Hi, We've been running RPZ with powerdns recursor for a while. The RPZ zone is hosted on a BIND server, and slaved to the recursors using lua rpzMaster().
This has worked fine, but when rebooting the servers last wednesday, one of the recursors failed to slave the zone during startup. The surprising thing is that it then proceeded to NOT retry the transfer. When we discovered the problem and restarted the recursor daemon, it immediately slaved the zone and has been working perfectly again. As far as I can see from logs and uptime, the BIND RPZ host was available when the problematic server rebooted. Logs (slightly redacted) : Jan 24 16:06:56 dnscache101 pdns_recursor[2071]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2. Jan 24 16:06:56 dnscache101 pdns_recursor[2071]: Reading random entropy from '/dev/urandom' Jan 24 16:06:56 dnscache101 pdns_recursor[2071]: Enabling IPv6 transport for outgoing queries Jan 24 16:06:56 dnscache101 pdns_recursor[2071]: Loading RPZ zone 'aaa.bbb.ntnu.no' from [2001:700:300:aaaa::bbbb]:53 Jan 24 16:06:56 dnscache101 pdns_recursor[2071]: With TSIG key 'transfer' of algorithm 'hmac-md5' Jan 24 16:06:56 dnscache101 pdns_recursor[2071]: Unable to load RPZ zone 'aaa.bbb.ntnu.no' from '2001:700:300:aaaa::bbbb': connect: Network is unreachable Jan 24 16:06:56 dnscache101 pdns_recursor[2071]: Done parsing 68 allow-from ranges from file '/etc/powerdns/recursor.allow' - overriding 'allow-from' setting This is during bootup of the server, and knowing Ubuntu, I wouldn't be at all surprised if the network wasn't /completely/ available at this point. Questions: Is this expected behaviour, assuming that if the RPZ master isn't available during startup, you've probably misconfigured something and there's no point trying again? Otherwise, could this be changed to retrying again in X minutes? Powerdns recursor version was 4.1.0. Is this perhaps already fixed in 4.1.1? (I didn't see anything indicating that in the changelog). As said, this immediately started working again when restarting the recursor daemon. It failed in this way only on one of three similarly configured servers. Thanks, Øystein _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users