[Pdns-users] PowerDNS Recursor RPZ issues

Luke Miller lmiller at dynatronsoftware.com
Mon Aug 1 18:40:39 UTC 2022 

I am having problems setting up RPZ under PowerDNS Recursor. Here is my setup:

PowerDNS Recursor 4.7.1
CentOS 7.9
2 servers, primary and secondary.

On the primary server I have the following setup:

recursor.conf includes this line:
lua-config-file=/etc/pdns-recursor/recursorconf.lua

recursorconf.lua has:
rpzFile("/etc/pdns-recursor/dynatronsoftware.rpz", {})

dynatronsoftware.rpz has:
$TTL 2h;
$ORIGIN domain.dynatronsoftware.com
@          SOA powerdns.dynatronsoftware.com. hostmaster.dynatronsoftware.com ( 1 12h 15m 3w 2h)
           NS ns1.dynatronsoftware.com.
; begin RPZ RR definitions


test.dynatronsoftware.com A 192.168.2.5
dev-forecast.dynatronsoftware.com A 192.168.2.5

The primary works fine. The issue I am having is getting the secondary to work. On this server I have the following setup:

recursor.conf contains:
lua-config-file=/etc/pdns-recursor/recursorconf.lua

recursorconf.lua has:
rpzPrimary("10.20.6.27", "dynatronsoftware.rpz”)

The logs on the second server show this:

Aug  1 13:34:02 tst-dyn-dns2 pdns-recursor: msg="Loading RPZ from nameserver" subsystem="rpz" level=1 prio=6 ts="1659378842.989" primary="10.20.6.27" zone="dynatronsoftware.rpz"
Aug  1 13:34:02 tst-dyn-dns2 pdns-recursor: msg="Unable to load RPZ zone, will retry" subsystem="rpz" level=1 prio=4 ts="1659378842.990" exception="AXFR chunk error: Server Failure" from="10.20.6.27" refresh="10” 
zone=“dynatronsoftware.rpz"

I am not seeing any logs at the same time on the secondary server.

What am I missing in my setup here? Do I need to do something on the primary to allow transfers from the secondary?

Thanks,


Luke Miller
Infrastructure Manager
O: 972-913-6388

Corporate Office 
2703 Telecom Pkwy, Suite 140A
Richardson, TX 75082
lmiller at DynatronSoftware.com | www.dynatronsoftware.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220801/61449ec4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tMi_Dy-eJEnABvX_cHptnxMfB6n8FFFXftzZfp8WeIBuWTdsLhDKLi4uZ-vUccVLCvy_0p2bl4JVoBD-_fzYyu4Ki1fOMVDcCqJlo-wl6GBzOWVIxinRFVYmMoFXbGzKYy_iDI9n.jpeg
Type: image/jpeg
Size: 4934 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220801/61449ec4/attachment.jpeg>

More information about the Pdns-users mailing list