[Pdns-users] Help with "simple" config please

Otto Moerbeek otto at drijf.net
Mon Oct 31 15:55:55 UTC 2022 

Hello,

Please read the [1]link below and post unedited config files. It also
helps to explictly state the problem you are trying to solve, what
commands you used to investigate, what you expected to see and what
you actually saw.

	-Otto

[1] https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/

On Mon, Oct 31, 2022 at 10:04:31AM -0500, Slacker T via Pdns-users wrote:

> I'm working though upgrading from 4.4 to the latest version. Tackling
> issues one at a time. I'm trying to get usable log info on who I'm getting
> queries from. I've never used ECS/EDNS before, I think it's what I need to
> use to get what I want. I use dnsdist in front of both my recursor and auth
> server all on the name server, same for my secondary. Please look at my
> config and tell me what you think. I understand that the logs are showing
> what's actually happening, as the query is from 127.0.0.1. I'd just like to
> be able to get the originator ip too if possible.
> 
> Another thing, I'm not sure zone updates are being accepted by the
> secondary. Is there anything different you have to do that changed since
> 4.4? It's like it sees the update from the loopback rather than from the
> primary. Not sure if it's related to any of the ECS/EDNS options.
> 
> Thanks.
> 
> Running:
> 
> > openbsd-7.2
> > dnsdist-1.7.2
> > powerdns-4.6.3
> > powerdns-recursor-4.7.3
> 
> 
> Log showing dnsdist IP rather than originating client:
> 
> > pdns_recursor[67506]: 3 [1230/1] question for '
> > chat-e2ee-mini.c10r.facebook.com|A' from 127.0.0.1:34556
> >
> 
> pdns.conf:
> 
> > setuid=_powerdns
> 
> launch=gsqlite3
> > gsqlite3-database=/var/db/pdns/pdns.sqlite3
> > gsqlite3-dnssec
> > allow-axfr-ips=192.168.100.14
> > also-notify=192.168.100.14
> > daemon=yes
> > edns-subnet-processing=yes
> > guardian=yes
> > local-address=127.0.0.1:5300
> > loglevel=5
> > primary=yes
> > secondary=no
> 
> 
> recursor.conf:
> 
> > setuid=_pdns_recursor
> > setgid=_pdns_recursor
> > chroot=/var/pdns_recursor
> > allow-from=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16,
> > 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10
> > daemon=yes
> > disable-syslog=no
> > dnssec-log-bogus=yes
> > forward-zones=mydomain.com=127.0.0.1:5300
> > forward-zones+=sub.mydomain.com=127.0.0.1:5300
> > forward-zones+=sub.otherdomain.org=127.0.0.1:5300
> > local-address=127.0.0.1:5301
> > log-common-errors=yes
> > log-rpz-changes=yes
> > logging-facility=0
> > loglevel=4
> > quiet=no
> 
> 
> dnsdist.conf:
> 
> > setLocal('192.168.100.13:53')
> > addLocal('127.0.0.1:53')
> > setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access
> 
> setECSOverride(true)
> > setECSSourcePrefixV4(32)
> > setECSSourcePrefixV6(128)
> > newServer({address='127.0.0.1:5300', pool='auth', useClientSubnet=true})
> > newServer({address='127.0.0.1:5301', pool='recursor',
> > useClientSubnet=true})
> > recursive_ips = newNMG()
> > recursive_ips:addMask('10.0.0.0/8') -- These network masks are the ones
> > from allow-recursion in the Authoritative Server
> > recursive_ips:addMask('192.168.0.0/16')
> > recursive_ips:addMask('172.16.0.0/12')
> > recursive_ips:addMask('127.0.0.0/24')
> > addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
> > addAction(AllRule(), PoolAction('auth'))

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list