[Pdns-users] Notify from master is not accepted

Roland Giesler roland at giesler.za.net
Tue Oct 8 15:03:19 UTC 2024 

On 2024/10/07 21:17, Michel Otte wrote:
> You have left out quite a few details from your setup. What PowerDNS 
> version are you running?

PDNS 4.6.3

> What backend [1] did you configure on the PowerDNS auth side?

SQLite3

> What other commands did you run to set up the secondary zone?

I installed the PowerDNS-Admin Web frontend and simply used the UI to 
add domains as they get created.  I select that the zone is a secondary, 
tell it where the master is, pull the domain from the master, and that's it.

> From the context you provide, I take it you are trying to set up 
> PowerDNS to become a secondary nameserver that receives zone transfers 
> from a primary BIND nameserver.

Yes

> Please start by reading the PowerDNS modes of operation section [2] 
> from the manual if not already done so, specifically the part that 
> discusses secondary operation [3]. Next, make sure the domain you want 
> PowerDNS to be secondary for is actually created on the PowerDNS side, 
> for secondary operation [4].

I have 9 domains set up as secondaries and they work fine as far as I 
can tell when I manually tell anyone domain to sync with the master.

> PowerDNS also has something that's called auto-primary mode [5], which 
> allows a primary nameserver to "provision" a PowerDNS secondary 
> nameserver, or let PowerDNS automatically discover new zones it should 
> be authoritative for. This functionality was known as "supermaster", 
> but has been renamed in recent versions.

That sounds interesting, I'll read up on that.

 From what I've learned up to now, the actual domain record contains the 
address of the master, and even if an update is triggered via notify, it 
will not be done if the master ip address doesn't match the ip address 
in the domain record.  Is that correct?  If so, it leads me to the next 
question, which is: Is there any way in which I can add a second master 
ip address to the record?

I suppose I can attempt to redo a secondary zone file and use the LAN 
(internal) address?  The problem is though that PDNS has a public ip 
address and is not NAT'ted, so I don't think the LAN ip address of the 
master is visible to PDNS.

Ideas?

>
> Hopefully this helps. With kind regards,
> Michel Otte
>
>
> [1]: https://doc.powerdns.com/authoritative/backends/
> [2]: https://doc.powerdns.com/authoritative/modes-of-operation.html
> [3]: 
> https://doc.powerdns.com/authoritative/modes-of-operation.html#secondary-operation
> [4]: 
> https://doc.powerdns.com/authoritative/backends/generic-sql.html#secondary-operation
> [5]: 
> https://doc.powerdns.com/authoritative/backends/generic-sql.html#autoprimary-operation
>
>
> Roland Giesler via Pdns-users <pdns-users at mailman.powerdns.com>:
>
>     I'm running my primary DNS on Power Mail-in-a-Box, which runs BIND9's
>     NAMED and sends notifications when a domain's zone file changes.
>
>     I have set PowerDNS's config to accept these from the LAN and
>     Public ip
>     of the master, but I see this error in syslog.  (The DNS is a NAT'ted
>     server)
>
>     Oct  7 17:13:43 PowerDNS pdns_server[125]: Received NOTIFY for
>     fast.za.net <http://fast.za.net> from 192.168.131.102 which is not
>     a master (Refused)
>     Oct  7 17:13:43 PowerDNS pdns_server[125]: message repeated 9
>     times: [
>     Received NOTIFY for fast.za.net <http://fast.za.net> from
>     192.168.131.102 which is not a
>     master (Refused)]
>
>     My config file has:
>
>     allow-axfr-ips=197.214.119.180/32,192.168.131.0/24,127.0.0.0/8,::1,169.255.79.10/24
>     allow-notify-from=197.214.119.180/32,192.168.131.0/24,::/0
>     <http://197.214.119.180/32,192.168.131.0/24,127.0.0.0/8,::1,169.255.79.10/24allow-notify-from=197.214.119.180/32,192.168.131.0/24,::/0>
>
>     What should I do to allow the changes onto PowerDNS?
>
>
>     _______________________________________________
>     Pdns-users mailing list
>     Pdns-users at mailman.powerdns.com
>     https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20241008/d40c64b7/attachment.htm>

More information about the Pdns-users mailing list