and consult the upgrade guide. But this is not
the source of your problems :).
> I have records for some 383 domains in MySQL as a backend.
>> Also the master/slave state is configured on a per domain basis in the
> domains table with the type column set to either MASTER or SLAVE
> respectively. The slave has the master node IP addresses set for each
> domain in the master column in the domains table.
> dig would seem to indicate that everything is working fine:
> Yet other methods seem to indicate there may be problems:
> 2) When I test opensourceserver.io <http://opensourceserver.io> on
> <https://www.site24x7.com/dns-lookup.html>, it states there is a
> "Possible DNS forwarding issue." for each server.
"Forwarding" is a bit of a mis-nomer here. Looking at the responses of
the servers, I see a REFUSED from 184.108.40.206, which might indicate
the zone is not transferred to this server. I can't get any response
from 220.127.116.11, which could be a firewall, or middlebox doing nasty
For the server at 18.104.22.168, please check the logs (`grep`ing for
opensourceserver.io) and the output of `pdnsutil show-zone
opensourceserver.io` to see what is going on with the XFR.
For the server at 22.214.171.124, check the firewall(s), also on the
network path. And if PowerDNS is running at all :).
DNSVIZ  also reports that the glue records from .io do not match the
authoritave records in the zone. The .io nameserver sends 126.96.36.199
for all 3 nameservers, so you will need to update your glue for
starters. This can be done in you registrar control panel. But I suggest
you fix the issues above first.
1 - https://doc.powerdns.com/authoritative/appendices/EOL.html
2 - https://repo.powerdns.com/
3 - https://doc.powerdns.com/authoritative/upgrading.html
4 - https://dnsviz.net/d/opensourceserver.io/YJTycg/dnssec/
PowerDNS.COM BV -- https://www.powerdns.com
More information about the Pdns-users