[Pdns-users] rec_control show-yaml experience

Otto Moerbeek otto at drijf.net
Fri Jan 17 06:54:19 UTC 2025 

Hellko,

thanks for your post, it gives me the opportunity to clarify a few things.

First: rec_control show-yaml is not intended for full automatic conversion,
it's an aid for the admin.

Some more comments inline below.

On Wed, Jan 15, 2025 at 11:05:39PM +0100, Christoph via Pdns-users wrote:

> Hi,
> 
> I want to share my experience when trying to upgrade from recursor 5.1 to
> 5.2 on debian 12 using the powerdns repo.
> 
> Maybe it is of use for others running into the same problems.
> 
> After reading
> https://docs.powerdns.com/recursor/upgrade.html
> https://docs.powerdns.com/recursor/appendices/yamlconversion.html
> 
> I used 'rec_control show-yaml' to migrate to the new config format.
> 
> after the conversion and the version upgrade to 5.2.0
> recursor failed to start with this error:
> 
> "YAML config found, but error occurred processing it" error="duplicate field
> `dnssec` at line 2 column 1" subsystem="config" level="0" prio="Error"
> tid="0" ts="1736975704.921" configname="/etc/powerdns/recursor.conf"
> 
> 
> # content of /etc/powerdns/config.lua:
> zoneToCache(".", "axfr", "193.0.14.129")
> 
> 
> --------------------------
> converted config file using 'rec_control show-yaml'
> --------------------------
> # Start of converted recursor.yml based on recursor.conf
> dnssec:
>   aggressive_nsec_cache_size: 0
>   log_bogus: false
>   validation: validate
> incoming:
>   allow_from:
>   - '127.0.0.0/8'
>   - '109.70.100.0/24'
>   edns_padding_from:
>   - '127.0.0.0/8'
>   - '109.70.100.0/24'
>   edns_padding_mode: padded-queries-only
>   listen:
>   - '127.0.0.1:54'
>   - '109.70.100.125:53'
>   - '109.70.100.136:53'
>   max_concurrent_requests_per_tcp_connection: 1000
>   pdns_distributes_queries: false
> logging:
>   common_errors: false
>   loglevel: 3
>   quiet: true
>   rpz_changes: false
>   structured_logging: false
>   timestamp: true
> nod:
>   tracking: false
> outgoing:
>   max_busy_dot_probes: 5
>   source_address:
>   - '109.70.100.125'
>   - '2a03:e600:100::178'
> packetcache:
>   max_entries: 500000
> recordcache:
>   max_entries: 10000000
>   refresh_on_ttl_perc: 10
> recursor:
>   config_dir: /etc/powerdns
>   extended_resolution_errors: true
>   lua_config_file: /etc/powerdns/config.lua
>   nothing_below_nxdomain: dnssec
>   qname_minimization: true
>   setgid: pdns
>   setuid: pdns
>   threads: 16
>   version_string: PowerDNS Recursor
> webservice:
>   address: '127.0.0.1'
>   allow_from:
>   - '127.0.0.1'
>   - ::1
>   loglevel: normal
>   password: <removed>
>   webserver: true
> # Validation result: OK
> # End of converted recursor.conf
> #
> # Start of converted Lua config .yml based on /etc/powerdns/config.lua
> dnssec:
>   trustanchors: []
> recordcache:
>   zonetocaches:
>   - zone: '.'
>     method: axfr
>     sources:
>     - '193.0.14.129'
> # Validation result: OK
> # End of converted /etc/powerdns/config.lua
> #
> 
> ---------------------------------------------------------
> 
> I'm not sure why the second 'dnssec:' section appears in the file because
> the config.lua has no dnssec lines. To solve this I removed that second
> dnssec section manually from the generated config file.

rec_control show-yaml lists the two sections, one based on the main
file and one for the original Lua config items with the intend these
end up in separate config files. A single file cannot have duplicate
entries, multiple files (using an include dir) are merged according to
the rules described in
https://docs.powerdns.com/recursor/yamlsettings.html#merging-multiple-setting-files

If you want to have a single config file, a hand-merge of the output of
show-yaml by the admin is needed.
> 
> next error:
> 
> msg="YAML config found, but error occurred processing it" error="duplicate
> field `recordcache` at line 2 column 1"
> 
> solution:
> merged the zonetocache lines from the duplicate recordcache section the the
> first one.

See comment above.

> 
> next error:
> 
> msg="YAML settings include values originally in Lua but also sets
> `recursor.lua_config_file`. This is unsupported" subsystem="config"
> level="0" prio="Error" tid="0" ts="1736976250.927"
> configname="/etc/powerdns/recursor.conf"
> 
> solution:
> manually removed this line from the generated config:
> lua_config_file: /etc/powerdns/config.lua

A YAML config file *can* be used with a Lua config file, but you have
to choose one of the methods. Either all config is in YAML form, or it
must contain no config items originally found in the Lua config file.

See second note in
https://docs.powerdns.com/recursor/yamlsettings.html#powerdns-recursor-new-style-yaml-settings.

 -Otto

> 
> After these config changes recursor started again.
> 
> best regards,
> Christoph
> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list