[Pdns-users] Serial increase not reflecte in database
Ansgar Wiechers
ansgar.wiechers at automatic-server.com
Fri Jan 21 09:00:00 UTC 2022
On 2022-01-20 Klaus Darilion wrote:
>> Okay, but then what is the appropriate way to get PowerDNS to update
>> the SOA record?
>
> Good question - depends on what you want to achieve.
>
> Your settings:
> SOA-EDIT = INCEPTION-EPOCH
> SOA-EDIT-API = SOA-EDIT-INCREASE
> TSIG-ALLOW-AXFR = transfer
>
> Honestly, for SOA-EDIT-API I do not understand the =
> SOA-EDIT(-INCREASE) options, as they refer back to SOA-EDIT which is
> again based on the serial in DB ... seems like a circular dependency.
>
> I use SOA-EDIT-API= DEFAULT. This gives me nice YYYYMMDD01 timestamps.
> For DNSSEC zones, to inform secondaries about new signatures, I use
> SOA-EDIT = INCEPTION-WEEKS. In PowerDNS DNSSEC signatures are always
> valid 3 weeks, changed one a week when "inception weeks" occour
> (Thursdays 00:00). Hence, if a zone is not changed, the serial on
> Thursday is 1 higher than the serial on Wednesday.
As far as I'm aware we are not using DNSSEC for the zones in question,
so anything DNSSEC-related should not be an issue.
In our environment there can be more than 99 updates to a zone per day.
Perhaps not frequently, but it can occur, and we need to ensure timely
updates on slaves even if they do. Hence the format YYYYMMDD## is not
feasible for our use case and we had to chenage it to epoch. Which, like
I said, works nicely in most cases.
Both modifying the zone via PowerAdmin or via the API update the
SOA the way I expect (serial is incremented and the updated serial
appears in the SOA record in the database). The only exception seems to
be when PowerDNS internally updates the serial on Thursdays 00:00 UTC.
This change never appears in the database.
I could work around this by running a cron job to detect the mismatch
and run `pdnsutil increase-serial ZONE`, which fixes the problem.
However, I'd prefer if I could configure PowerDNS to either not do this
automatic serial incrememt every Thursday or at least also write the
íncremented serial ot the database.
Regards
Ansgar Wiechers
--
Automatic Server AG ∙ ∙ ∙ ∙ ∙
Turnerstrasse 2, CH-9000 St. Gallen
Telefon: +41 71 511 31 11
http://www.automatic-server.com
More information about the Pdns-users
mailing list