[Pdns-users] PowerDNS Recursor RPZ issues

Luke Miller lmiller at dynatronsoftware.com
Wed Aug 3 21:19:55 UTC 2022 

Ok, that worked. I have PowerDNS Authoritative Server 4.6.3 serving up the zone file that I will use for RPZ and PowerDNS Recursor 4.7.1 doing the zone transfer and loading it.

However, the issue I am running in to is when I update the zone in PowerDNS Authoritative the Recursor doesn’t get the updated zone.

I am using the bind style configuration, in named.conf I have:

zone "dynatronsoftware.com" IN {
    type master;
    file "dynatronsoftware.com";
    also-notify { 10.20.6.28:53; };
};

The zone file dynatronsoftware.com <http://dynatronsoftware.com/> contains:
$ORIGIN dynatronsoftware.com
$TTL 7200
@       SOA     ca-dns1.dynatron.io.    hostmaster.dynatron.io. (
                2022080102 ; serial
                21600      ; refresh after 6 hours
                3600       ; retry after 1 hour
                604800     ; expire after 1 week
                86400 )    ; minimum TTL of 1 day
;
;
                NS      ca-dns1.dynatron.io.
                NS      ca-dns2.dynatron.io.

test.dynatronsoftware.com A 192.168.2.5
dev-forecast.dynatronsoftware.com A 192.168.2.5
luke.dynatronsoftware.com A 192.168.2.5

When I update the zone file I see this in the logs:

Aug  3 15:15:20 tst-dyn-dns1 pdns_server: Zone 'dynatronsoftware.com' (/opt/bind/dynatronsoftware.com) needs reloading
Aug  3 15:15:20 tst-dyn-dns1 pdns_server: Zone 'dynatronsoftware.com' (/opt/bind/dynatronsoftware.com) reloaded
Aug  3 15:15:54 tst-dyn-dns1 pdns_server: Notification for dynatronsoftware.com to 10.20.6.28:53 failed after retries

Does PowerDNS Recursor accept notifies? If not, how do I get the zone to update when I make change?

Thanks,

Luke Miller
Infrastructure Manager
O: 972-913-6388

Corporate Office 
2703 Telecom Pkwy, Suite 140A
Richardson, TX 75082
lmiller at DynatronSoftware.com | www.dynatronsoftware.com



> On Aug 1, 2022, at 11:50 AM, abang at t-ipnet.net wrote:
> 
> Hi Luke,
> 
> You have to host the RPZ zone on a authoritative nameserver (PowerDNS Authoritative for example) in order to load it using the rpzPrimary function.
> 
> The Recursor does not provide zonetransfers.
> 
> Winfried

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220803/302c484a/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tMi_Dy-eJEnABvX_cHptnxMfB6n8FFFXftzZfp8WeIBuWTdsLhDKLi4uZ-vUccVLCvy_0p2bl4JVoBD-_fzYyu4Ki1fOMVDcCqJlo-wl6GBzOWVIxinRFVYmMoFXbGzKYy_iDI9n.jpeg
Type: image/jpeg
Size: 4934 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220803/302c484a/attachment-0001.jpeg>

More information about the Pdns-users mailing list