[Pdns-users] PDNS repos request

Alex Pavlov admin at livas.lv
Thu Oct 5 19:36:01 UTC 2023 

Hi Frank,

 

On top of that, it seems you're blaming others for issues which you are responsible for.. If you feel recompiling from the repo is too much of a hassle, you can either upgrade your OS, or ask Ubuntu to provide up to date PowerDNS packages.

*	I’m writing about 10 seconds install from .deb package, so it is mostly question of time which I’m trying to save of my work.   Also wrote below that recompiling is doable and even seen library/dependency errors I solved it and cooked 1.5.2 DNSDIST. So jumped one version 1.4->1.5.2. 
*	The Ubuntu 18.x is providing by default one package of DNSDIST 1.2, which is too old. Also required DoH support starts from 1.4 version.

 

DNSDist 1.5 is End Of Life.

For DoH, if you need to support multiple hostnames on the same dnsdist instance, I would try with a single cert with multiple SANs. DNSdist should serve it well, the clients should accept it. If it's still an issue in a recent and support dnsdist version, please show us your config, the full cert to help debugging.

*	Ok, I’m still doing my upgrade jumps to latest 1.8 DNSDIST and then test with this version.  Having multiple SANs in single cert looks like good advice for me 😊, will try it ! but is it supported with CertBot to issue such combo cert ?

 

There is no MySQL in dnsdist, so not sure what you try to do there?

*	I wrote in message below: “Every version jump requires sometimes adjust the conf file or MySQL tables (backend for PDNS-AUTH), as per Documented guides (version upgrade guides).”  

That means I have on server full pack of DNS: dnsdist + pdns-auth with mysql backend and also pdns-recursor and pdns-tools, on top of it pdns-admin Web UI and MariaDB. So all those packages need to upgrade step by step to latest stable releases.

 

If you want to update your dnsservers, which should be running only the dns infra and nothing else, and thus should be easily upgradeable, I would recommend:

- provision new hosts

- install Ubuntu 22.04 LTS on them

- install dnsdist 1.8 on them

>  Frank, yes it was the first option I wanted to follow… but it takes even more time to build the full system from the scratch.

Also the current server needs to keep workin as it have other services running, not only the DNS package.

 

Regards,

Alex.

 

 

From: Frank @ kiwazo.be <frank+pdns at tembo.be> 
Sent: Thursday, October 05, 2023 9:45 PM
To: pdns-users-ml <pdns-users at mailman.powerdns.com>
Cc: Alex Pavlov <admin at livas.lv>
Subject: Re: [Pdns-users] PDNS repos request

 

 

On 5 Oct 2023, at 20:36, Alex Pavlov via Pdns-users <pdns-users at mailman.powerdns.com <mailto:pdns-users at mailman.powerdns.com> > wrote:

 

Thanks Peter,

As the ready for deployment DEB files all deleted, I have now only one way of recompiling binaries from sources.
I'm not telling that it is not doable, but 10 seconds install process with "dpkg -i..." now turns in to much longer process for me.

 

Alex, 

 

I am really sorry for your loss, but you'll have to consider the amount of time you'll need to manually patch every CVE which might pop up in the future, as your 5+ years old distribution is no longer supported.

 

On top of that, it seems you're blaming others for issues which you are responsible for.. If you feel recompiling from the repo is too much of a hassle, you can either upgrade your OS, or ask Ubuntu to provide up to date PowerDNS packages.






As the compiling already thrown some dependency libraries errors of mismatching versions... one of them h2o with libssl for enabling DoH and DoT in DNSDIST (in the builder.sh that you described below, as I need to add DoH & DoT). I don't know why those errors there and why libraries were replaced some years ago.
In genera need to say that the idea is not to have old Ubuntu and old PDNS releases in production, but rather use it as step-by-step version updating DNSDIST 1.4->1.5->1.6->1.7->1.8 and same with PDNS from 4.2.3->4.3.2->up to latest stable.
Every version jump requires sometimes adjust the conf file or MySQL tables (backend for PDNS-AUTH), as per Documented guides (version upgrade guides).

 

Please keep one thread to one subject. You're now mixing 2, sorry 3 issues. 

 

DNSDist 1.5 is End Of Life.

 

For DoH, if you need to support multiple hostnames on the same dnsdist instance, I would try with a single cert with multiple SANs. DNSdist should serve it well, the clients should accept it. If it's still an issue in a recent and support dnsdist version, please show us your config, the full cert to help debugging.

 

There is no MySQL in dnsdist, so not sure what you try to do there?

 

If you want to update your dnsservers, which should be running only the dns infra and nothing else, and thus should be easily upgradeable, I would recommend:

 

- provision new hosts

- install Ubuntu 22.04 LTS on them

- install dnsdist 1.8 on them

 

Frank

 

 

Frank Louwers
PowerDNS Certified Consultant @ Kiwazo.be

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20231005/38832464/attachment-0001.htm>

More information about the Pdns-users mailing list