[Pdns-users] RFS2136 updates

Walter Parker walterp at gmail.com
Sun Jun 26 21:40:02 UTC 2022 

I'm running from PostgresDB. Using the pdnsutil command, I did set the
metadata.Here are the results from pdnsutil.

pdnsutil get-meta chaosdynamics.com
Metadata for 'chaosdynamics.com'
ALLOW-DNSUPDATE-FROM = 66.113.99.176/28, 127.0.0.1/8
NOTIFY-DNSUPDATE = 1
SOA-EDIT-API = DEFAULT
TSIG-ALLOW-DNS-UPDATE = cdkey

I'll try the zone-cache settings.


Walter

1

On Sun, Jun 26, 2022 at 1:17 PM Gert van Dijk via Pdns-users <
pdns-users at mailman.powerdns.com> wrote:

> Hi Walter,
>
> I believe you may be missing the 'NOTIFY-DNSUPDATE' domain meta setting.
> [1]
> Note that 'dnsupdate' is a different and global setting; whether or not
> to enable the support for dynamic updates overall on the instance. [2]
>
> What is the backend that you use for the dynamic zone?
> In my case I have a small scale setup using SQLite on a hidden master
> and I used these queries (taken from notes years ago) to enable notify
> updates to secondary servers (running a possibly different backend).
>
> $ sqlite3 /path/to/my/sqlite3.db
> sqlite> update domains set type='MASTER' where name='dyn.zone.tld';
> sqlite> insert into domainmetadata(domain_id, kind, content)
> values((select id from domains where name='dyn.zone.tld'),
> 'SOA-EDIT-DNSUPDATE', 'SOA-EDIT-INCREASE');
> sqlite> insert into domainmetadata(domain_id, kind, content)
> values((select id from domains where name='dyn.zone.tld'),
> 'NOTIFY-DNSUPDATE','1');
>
> Likely unrelated, but just wanted to note the following. I ran into zone
> caching issues on the secondaries side ever since upgrading to 4.5 and
> still happening for me on 4.6, complaining about the domain SOA being
> out of date. Still have to investigate that further and perhaps file an
> issue, but my current workaround for that is setting this on the primary
> server:
>
> zone-cache-refresh-interval=0
> zone-metadata-cache-ttl=0
>
> ... which is fine for a small scale setup like mine. You may not run
> into the same issue, though. :-)
>
> HTH
>
> Gert
>
> [1]:
> https://doc.powerdns.com/authoritative/dnsupdate.html#notify-dnsupdate
> [2]: https://doc.powerdns.com/authoritative/dnsupdate.html#dnsupdate
>
> On 6/26/22 19:44, Walter Parker via Pdns-users wrote:
> > Hi,
> >
> > I have a PowerDNS server with Dynamic Updates (RFC2136 enabled) and it
> > is not pushing the updates to the secondaries.
> >
> > I have allow-axfr-ips set to allow the IP addresses of the secondaries
> > and also-notify set to IP addresses of the notification servers.
> >
> > I have allow-dnsudpates-from set to the IP subnet where the request is
> > coming from. I have dnsupdate set to true.
> >
> > When I run acme.sh, I see the update request come in (UPDATE (18591)
> > from 66.113.99.184 for chaosdynamics.com <http://chaosdynamics.com>:
> > TSIG is provided, but domain is not secured with TSIG. Processing
> continues
> > ) but I don't see the notification queue message or the AXFR messages.
> >
> > When I run a notify manually, I see them (logs below).
> > What did I miss to get dynamic DNS updates to be transferred to the
> > secondary servers?
> >
> > Jun 26 10:39:02 natasha pdns[65543]: Notification request for domain
> > 'chaosdynamics.com <http://chaosdynamics.com>' received from operator
> > Jun 26 10:39:02 natasha pdns[65543]: Queued notification of domain
> > 'chaosdynamics.com <http://chaosdynamics.com>' to 208.80.126.13:53
> > <http://208.80.126.13:53>
> > Jun 26 10:39:02 natasha pdns[65543]: Queued notification of domain
> > 'chaosdynamics.com <http://chaosdynamics.com>' to 208.94.148.13:53
> > <http://208.94.148.13:53>
> > Jun 26 10:39:03 natasha pdns[65543]: IXFR of domain 'chaosdynamics.com
> > <http://chaosdynamics.com>' initiated by 208.94.150.198:61335
> > <http://208.94.150.198:61335> with serial 2022062505
> > Jun 26 10:39:03 natasha pdns[65543]: AXFR of domain 'chaosdynamics.com
> > <http://chaosdynamics.com>' allowed: client IP 208.94.150.198:61335
> > <http://208.94.150.198:61335> is in allow-axfr-ips
> > Jun 26 10:39:03 natasha pdns[65543]: IXFR of domain 'chaosdynamics.com
> > <http://chaosdynamics.com>' initiated by 208.94.147.135:48779
> > <http://208.94.147.135:48779> with serial 2022062505
> > Jun 26 10:39:03 natasha pdns[65543]: AXFR of domain 'chaosdynamics.com
> > <http://chaosdynamics.com>' allowed: client IP 208.94.147.135:48779
> > <http://208.94.147.135:48779> is in allow-axfr-ips
> > Jun 26 10:39:03 natasha pdns[65543]: IXFR fallback to AXFR for domain
> > 'chaosdynamics.com <http://chaosdynamics.com>' our serial 2022062606
> > Jun 26 10:39:03 natasha pdns[65543]: AXFR of domain 'chaosdynamics.com
> > <http://chaosdynamics.com>' initiated by 208.94.150.198:61335
> > <http://208.94.150.198:61335>
> > Jun 26 10:39:03 natasha pdns[65543]: AXFR of domain 'chaosdynamics.com
> > <http://chaosdynamics.com>' allowed: client IP 208.94.150.198:61335
> > <http://208.94.150.198:61335> is in allow-axfr-ips
> >
> > --
> > The greatest dangers to liberty lurk in insidious encroachment by men of
> > zeal, well-meaning but without understanding.   -- Justice Louis
> D. Brandeis
> >
> > _______________________________________________
> > Pdns-users mailing list
> > Pdns-users at mailman.powerdns.com
> > https://mailman.powerdns.com/mailman/listinfo/pdns-users
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>


-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220626/a1415a73/attachment-0001.htm>

More information about the Pdns-users mailing list