Re: [Pdns-users] another crash
On Wed, May 04, 2011 at 01:56:41PM +0400, Vasiliy G Tolstov wrote: On Wed, 2011-05-04 at 13:04 +0400, Vasiliy G Tolstov wrote: On Tue, 2011-05-03 at 22:45 +0400, Vasiliy G Tolstov wrote: hello. some new crash, but very minimal debug =( pdns from 64 bit rpm: pdns-static-3.0rc2.20110427.2187-1 Another dead: Some new error, but with debug info: So this is an error and not a crash? Can you allow 82.94.213.34 to AXFR stren.su? May 4 13:55:54 ns2 pdns[26664]: Unable to parse record during incoming AXFR of 'stren.su' (MOADNSException): Error parsing packet of 735 bytes (rd=0), out of bounds: vector::_M_range_check -- PowerDNS Website: http://www.powerdns.com/ PowerDNS Community Website: http://wiki.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] strange lock after some time after start
On Thu, Apr 28, 2011 at 11:20:42PM +0400, Vasiliy G Tolstov wrote: On Tue, 2011-04-26 at 19:15 +0400, Vasiliy G Tolstov wrote: Hello =). Any progress about this problem? This reproduced always if i restart master and do notify for all zones in cycle o slave... Vasiliy, Can you confirm that the server itself works but that the controlsocket shuts down? Are you in a chroot? Bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Questions on powerdnssec
Hi All, Few questions on using PowerDNSsec - using the latest RPM build (20110509.2190-1) in our IPv6 labs. Fundamentally - PDNS auth, Bind Recursor and Win7 client behind router, all dual stacked. Firstly, when using an external server as a recursor; can this be an IPv6 host ? I have the auth server forwarding to bind for any recursive queries, this works when I specify the bind IPv4 address, but not the IPv6 address. Both queries work fine if querying bind from the pdns server directly using dig on ipv4 or ipv6. Secondly, when using powerdns secure-zone and the gmysql backend, I`m guessing rectify-zone must be ran whenever any records are created to resign the zone. This being the case, does this lead to having a hidden master (ie: non publicly accessable) host or db in order to be slightly more secure [making the running of the signing process hidden] ? Finally, Is there any documentation of the validity length of the keys, or do these rollover automatically ? Bert as you thought, this build this resolves the issue I had with mysql going away and the server taking a while to reconnect. Its serving records from the cache just fine. Thanks Chris Knowledge I.T. 'Unifying Business Technology' www.knowledgeit.co.uk Knowledge Limited, Company Registration: 1554385 Registered Office: New Century House, Crowther Road, Washington, Tyne Wear. NE38 0AQ Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR Tel: 0845 142 0020. Fax: 0845 142 0021 E-Mail Disclaimer: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages to clients of Knowledge IT may contain information that is confidential and legally privileged. Please do not read, copy, forward, or store this message unless you are an intended recipient of it. If you have received this message in error, please forward it to the sender and delete it completely from your computer system. Please consider the environment before printing this email. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Questions on powerdnssec
On Mon, May 09, 2011 at 02:24:05PM +0100, Chris Russell wrote: Firstly, when using an external server as a recursor; can this be an IPv6 host ? I have the auth server forwarding to bind for any recursive queries, this works when I specify the bind IPv4 address, but not the IPv6 address. Both queries work fine if querying bind from the pdns server directly using dig on ipv4 or ipv6. As of 2191 (now building) this can be IPv6 too. Odd that we missed it! Secondly, when using powerdns secure-zone and the gmysql backend, I`m guessing rectify-zone must be ran whenever any records are created to resign the zone. This being the case, does this lead to having a hidden master (ie: non publicly accessable) host or db in order to be slightly more secure [making the running of the signing process hidden] ? There is no need to run rectify zone each time, as long as 'auth' and 'ordername' are filled out correctly. This is detailed in http://doc.powerdns.com/dnssec-modes.html#dnssec-direct-database A hidden master is indeed more secure since it separates the server from the keying material. Finally, Is there any documentation of the validity length of the keys, or do these rollover automatically ? The keys remain where they are, unless you roll them over. http://doc.powerdns.com/powerdnssec.html explains the idea behind this, where you have 'active' and 'passive' keys. http://doc.powerdns.com/dnssec-operational-doctrine.html#zsk-rollover also has some sample command lines. It appears there is very little benefit to automated key rollovers (unlike say automated signature rollovers, which are very necessary). Bert as you thought, this build this resolves the issue I had with mysql going away and the server taking a while to reconnect. Its serving records from the cache just fine. Great to hear! Bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] another crash
On Mon, 2011-05-09 at 10:43 +0200, bert hubert wrote: On Wed, May 04, 2011 at 01:56:41PM +0400, Vasiliy G Tolstov wrote: On Wed, 2011-05-04 at 13:04 +0400, Vasiliy G Tolstov wrote: On Tue, 2011-05-03 at 22:45 +0400, Vasiliy G Tolstov wrote: hello. some new crash, but very minimal debug =( pdns from 64 bit rpm: pdns-static-3.0rc2.20110427.2187-1 Another dead: Some new error, but with debug info: So this is an error and not a crash? Can you allow 82.94.213.34 to AXFR stren.su? May 4 13:55:54 ns2 pdns[26664]: Unable to parse record during incoming AXFR of 'stren.su' (MOADNSException): Error parsing packet of 735 bytes (rd=0), out of bounds: vector::_M_range_check Yes. And in this moment i test it and it work's fine. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] strange lock after some time after start
On Mon, 2011-05-09 at 11:00 +0200, bert hubert wrote: On Thu, Apr 28, 2011 at 11:20:42PM +0400, Vasiliy G Tolstov wrote: On Tue, 2011-04-26 at 19:15 +0400, Vasiliy G Tolstov wrote: Hello =). Any progress about this problem? This reproduced always if i restart master and do notify for all zones in cycle o slave... Vasiliy, Can you confirm that the server itself works but that the controlsocket shuts down? It work's, but not respond to all notify responses from master. But yes - for all zones from it database ii response normal. Are you in a chroot? Bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] strange lock after some time after start
On Mon, 2011-05-09 at 19:06 +0400, Vasiliy G Tolstov wrote: On Mon, 2011-05-09 at 11:00 +0200, bert hubert wrote: On Thu, Apr 28, 2011 at 11:20:42PM +0400, Vasiliy G Tolstov wrote: On Tue, 2011-04-26 at 19:15 +0400, Vasiliy G Tolstov wrote: Hello =). Any progress about this problem? This reproduced always if i restart master and do notify for all zones in cycle o slave... Vasiliy, Can you confirm that the server itself works but that the controlsocket shuts down? It work's, but not respond to all notify responses from master. But yes - for all zones from it database ii response normal. Now it not respond to any queries. CLient side: vase@mobile ~ $ dig @ns2.clodo.ru lis.ru ANY ; DiG 9.7.2-P3 @ns2.clodo.ru lis.ru ANY ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached Server side: [root@ns2 ~]# strace -ff -v -p 19019 Process 19019 attached with 25 threads - interrupt to quit [pid 9682] futex(0xf04220, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 9676] futex(0xf04220, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 9664] futex(0xf04220, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 9663] futex(0xf04220, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 9662] futex(0xf04220, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 9661] futex(0xf04220, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 9660] futex(0xf04180, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19060] futex(0x2b898020, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19057] futex(0xf04180, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19054] futex(0xf04180, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19051] futex(0xf04180, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19048] futex(0x2b898020, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19045] futex(0x2b898020, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19042] futex(0xf04180, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19039] futex(0xf04180, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19036] futex(0xf04180, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19033] futex(0xf04180, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19030] futex(0xf04180, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19029] poll([{fd=6, events=POLLIN}], 1, -1 unfinished ... [pid 19024] futex(0xf04180, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19023] futex(0x2b898020, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19022] futex(0x2b898020, FUTEX_WAIT_PRIVATE, 2, NULL unfinished ... [pid 19021] read(0, unfinished ... [pid 19020] recvfrom(8, unfinished ... [pid 19019] futex(0x2b8987c059e0, FUTEX_WAIT, 19060, NULL And nothing more from strace ... Are you in a chroot? No, i'm not in chroot. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users