[Pdns-users] rec_control show-yaml experience

Wed Jan 15 22:05:39 UTC 2025

Hi,

I want to share my experience when trying to upgrade from recursor 5.1 
to 5.2 on debian 12 using the powerdns repo.

Maybe it is of use for others running into the same problems.

After reading
https://docs.powerdns.com/recursor/upgrade.html
https://docs.powerdns.com/recursor/appendices/yamlconversion.html

I used 'rec_control show-yaml' to migrate to the new config format.

after the conversion and the version upgrade to 5.2.0
recursor failed to start with this error:

"YAML config found, but error occurred processing it" error="duplicate 
field `dnssec` at line 2 column 1" subsystem="config" level="0" 
prio="Error" tid="0" ts="1736975704.921" 
configname="/etc/powerdns/recursor.conf"

# content of /etc/powerdns/config.lua:
zoneToCache(".", "axfr", "193.0.14.129")

--------------------------
converted config file using 'rec_control show-yaml'
--------------------------
# Start of converted recursor.yml based on recursor.conf
dnssec:
   aggressive_nsec_cache_size: 0
   log_bogus: false
   validation: validate
incoming:
   allow_from:
   - '127.0.0.0/8'
   - '109.70.100.0/24'
   edns_padding_from:
   - '127.0.0.0/8'
   - '109.70.100.0/24'
   edns_padding_mode: padded-queries-only
   listen:
   - '127.0.0.1:54'
   - '109.70.100.125:53'
   - '109.70.100.136:53'
   max_concurrent_requests_per_tcp_connection: 1000
   pdns_distributes_queries: false
logging:
   common_errors: false
   loglevel: 3
   quiet: true
   rpz_changes: false
   structured_logging: false
   timestamp: true
nod:
   tracking: false
outgoing:
   max_busy_dot_probes: 5
   source_address:
   - '109.70.100.125'
   - '2a03:e600:100::178'
packetcache:
   max_entries: 500000
recordcache:
   max_entries: 10000000
   refresh_on_ttl_perc: 10
recursor:
   config_dir: /etc/powerdns
   extended_resolution_errors: true
   lua_config_file: /etc/powerdns/config.lua
   nothing_below_nxdomain: dnssec
   qname_minimization: true
   setgid: pdns
   setuid: pdns
   threads: 16
   version_string: PowerDNS Recursor
webservice:
   address: '127.0.0.1'
   allow_from:
   - '127.0.0.1'
   - ::1
   loglevel: normal
   password: <removed>
   webserver: true
# Validation result: OK
# End of converted recursor.conf
#
# Start of converted Lua config .yml based on /etc/powerdns/config.lua
dnssec:
   trustanchors: []
recordcache:
   zonetocaches:
   - zone: '.'
     method: axfr
     sources:
     - '193.0.14.129'
# Validation result: OK
# End of converted /etc/powerdns/config.lua
#

---------------------------------------------------------

I'm not sure why the second 'dnssec:' section appears in the file 
because the config.lua has no dnssec lines. To solve this I removed that 
second dnssec section manually from the generated config file.

next error:

msg="YAML config found, but error occurred processing it" 
error="duplicate field `recordcache` at line 2 column 1"

solution:
merged the zonetocache lines from the duplicate recordcache section the 
the first one.

next error:

msg="YAML settings include values originally in Lua but also sets 
`recursor.lua_config_file`. This is unsupported" subsystem="config" 
level="0" prio="Error" tid="0" ts="1736976250.927" 
configname="/etc/powerdns/recursor.conf"

solution:
manually removed this line from the generated config:
lua_config_file: /etc/powerdns/config.lua

After these config changes recursor started again.

best regards,
Christoph