Re: [Pdns-users] Serial lagging in authoritative 4.2.2 using native MySQL sync from 4.1.13
Upgrdading all pdns authoritative servers to 4.2.2 fixed the issue. Still, I think this is a bug or undocumented feature, because the pdns settings were same, the SQL database was synced and still pdns authoritative 4.1.13 and 4.4.2.2 replied different serials. With best regards, -- Cristian Seres ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Serial lagging in authoritative 4.2.2 using native MySQL sync from 4.1.13
Hi Christian, On 5/15/20 4:03 PM, Cristian Seres via Pdns-users wrote: > they seem to match: > [...] I did some digging and found out the behaviour for INCEPTION-INCREMENT changed between 4.1 and 4.2 (in 4.2.0-alpha1) in commit f613d242[1] in PR #4547[3]. As we'd increase the SOA serial by 2 instead of 1 (#2377[2]). Your setup (only native zones, different PowerDNS versions *and* default-soa-edit set) indeed shows the issue and fixed solution :). I recommend upgrading to 4.1.13 to 4.2.2, or even 4.3. Note that 4.3 requires a schema update that is backwards compatible with 4.2 and 4.1. I hope this clears up the confusion. Best regards, Pieter 1 - https://github.com/PowerDNS/pdns/commit/f613d2420ab805c2bc6295d1a544e278a047ee0e 2 - https://github.com/PowerDNS/pdns/pull/4547 3 - https://github.com/PowerDNS/pdns/issues/2377 -- Pieter Lexis PowerDNS.COM BV -- https://www.powerdns.com ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Serial lagging in authoritative 4.2.2 using native MySQL sync from 4.1.13
Pieter Lexis via Pdns-users wrote: Can you check the default-soa-edit* settings between the different instances? A difference might explain this, as the SOA serials in the database and (unrelated) metadata match. Hi Pieter, they seem to match: [ns1 ~]$ sudo pdns_control current-config|grep default-soa-edit # default-soa-edit Default SOA-EDIT value default-soa-edit=INCEPTION-INCREMENT # default-soa-edit-signed Default SOA-EDIT value for signed zones default-soa-edit-signed= [ns2 pdns]# sudo pdns_control current-config|grep default-soa-edit # default-soa-edit Default SOA-EDIT value default-soa-edit=INCEPTION-INCREMENT # default-soa-edit-signed Default SOA-EDIT value for signed zones default-soa-edit-signed= [ns3 ~]$ sudo pdns_control current-config|grep default-soa-edit # default-soa-edit Default SOA-EDIT value default-soa-edit=INCEPTION-INCREMENT # default-soa-edit-signed Default SOA-EDIT value for signed zones default-soa-edit-signed= With best regards, -- Cristian Seres ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Serial lagging in authoritative 4.2.2 using native MySQL sync from 4.1.13
Hi Christian, On 5/14/20 3:20 PM, Cristian Seres via Pdns-users wrote: > one of three authoritative name servers (ns3) which uses authoritative > version 4.2.2 gives older serial number than the other two which use > version 4.1.13. Can you check the default-soa-edit* settings between the different instances? A difference might explain this, as the SOA serials in the database and (unrelated) metadata match. Cheers, Pieter -- Pieter Lexis PowerDNS.COM BV -- https://www.powerdns.com ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Serial lagging in authoritative 4.2.2 using native MySQL sync from 4.1.13
Otto Moerbeek wrote: On Thu, May 14, 2020 at 04:20:46PM +0300, Cristian Seres via Pdns-users wrote: AFAIK, if you are using native replication, the type of your zone should be native and not master. Sorry, my mistake in the email, this test domain is actually native: MariaDB [powerdns]> select * from domains where name like '%testxyz%'; +-+-++++-+-+ | id | name| master | last_check | type | notified_serial | account | +-+-++++-+-+ | 265 | testxyz || NULL | NATIVE |NULL | | +-+-++++-+-+ 1 row in set (0.00 sec) Actually we do have several domains with MASTER together native MySQL sync, because a third party non-PowerDNS DNS server is also serving some of our DNSSEC enabled domains with anycast. That is also why we have master=yes only_notify= also_notify=[list,of,third-party,dns,servers] in all PowerDNS servers. With best regards, -- Cristian Seres ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Serial lagging in authoritative 4.2.2 using native MySQL sync from 4.1.13
On Thu, May 14, 2020 at 04:20:46PM +0300, Cristian Seres via Pdns-users wrote: > Hi, > > one of three authoritative name servers (ns3) which uses authoritative > version 4.2.2 gives older serial number than the other two which use version > 4.1.13. > > MySQL sync is working properly and as far as I can see, databases are > identical. Also executing pdns-util increase-serial on the main server did > not correct the situation, the version 4.2.2 is still one step behind in > serial. > > All have default-soa-edit=INCEPTION-INCREMENT. The type if MASTER. I also > tried to comment out default-soa-edit on ns3, but after that, the serial was > two steps behind. AFAIK, if you are using native replication, the type of your zone should be native and not master. -Otto > > Is there a setting that can be used to fix this mismatch or is the only way > to upgrade all to 4.2.2 level? > > I have created a test zone on the servers. Here is some more information: > > # dig +short -t soa testxyz @ns1.contrasec.fi > ns1.contrasec.fi. domain.contrasec.fi. 2020051405 10800 3600 604800 3600 > # dig +short -t soa testxyz @ns3.contrasec.fi > ns1.contrasec.fi. domain.contrasec.fi. 2020051404 10800 3600 604800 3600 > > > ns1: > > # rpm -q pdns > pdns-4.1.13-1pdns.el7.x86_64 > > MariaDB [powerdns]> select * from domainmetadata where domain_id=265; > +-+---+--+-+ > | id | domain_id | kind | content | > +-+---+--+-+ > | 835 | 265 | SOA-EDIT-API | INCEPTION-INCREMENT | > +-+---+--+-+ > 1 row in set (0.00 sec) > > MariaDB [powerdns]> select * from records where domain_id=265; > ++---+-+--++---+--+-+--+---+--+ > | id | domain_id | name| type | content > | ttl | prio | change_date | disabled | ordername | auth | > ++---+-+--++---+--+-+--+---+--+ > | 439369 | 265 | testxyz | CAA | 0 issue "letsencrypt.org" > | 3600 |0 |NULL | 0 | |1 | > | 439370 | 265 | testxyz | CAA | 0 issuewild "letsencrypt.org" > | 3600 |0 |NULL | 0 | |1 | > | 439371 | 265 | testxyz | NS | ns1.contrasec.fi > | 86400 |0 |NULL | 0 | |1 | > | 439372 | 265 | testxyz | NS | ns2.contrasec.fi > | 86400 |0 |NULL | 0 | |1 | > | 439373 | 265 | testxyz | NS | ns3.contrasec.fi > | 86400 |0 |NULL | 0 | |1 | > | 439374 | 265 | testxyz | TXT | "v=spf1 -all" > | 3600 |0 |NULL | 0 | |1 | > | 439375 | 265 | testxyz | SOA | ns1.contrasec.fi domain.contrasec.fi > 2020051403 10800 3600 604800 3600 | 86400 |0 | NULL |0 | > |1 | > ++---+-+--++---+--+-+--+---+--+ > 7 rows in set (0.00 sec) > > > > ns3: > > # rpm -q pdns > pdns-4.2.2-1pdns.el8.x86_64 > > MariaDB [powerdns]> select * from domainmetadata where domain_id=265; > +-+---+--+-+ > | id | domain_id | kind | content | > +-+---+--+-+ > | 835 | 265 | SOA-EDIT-API | INCEPTION-INCREMENT | > +-+---+--+-+ > 1 row in set (0.001 sec) > > MariaDB [powerdns]> select * from records where domain_id=265; > ++---+-+--++---+--+-+--+---+--+ > | id | domain_id | name| type | content > | ttl | prio | change_date | disabled | ordername | auth | > ++---+-+--++---+--+-+--+---+--+ > | 439369 | 265 | testxyz | CAA | 0 issue "letsencrypt.org" > | 3600 |0 |NULL | 0 | |1 | > | 439370 | 265 | testxyz | CAA | 0 issuewild "letsencrypt.org" > | 3600 |0 |NULL | 0 | |1 | > | 439371 | 265 | testxyz | NS | ns1.contrasec.fi > | 86400 |0 |NULL | 0 | |1 | > | 439372 | 265 | testxyz | NS | ns2.contrasec.fi > | 86400 |0 |NULL | 0 | |1 | > | 439373 | 265 | testxyz | NS | ns3.contrasec.fi > | 86400 |0 |NULL | 0 | |1 | > | 439374 | 265 | testxyz | TXT | "v=spf1 -all" > | 3600 |0 |
[Pdns-users] Serial lagging in authoritative 4.2.2 using native MySQL sync from 4.1.13
Hi, one of three authoritative name servers (ns3) which uses authoritative version 4.2.2 gives older serial number than the other two which use version 4.1.13. MySQL sync is working properly and as far as I can see, databases are identical. Also executing pdns-util increase-serial on the main server did not correct the situation, the version 4.2.2 is still one step behind in serial. All have default-soa-edit=INCEPTION-INCREMENT. The type if MASTER. I also tried to comment out default-soa-edit on ns3, but after that, the serial was two steps behind. Is there a setting that can be used to fix this mismatch or is the only way to upgrade all to 4.2.2 level? I have created a test zone on the servers. Here is some more information: # dig +short -t soa testxyz @ns1.contrasec.fi ns1.contrasec.fi. domain.contrasec.fi. 2020051405 10800 3600 604800 3600 # dig +short -t soa testxyz @ns3.contrasec.fi ns1.contrasec.fi. domain.contrasec.fi. 2020051404 10800 3600 604800 3600 ns1: # rpm -q pdns pdns-4.1.13-1pdns.el7.x86_64 MariaDB [powerdns]> select * from domainmetadata where domain_id=265; +-+---+--+-+ | id | domain_id | kind | content | +-+---+--+-+ | 835 | 265 | SOA-EDIT-API | INCEPTION-INCREMENT | +-+---+--+-+ 1 row in set (0.00 sec) MariaDB [powerdns]> select * from records where domain_id=265; ++---+-+--++---+--+-+--+---+--+ | id | domain_id | name| type | content | ttl | prio | change_date | disabled | ordername | auth | ++---+-+--++---+--+-+--+---+--+ | 439369 | 265 | testxyz | CAA | 0 issue "letsencrypt.org" | 3600 |0 |NULL | 0 | |1 | | 439370 | 265 | testxyz | CAA | 0 issuewild "letsencrypt.org" | 3600 |0 |NULL | 0 | |1 | | 439371 | 265 | testxyz | NS | ns1.contrasec.fi | 86400 |0 |NULL | 0 | |1 | | 439372 | 265 | testxyz | NS | ns2.contrasec.fi | 86400 |0 |NULL | 0 | |1 | | 439373 | 265 | testxyz | NS | ns3.contrasec.fi | 86400 |0 |NULL | 0 | |1 | | 439374 | 265 | testxyz | TXT | "v=spf1 -all" | 3600 |0 |NULL | 0 | |1 | | 439375 | 265 | testxyz | SOA | ns1.contrasec.fi domain.contrasec.fi 2020051403 10800 3600 604800 3600 | 86400 |0 | NULL |0 | |1 | ++---+-+--++---+--+-+--+---+--+ 7 rows in set (0.00 sec) ns3: # rpm -q pdns pdns-4.2.2-1pdns.el8.x86_64 MariaDB [powerdns]> select * from domainmetadata where domain_id=265; +-+---+--+-+ | id | domain_id | kind | content | +-+---+--+-+ | 835 | 265 | SOA-EDIT-API | INCEPTION-INCREMENT | +-+---+--+-+ 1 row in set (0.001 sec) MariaDB [powerdns]> select * from records where domain_id=265; ++---+-+--++---+--+-+--+---+--+ | id | domain_id | name| type | content | ttl | prio | change_date | disabled | ordername | auth | ++---+-+--++---+--+-+--+---+--+ | 439369 | 265 | testxyz | CAA | 0 issue "letsencrypt.org" | 3600 |0 |NULL | 0 | |1 | | 439370 | 265 | testxyz | CAA | 0 issuewild "letsencrypt.org" | 3600 |0 |NULL | 0 | |1 | | 439371 | 265 | testxyz | NS | ns1.contrasec.fi | 86400 |0 |NULL | 0 | |1 | | 439372 | 265 | testxyz | NS | ns2.contrasec.fi | 86400 |0 |NULL | 0 | |1 | | 439373 | 265 | testxyz | NS | ns3.contrasec.fi
