Hello, 4.7.0 introduced (optional) GSS-TSIG support. Even with that support not compiled in will report about GSS-TSIG requests it could not handle. That might generate too much log spam, will discuss if this message should stay, maybe the level should be Debug. There is also a typo there: an extra `not'.
So what happens is that the server sees GSS-TSIG enabled requests but is not prepared to deal with them. Do you have clients or other servers that send these GSS-TSIG enabled queries? As for the failing SOA retrieval: does the primary log anything why it isn't willing to serve the SOA? Perhaps a packet capture will shed some light on why the SOA retrieval fails. Increasin the loglevel might also help. -Otto On Thu, Oct 27, 2022 at 11:07:29AM +0000, Giorgio Lardone via Pdns-users wrote: > Dear all, > after updating my secondary PowerDNS to version 4.7, I see a myriad of these > messages in the syslog: > > "pdns_server[7658]: GSS-TSIG request but not feature not compiled in" > > and > > "pdns_server[7658]: Unable to retrieve SOA for domainname.tld, this was the > first time. NOTE: For every subsequent failed SOA check the domain will be > suspended from freshness checks for 'num-errors x 60 seconds', with a maximum > of 3600 seconds. Skipping SOA checks until 1666868614" > > What do you think they depend on? > > Thanks for your opinion, > Giorgio > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users