Re: [Pdns-users] DNSSEC was copy of SIDN presentation yesterday
Hi all, I did some test with DNSSEC at this weekend. PowerDNS can serve the Records but it answered with out RRSIG/NSEC records if the DO Flag is set (dig +dnssec). Also zone2sql seems cant parse signed zones. Instead of type 'NSEC' it deliver '#47'. Regards Marco On Fri, Jun 19, 2009 at 02:42:49PM +0200, Frank Louwers wrote: On 19 Jun 2009, at 14:27, bert hubert wrote: (message in Dutch about a Dutch presentation about DNS) Hallo allemaal, Zoals recent aangekondigd is er op de SIDN relatiedag een presentatie geweest over DNS, waar ik enkele van jullie ook ontmoet heb! Bert, Thank you for the presentation. I wasn't at the SIDN day, because it was dns.be 10th anniversary party :) They announced that they (and eurid, which is basically the same software) will implement dnssec this fall. Any idea how soon dnssec would be implemented in pdns? Regards, Frank De presentatie is te vinden op http://ds9a.nl/tmp/powerdns-sidn-presentatie.pdf Groeten, Bert Hubert -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users Marco Schrieck Bereichsleiter Entwicklung -- InterNetX GmbH Maximilianstr. 6 93047 Regensburg Germany Tel: +49 941 59559-0 Fax: +49 941 59579-050 Geschäftsführer/CEO: Thomas Mörz Amtsgericht Regensburg, HRB 7142 ICQ: 232016987 GPG-Key: 0xB44D5EAE GPG-Fingerprint: 8285 3373 9776 E21A 94B1 38B1 2E52 D28C B44D 5EAE signature.asc Description: Digital signature ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Wildcard Bug or Feature?
Hello, our PowerDNS crashed today. It was the first time we had this, we're running PowerDNS since 5 years. # pdns_server --version Version: 2.9.22, compiled on Mar 10 2009, 12:13:17 with gcc version 4.3.2 daemon.log shows: Jun 22 08:49:03 zoidberg pdns[28234]: 5039 questions waiting for database attention. Limit is 5000, respawning Jun 22 08:49:09 zoidberg pdns[28234]: Domain abc.de is fresh Jun 22 08:49:09 zoidberg pdns[28234]: Got a signal 11, attempting to print trace: Jun 22 08:49:10 zoidberg pdns[28234]: Domain def.de is fresh Jun 22 08:49:10 zoidberg pdns[28234]: Domain ghi.com is fresh Jun 22 08:49:10 zoidberg pdns[28234]: /usr/sbin/pdns_server-instance [0x4779ae] Jun 22 08:49:10 zoidberg pdns[28234]: /lib/libc.so.6 [0x2ae4397f3f60] Jun 22 08:49:10 zoidberg pdns[28234]: /usr/sbin/pdns_server-instance(_ZN5boost11multi_index6detail13ordered_indexINS0_13composite_keyIN11PacketCache10CacheEntryENS0_6memberIS5_SsXadL_ZNS5_5qnameENS6_IS5_tXadL_ZNS5_5qtypeENS6_IS5_tXadL_ZNS5_5ctypeENS6_IS5_iXadL_ZNS5_6zoneIDENS6_IS5_bXadL_ZNS5_15meritsRecursionENS_6tuples9null_typeESD_SD_SD_SD_EENS0_21composite_key_compareI24CIBackwardsStringCompareSt4lessItESI_SH_IiESH_IbESD_SD_SD_SD_SD_EENS1_9nth_layerILi1ES5_NS0_10indexed_byINS0_14ordered_uniqueISE_SL_N4mpl_2naEEENS0_9sequencedINS0_3tagISQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_SQ_EESaIS5_EEENS_3mpl7vector0ISQ_EENS1_18ordered_unique_tagEE10link_pointERKNS0_20composite_key_resultISE_EERNS13_9link_infoES12_+0x2a0) [0x45ca10] Jun 22 08:49:10 zoidberg pdns[28234]: /usr/sbin/pdns_server-instance(_ZN11PacketCache6insertERKSsRK5QTypeNS_14CacheEntryTypeES1_jib+0x161) [0x457641] Jun 22 08:49:10 zoidberg pdns[28234]: /usr/sbin/pdns_server-instance(_ZN12UeberBackend11addOneCacheERKNS_8QuestionERK17DNSResourceRecord+0x9d) [0x4800cd] Jun 22 08:49:10 zoidberg pdns[28234]: /usr/sbin/pdns_server-instance(_ZN12UeberBackend3getER17DNSResourceRecord+0x153) [0x4804b3] Jun 22 08:49:10 zoidberg pdns[28234]: /usr/sbin/pdns_server-instance(_ZN13PacketHandler11makeCanonicEP9DNSPacketS1_RSs+0x10d) [0x44401d] Jun 22 08:49:10 zoidberg pdns[28234]: /usr/sbin/pdns_server-instance(_ZN13PacketHandler17questionOrRecurseEP9DNSPacketPb+0xe05) [0x449715] Jun 22 08:49:10 zoidberg pdns[28234]: /usr/sbin/pdns_server-instance(_ZN13PacketHandler8questionEP9DNSPacket+0x20) [0x44b850] Jun 22 08:49:10 zoidberg pdns[28234]: /usr/sbin/pdns_server-instance(_ZN11DistributorI9DNSPacketS0_13PacketHandlerE10makeThreadEPv+0x152) [0x4a8a52] Jun 22 08:49:10 zoidberg pdns[28234]: /lib/libpthread.so.0 [0x2ae4395acfc7] Jun 22 08:49:10 zoidberg pdns[28234]: /lib/libc.so.6(clone+0x6d) [0x2ae4398915ad] Best regards, Mario ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] 2.9.22 compile problem with ldap
Hello, We have an SRPM for 2.9.21.2 that compiles fine. We are trying to update the package to 2.9.22. In doing so we ran into an issue with configure not being able to find ldap. So, trying it straight (without rpmbuild) and manually running config, we get the same error. Now this only happens on x86_64. It works fine on 32bit. The OS is CentOS 5.2/5.3 ./configure --with-modules= --with-dynmodules=ldap --enable-recursor ... checking for ldap_set_option in -lldap_r... no checking for ldap_set_option in -lldap... no configure: error: ldap library (libldap) not found Reverting back to 2.9.21.2, it compiles fine. Obvisouly ldap is installed. [r...@build x86_64 pdns-2.9.22]$ ls -l /usr/lib/libldap* lrwxrwxrwx 1 root root 21 Jun 19 18:28 /usr/lib/libldap-2.3.so.0 - libldap-2.3.so.0.2.15 -rwxr-xr-x 1 root root 238544 Jul 9 2008 /usr/lib/libldap-2.3.so.0.2.15 -rw-r--r-- 1 root root 387540 Jul 9 2008 /usr/lib/libldap.a lrwxrwxrwx 1 root root 21 Jun 20 07:25 /usr/lib/libldap.so - libldap-2.3.so.0.2.15 lrwxrwxrwx 1 root root 23 Jun 19 18:28 /usr/lib/libldap_r-2.3.so.0 - libldap_r-2.3.so.0.2.15 -rwxr-xr-x 1 root root 255636 Jul 9 2008 /usr/lib/libldap_r-2.3.so.0.2.15 -rw-r--r-- 1 root root 424552 Jul 9 2008 /usr/lib/libldap_r.a lrwxrwxrwx 1 root root 23 Jun 20 07:25 /usr/lib/libldap_r.so - libldap_r-2.3.so.0.2.15 [r...@build x86_64 pdns-2.9.22]$ ls -l /usr/lib64/libldap* lrwxrwxrwx 1 root root 21 Jun 19 18:49 /usr/lib64/libldap-2.3.so.0 - libldap-2.3.so.0.2.15 -rwxr-xr-x 1 root root 238504 Jul 9 2008 /usr/lib64/libldap-2.3.so.0.2.15 -rw-r--r-- 1 root root 478330 Jul 9 2008 /usr/lib64/libldap.a lrwxrwxrwx 1 root root 21 Jun 20 07:25 /usr/lib64/libldap.so - libldap-2.3.so.0.2.15 lrwxrwxrwx 1 root root 23 Jun 19 18:49 /usr/lib64/libldap_r-2.3.so.0 - libldap_r-2.3.so.0.2.15 -rwxr-xr-x 1 root root 256720 Jul 9 2008 /usr/lib64/libldap_r-2.3.so.0.2.15 -rw-r--r-- 1 root root 526432 Jul 9 2008 /usr/lib64/libldap_r.a lrwxrwxrwx 1 root root 23 Jun 20 07:25 /usr/lib64/libldap_r.so - libldap_r-2.3.so.0.2.15 Any ideas? ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PDNS Newbie Config File Questions
Hello All, Would you kindly provide your expertise on the following? 1) What are the most important features/configuration options to enable/configure in PDNS before using it and how best are these configuration options done? 2) Is there a 'newbie' intro to PDNS that clearly and comprehensively explains how best to use PDNS? The online manual for PDNS presumes, IMO, one know much more about the software than those who've never used it--and only configured DNS on preconfigured servers with BIND installed, would know. 3) What have you learned about PDNS that you wished you had known when you first started using it that you think I should know, avoid, enable, configure, etc.? I look forward to your solutions-oriented answers. Thank you. Sasha ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PDNS Newbie Config File Questions
On Mon, Jun 22, 2009 at 02:46:59PM -0400, SashaB wrote: Hello All, Would you kindly provide your expertise on the following? 1) What are the most important features/configuration options to enable/configure in PDNS before using it and how best are these configuration options done? 2) Is there a 'newbie' intro to PDNS that clearly and comprehensively explains how best to use PDNS? The online manual for PDNS presumes, IMO, one know much more about the software than those who've never used it--and only configured DNS on preconfigured servers with BIND installed, would know. 3) What have you learned about PDNS that you wished you had known when you first started using it that you think I should know, avoid, enable, configure, etc.? I look forward to your solutions-oriented answers. Thank you. Sasha Dear Sasha, Please read through the well written PDNS documentation. You will need to focus on the information specific to your host OS and database backend choice. Most of the other settings described in the manual have a reasonable default and can be ignored by a novice. Problems in general experienced by beginning PDNS users involve a lack of understanding of the actual DNS spec. and how DNS functions, and not so much with particular knowledge on PDNS. Good luck and welcome to the PDNS community. Ken ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] 2.9.22 compile problem with ldap
On Mon, Jun 22, 2009 at 7:41 PM, Gary Smithg...@primeexalia.com wrote: Hello, We have an SRPM for 2.9.21.2 that compiles fine. We are trying to update the package to 2.9.22. In doing so we ran into an issue with configure not being able to find ldap. So, trying it straight (without rpmbuild) and manually running config, we get the same error. Now this only happens on x86_64. It works fine on 32bit. The OS is CentOS 5.2/5.3 ./configure --with-modules= --with-dynmodules=ldap --enable-recursor Can you try '--with-modules=ldap' instead of dynmodules? This problem does smell a bit of multilib issues. Bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Possible DNS DOS?
*Jun 22 09:09:41 dns1 pdns[10957]: /usr/sbin/pdns_server-instance(_ZN12UeberBackend11addNegCacheERKNS_8QuestionE+0x8e) [0x80c32de]* *Jun 22 09:09:41 dns1 pdns[10957]: /usr/sbin/pdns_server-instance(_ZN12UeberBackend3getER17DNSResourceRecord+0x12f) [0x80c351f]* After this entry PDNS is down and stays down. We have not experienced problems like this (and I managed dns servers with 100k+ of domains so a lot of queries there). But I am curious does the guardian not restart it automagicly? Or does the guardian even run at all? As for me the guardian keeps on respawning until forever or until the problem is fixed. Not that that happens a lot and is usually because the database is (intentionally) down. Apart from this we monitor all systems with nagios. Through an event handler it can also restart services. Cheers, Pascal ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PDNS performance comparison to BIND
Hello, I have tested PDNS performance (configuration below). A zone transfer of 100 000 records takes ~ 10 s using either MySQL or file backends. However Bind can make it in ~ 1 s (file-stored records). I have read the pdns manual chap.9 and tested the distributor-threads, cache-ttl and query-cache-ttl settings without a change in the performance. How can the performance be improved? Thank you for suggestions, Jan Configuration: - Fedora Core 9 - MySQL 5.0.77 - PDNS 2.9.22, compiled with gcc version 4.2.4 - DiG 9.5.0-P2 - pdns.conf: defaults + launch=gmysql gmysql-host=127.0.0.1 gmysql-user=kelb gmysql-password= gmysql-dbname=npdb negquery-cache-ttl=600 query-cache-ttl=600 wildcards=no -- Ing. Jan Rudinsky RD Centre (RDC) for Mobile Applications Czech Technical University in Prague Cesnet z.s.p.o. rudi...@fel.cvut.cz http://www.linkedin.com/in/rudinsky ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PDNS performance comparison to BIND
On Tue, Jun 23, 2009 at 2:05 AM, Jan Rudinskyrudi...@fel.cvut.cz wrote: Hello, I have tested PDNS performance (configuration below). A zone transfer of 100 000 records takes ~ 10 s using either MySQL or file backends. However Bind can make it in ~ 1 s (file-stored records). Hi Jan, We've never really optimised the zone transfer performance of PowerDNS because it has not really been an important use case so far. Are you measuring an incoming zonetransfer? Our outgoing? It may very well be than an outgoing one is pretty slow. Is it important to you? We could change PowerDNS if needed. Bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Possible DNS DOS?
On Tue, Jun 23, 2009 at 12:27 AM, Chris Modesittch...@veracitycom.net wrote: What I have been seeing recently show up in the logs is: Jun 22 09:09:38 dns1 pdns[10948]: 5003 questions waiting for database attention. Limit is 5000, respawning This is very consistent with a (brief) spike in queries. Jun 22 09:09:41 dns1 pdns[10957]: Got a signal 11, attempting to print trace: Jun 22 09:09:41 dns1 pdns[10957]: /usr/sbin/pdns_server-instance [0x80ba397] Jun 22 09:09:41 dns1 pdns[10957]: [0xb7f83400] Jun 22 09:09:41 dns1 pdns[10957]: /usr/sbin/pdns_server-instance(_ZN5boost11multi_index6detail13ordered_indexINS0_13composite_keyIN11PacketCache10CacheEntryENS0_6memberIS5_SsXadL_ZNS5_5qnameENS6_IS5_tXadL_ This is the second message in two days reporting a crash in this place. Something interesting must be going on there, will look into it. After this entry PDNS is down and stays down. If you see this happening again, can you check if all PowerDNS processes are gone, or if one is 'hanging around', preventing a restart? So a couple of questions for the group, I already have a wire shark up doing a long term capture (so I can see what is being sent at the server). However is there a way PDNS can email/notify when it dies and does not come back? Also what type of information/logging should I be enabling the system to further diagnose or troubleshoot the issue? Other messages had good suggestions, in general I'd advise to run monitoring tools that provide graphs of query rates. Another trick is to run PowerDNS like this: # while true; do pdns_server --daemon=no ; done But this really should not be necessary of course. I'm looking into the crash. Bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
