[Pdns-users] Error with pdns v3.0 RC3 with LDAP backend - queries return wrong results after backend connection is lost and re-established
Hi, This (most probably) has to do with the fix of Ticket #260. I noticed that in case pdns loses contact with the backend ldap server, when it recovers, it no more returns correct results to DNS queries. For some hosts it returns only A record, for others only record and in some cases no record at all (no SERVFAIL notice; both A and records are defined). After a pdns-server restart, the problem no more occurs (until there is a disconnect with ldap server again). Initially I thought it had to do with LDAP server issues and I tried slapindex, but this did not correct the problem. I see this behavior consistently (always) when connection with ldap server is lost and re-established and is always solved when pdns-server is restarted (and only then). Please advise. Thanks, Nick ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] IPv4 and IPv6 sockets at the same time
Hello, Try this: local-address=127.0.0.1 local-ipv6=::1 there is no option local-ipv6 in pdns recursor: http://doc.powerdns.com/built-in-recursor.html local-address=::1,127.0.0.1 is partially working: pdns listens on ::1 and 127.0.0.1. But it only answers on 127.0.0.1, not ::1 when both ip addresses are specified. Could someone please try running pdns recursor with this config file: setuid=pdns setgid=pdns local-address=::1,127.0.0.1 max-negative-ttl=5 allow-from=0.0.0.0/0 You can also use local-address=127.0.0.1,::1 order doesn't seem to change the symptom. # netstat -plntu | grep 53 tcp0 0 127.0.0.1:530.0.0.0:* LISTEN 673/pdns_recursor tcp0 0 ::1:53 :::* LISTEN 673/pdns_recursor udp0 0 127.0.0.1:530.0.0.0:* 673/pdns_recursor udp0 0 ::1:53 :::* 673/pdns_recursor So pdns recursor is definetely binding to the sockets as specified. But if you do a dig google.com @::1 you won't get any answer (at least I don't on a CentOS 5 system with firewalls disabled for testing). dig google.com @127.0.0.1 does work however. Should I file a bug report? Kind regards Marten ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] IPv4 and IPv6 sockets at the same time
On Thu, Jul 21, 2011 at 01:47:31PM +0200, Marten Lehmann wrote: Should I file a bug report? This might be a variant of http://wiki.powerdns.com/trac/ticket/209 Could you open a new bug and reference 209 in the description? Thanks! We're all very busy with 3.0 auth right now, but the recursor will get some attention soon too. Bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS cannot bind - address family problem --
Hello, My PowerDNS cannot bind Logs Jul 20 17:35:41 ns1 pdns[1308]: Guardian is launching an instance Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to 127.0.0.1:53 Jul 20 17:35:41 ns1 pdns[1308]: *Fatal error: Unable to acquire a UDPv6 socket: * *Address family not supported by protocol* Jul 20 17:35:42 ns1 pdns[1218]: Our pdns instance exited with code 1 root@ns1:~# ifconfig -a lo loLink encap:Boucle locale inet adr:127.0.0.1 Masque:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:10124424 errors:0 dropped:0 overruns:0 frame:0 TX packets:10124424 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:2553866141 (2.3 GiB) TX bytes:2553866141 (2.3 GiB) *No Ipv6 is set...* *How can I disable ipv6? * Best Regards and have a nice day! Kim ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS cannot bind - address family problem --
On Thu, Jul 21, 2011 at 3:23 PM, kim Doff kimd...@gmail.com wrote: Hello, Hello, My PowerDNS cannot bind Logs Jul 20 17:35:41 ns1 pdns[1308]: Guardian is launching an instance Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to 127.0.0.1:53 Jul 20 17:35:41 ns1 pdns[1308]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol Jul 20 17:35:42 ns1 pdns[1218]: Our pdns instance exited with code 1 root@ns1:~# ifconfig -a lo lo Link encap:Boucle locale inet adr:127.0.0.1 Masque:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:10124424 errors:0 dropped:0 overruns:0 frame:0 TX packets:10124424 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:2553866141 (2.3 GiB) TX bytes:2553866141 (2.3 GiB) No Ipv6 is set... How can I disable ipv6? Am i assuming correctly that in your pdns.conf there is a like like the following? local-ipv6=xxx.xxx.xxx.xxx:53 commenting it out will make PowerDNS not try to bind to it. Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS cannot bind - address family problem ---
Hello Stefan, Thanks for your reply. Yes I have #local-ipv6=::1 #query-local-address6=::1 But I keep receiving this error message Jul 21 02:48:12 ns1 pdns[7904]: Respawning Jul 21 02:48:13 ns1 pdns[8005]: Guardian is launching an instance Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to 127.0.0.1:53 Jul 21 02:48:13 ns1 pdns[8005]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol Jul 21 02:48:14 ns1 pdns[7904]: Our pdns instance exited with code 1 Jul 21 02:48:14 ns1 pdns[7904]: Respawning Jul 21 02:48:15 ns1 pdns[8026]: Guardian is launching an instance Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to 127.0.0.1:53 Jul 21 02:48:15 ns1 pdns[8026]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol Jul 21 02:48:16 ns1 pdns[7904]: Our pdns instance exited with code 1 Jul 21 02:48:16 ns1 pdns[7904]: Respawning On Thu, Jul 21, 2011 at 8:15 AM, Stefan Schmidt zaph...@zaphods.net wrote: On Thu, Jul 21, 2011 at 3:23 PM, kim Doff kimd...@gmail.com wrote: Hello, Hello, My PowerDNS cannot bind Logs Jul 20 17:35:41 ns1 pdns[1308]: Guardian is launching an instance Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to 127.0.0.1:53 Jul 20 17:35:41 ns1 pdns[1308]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol Jul 20 17:35:42 ns1 pdns[1218]: Our pdns instance exited with code 1 root@ns1:~# ifconfig -a lo loLink encap:Boucle locale inet adr:127.0.0.1 Masque:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:10124424 errors:0 dropped:0 overruns:0 frame:0 TX packets:10124424 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:2553866141 (2.3 GiB) TX bytes:2553866141 (2.3 GiB) No Ipv6 is set... How can I disable ipv6? Am i assuming correctly that in your pdns.conf there is a like like the following? local-ipv6=xxx.xxx.xxx.xxx:53 commenting it out will make PowerDNS not try to bind to it. Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] IPv4 and IPv6 sockets at the same time
Hello, This might be a variant of http://wiki.powerdns.com/trac/ticket/209 Could you open a new bug and reference 209 in the description? no, I've found the problem: Line 123 in pdns_recursor.cc defines the default allow-from rules: #define LOCAL_NETS 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 So as long as I'm not defining my own allow-from rules the defaults are used, which work fine for IPv4 and IPv6 in local nets. But as my goal was to have the recursor listen on a public IPv4 address (e.g. 71.72.73.74) as well as on a local IPv6 address (::1) my allow-from rule 0.0.0.0/0 was not sufficient, since it granted IPv4 access from everywhere but at the same time replaced the default rules thus removing the permissions to answer to local IPv6 requests. So the correct rule in my situation would be: allow-from=::1/128,0.0.0.0/0 or allow-from=::0/0,0.0.0.0/0 if I'd like to grant access through IPv6 from everywhere. Could you please add such IPv6 examples in the documentation at http://doc.powerdns.com/built-in-recursor.html? I guess it would be helpful for others experimenting with IPv6. Thanks. Kind regards Marten ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.
.. and I hope the answer is RTFM, but... I`m looking to push out PDNS as our new primary auth servers and also with DNS-SEC, however only on certain zones. (Essentially to allow 2 migrations, one to PDNS then one to enable DNS-SEC). It is possible for pdnssec to also server non auth zones ? if so, how :) Using pdns-static-3.0rc3.20110719.2239-1, fairly standard options (gmysql-dnssec) - with the auth field set to 0, I can return an SOA, but no A records for non auth domains. Cheers Chris Knowledge I.T. ‘Unifying Business Technology’ www.knowledgeit.co.uk Knowledge Limited, Company Registration: 1554385 Registered Office: New Century House, Crowther Road, Washington, Tyne Wear. NE38 0AQ Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR Tel: 0845 142 0020. Fax: 0845 142 0021 E-Mail Disclaimer: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages to clients of Knowledge IT may contain information that is confidential and legally privileged. Please do not read, copy, forward, or store this message unless you are an intended recipient of it. If you have received this message in error, please forward it to the sender and delete it completely from your computer system. Please consider the environment before printing this email. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] IPv4 and IPv6 sockets at the same time
Hi Martin, Actually, as a confirm, we have allow_from set specifically too. So +1 to it being the local nets. Cheers Chris Line 123 in pdns_recursor.cc defines the default allow-from rules: #define LOCAL_NETS 127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 Knowledge I.T. 'Unifying Business Technology' www.knowledgeit.co.uk Knowledge Limited, Company Registration: 1554385 Registered Office: New Century House, Crowther Road, Washington, Tyne Wear. NE38 0AQ Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR Tel: 0845 142 0020. Fax: 0845 142 0021 E-Mail Disclaimer: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages to clients of Knowledge IT may contain information that is confidential and legally privileged. Please do not read, copy, forward, or store this message unless you are an intended recipient of it. If you have received this message in error, please forward it to the sender and delete it completely from your computer system. Please consider the environment before printing this email. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] STL error Creating local resolver socket for ::: Address family not supported by protocol
Hello, Could somebody please help me? I have this: local-address=xxx.xxx.xxx.xxx,127.0.0.1 #local-ipv6=::1 #query-local-address6=::1 Jul 21 02:48:12 ns1 pdns[7904]: Respawning Jul 21 02:48:13 ns1 pdns[8005]: Guardian is launching an instance Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to 127.0.0.1:53 *Jul 21 02:48:13 ns1 pdns[8005]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol* Jul 21 02:48:14 ns1 pdns[7904]: Our pdns instance exited with code 1 Jul 21 02:48:14 ns1 pdns[7904]: Respawning Jul 21 02:48:15 ns1 pdns[8026]: Guardian is launching an instance Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to 127.0.0.1:53 Jul 21 02:48:15 ns1 pdns[8026]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol Jul 21 02:48:16 ns1 pdns[7904]: Our pdns instance exited with code 1 Jul 21 02:48:16 ns1 pdns[7904]: Respawning Jul 21 02:51:39 ns1 pdns[17792]: Guardian is launching an instance Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to 127.0.0.1:53 Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to 127.0.0.1:53 Jul 21 02:51:39 ns1 pdns[17792]: Chrooted to './' Jul 21 02:51:39 ns1 pdns[17792]: DNS Proxy launched, local port 29105, remote 127.0.0.1:1553 Jul 21 02:51:39 ns1 pdns[17792]: Creating backend connection for TCP Jul 21 02:51:39 ns1 pdns[17792]: Master/slave communicator launching Jul 21 02:51:39 ns1 pdns[17792]: Launched webserver on 127.0.0.1:8081 *Jul 21 02:51:39 ns1 pdns[17792]: Communicator thread died because of STL error: Creating local resolver socket for ::: Address family not supported by protocol* Jul 21 02:51:40 ns1 pdns[17641]: Our pdns instance exited with code 0 Jul 21 02:51:40 ns1 pdns[17641]: Respawning ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] STL error Creating local resolver socket for ::: Address family not supported by protocol -
Yes, I have something as you said so xxx.xxx.xxx.xxx is an IPv4 address like local-address=200.100.63.15,127.0.0.1 #local-ipv6=::1 #query-local-address6=::1 On Thu, Jul 21, 2011 at 9:44 AM, kim Doff kimd...@gmail.com wrote: Hello, Could somebody please help me? I have this: local-address=xxx.xxx.xxx.xxx,127.0.0.1 #local-ipv6=::1 #query-local-address6=::1 Jul 21 02:48:12 ns1 pdns[7904]: Respawning Jul 21 02:48:13 ns1 pdns[8005]: Guardian is launching an instance Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to 127.0.0.1:53 *Jul 21 02:48:13 ns1 pdns[8005]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol* Jul 21 02:48:14 ns1 pdns[7904]: Our pdns instance exited with code 1 Jul 21 02:48:14 ns1 pdns[7904]: Respawning Jul 21 02:48:15 ns1 pdns[8026]: Guardian is launching an instance Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to 127.0.0.1:53 Jul 21 02:48:15 ns1 pdns[8026]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol Jul 21 02:48:16 ns1 pdns[7904]: Our pdns instance exited with code 1 Jul 21 02:48:16 ns1 pdns[7904]: Respawning Jul 21 02:51:39 ns1 pdns[17792]: Guardian is launching an instance Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to 127.0.0.1:53 Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to 127.0.0.1:53 Jul 21 02:51:39 ns1 pdns[17792]: Chrooted to './' Jul 21 02:51:39 ns1 pdns[17792]: DNS Proxy launched, local port 29105, remote 127.0.0.1:1553 Jul 21 02:51:39 ns1 pdns[17792]: Creating backend connection for TCP Jul 21 02:51:39 ns1 pdns[17792]: Master/slave communicator launching Jul 21 02:51:39 ns1 pdns[17792]: Launched webserver on 127.0.0.1:8081 *Jul 21 02:51:39 ns1 pdns[17792]: Communicator thread died because of STL error: Creating local resolver socket for ::: Address family not supported by protocol* Jul 21 02:51:40 ns1 pdns[17641]: Our pdns instance exited with code 0 Jul 21 02:51:40 ns1 pdns[17641]: Respawning ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.
On Thu, Jul 21, 2011 at 4:43 PM, Chris Russell chris.russ...@knowledgeit.co.uk wrote: .. and I hope the answer is RTFM, but... I`m looking to push out PDNS as our new primary auth servers and also with DNS-SEC, however only on certain zones. (Essentially to allow 2 migrations, one to PDNS then one to enable DNS-SEC). It is possible for pdnssec to also server non auth zones ? if so, how :) Using pdns-static-3.0rc3.20110719.2239-1, fairly standard options (gmysql-dnssec) - with the auth field set to 0, I can return an SOA, but no A records for non auth domains. I am not sure what you mean by 'auth zone'. You can run non DNSSEC zones alongside DNSSEC signed ones no problem, PowerDNS will default to non-DNSSEC operation for a Zone if it doesn't find any key material or option for it in the backend. Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.
Hi Stefan, Thanks for the reply. Sorry for the confusion. I think option for dns-sec in the backend is the key here, because I have this set, as I want to serve some dns-sec zones but not all. Essentially, PDNS, with Mysql Backend (only), and I`m trying to serve dns-sec, and non dns-sec zones. launch=gmysql gmysql-dnssec Set in pdns.conf. In the database: Domains: | 6 | wibble.com | NULL | NULL | NATIVE | NULL | NULL| ++--++++-+-+ mysql select * from records where domain_id=6; +-+---+-+--+--+---+--+-+---+--+ | id | domain_id | name| type | content | ttl | prio | change_date | ordername | auth | +-+---+-+--+--+---+--+-+---+--+ | 694 | 6 | wibble.com | SOA | ns1.server.co.uk hostmaster.server.net 2011011702 10800 3600 1209600 86400 | 86400 |0 | NULL | |0 | | 695 | 6 | mail.wibble.com | A| 1.1.1.1 | 86400 |0 | NULL | |0 | | 696 | 6 | wibble.com | NS | ns1.server.co.uk | 86400 |0 | NULL | |0 | So I have name server (ns1.server.co.uk is the physical server), SOA and an A record. The auth field (for DNS-SEC is 0) However results from dig: [root@ns1 ~]# dig wibble.com @localhost SOA ; DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 wibble.com @localhost SOA ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 18174 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;wibble.com.IN SOA ;; ANSWER SECTION: wibble.com. 86400 IN SOA ns1.server.co.uk hostmaster.server.net 2011011702 10800 3600 1209600 86400 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jul 21 17:22:56 2011 ;; MSG SIZE rcvd: 101 So, no issues with the SOA, but the A [root@ns1 ~]# dig mail.wibble.com @localhost A ; DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 mail.wibble.com @localhost A ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 57290 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.wibble.com. IN A ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jul 21 17:28:20 2011 ;; MSG SIZE rcvd: 33 And in the logs: Jul 21 17:25:19 ns1 pdns[14821]: Should not get here (mail.wibble.com|1): please run pdnssec rectify-zone wibble.com Im guessing as I have gmysql-dnssec set, its assuming all zones are DNS-SEC enabled. So the question then becomes, can I run 2 gmysql backends, one for sec one for not. Docs don't really tell me this, especially preferably in the same database. Cheers Chris -Original Message- From: pdns-users-boun...@mailman.powerdns.com [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of Stefan Schmidt I am not sure what you mean by 'auth zone'. You can run non DNSSEC zones alongside DNSSEC signed ones no problem, PowerDNS will default to non-DNSSEC operation for a Zone if it doesn't find any key material or option for it in the backend. Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users Knowledge I.T. ‘Unifying Business Technology’ www.knowledgeit.co.uk Knowledge Limited, Company Registration: 1554385 Registered Office: New Century House, Crowther Road, Washington, Tyne Wear. NE38 0AQ Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR Tel: 0845 142 0020. Fax: 0845 142 0021 E-Mail Disclaimer: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages to clients of Knowledge IT may contain information that is confidential and legally privileged. Please do not read, copy, forward, or store this message unless you are an intended recipient of it. If you have received this message in error, please forward it to the sender and delete it completely from your computer system. Please consider the environment before printing this email. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.
As an addendum, also tried multi launch with the same issue specifying dnssec on one launch: launch=gmysql:sec,gmysql:nonsec gmysql-sec-dnssec gmysql-sec-host=127.0.0.1 gmysql-sec-user=x gmysql-sec-dbname=y gmysql-sec-password=z gmysql-nonsec-host=127.0.0.1 gmysql-nonsec-user=x gmysql-nonsec-dbname=y gmysql-nonsec-password=z Have to be missing something silly here. Cheers Chris -Original Message- From: pdns-users-boun...@mailman.powerdns.com [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of Chris Russell Sent: 21 July 2011 17:38 To: zaph...@zaphods.net Cc: pdns-users@mailman.powerdns.com Subject: Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec. Hi Stefan, Thanks for the reply. Sorry for the confusion. I think option for dns-sec in the backend is the key here, because I have this set, as I want to serve some dns-sec zones but not all. Essentially, PDNS, with Mysql Backend (only), and I`m trying to serve dns-sec, and non dns-sec zones. launch=gmysql gmysql-dnssec Set in pdns.conf. In the database: Domains: | 6 | wibble.com | NULL | NULL | NATIVE | NULL | NULL| ++--++++-+-+ mysql select * from records where domain_id=6; +-+---+-+--+--+---+--+-+---+--+ | id | domain_id | name| type | content | ttl | prio | change_date | ordername | auth | +-+---+-+--+--+---+--+-+---+--+ | 694 | 6 | wibble.com | SOA | ns1.server.co.uk hostmaster.server.net 2011011702 10800 3600 1209600 86400 | 86400 |0 | NULL | |0 | | 695 | 6 | mail.wibble.com | A| 1.1.1.1 | 86400 |0 | NULL | |0 | | 696 | 6 | wibble.com | NS | ns1.server.co.uk | 86400 |0 | NULL | |0 | So I have name server (ns1.server.co.uk is the physical server), SOA and an A record. The auth field (for DNS-SEC is 0) However results from dig: [root@ns1 ~]# dig wibble.com @localhost SOA ; DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 wibble.com @localhost SOA ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 18174 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;wibble.com.IN SOA ;; ANSWER SECTION: wibble.com. 86400 IN SOA ns1.server.co.uk hostmaster.server.net 2011011702 10800 3600 1209600 86400 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jul 21 17:22:56 2011 ;; MSG SIZE rcvd: 101 So, no issues with the SOA, but the A [root@ns1 ~]# dig mail.wibble.com @localhost A ; DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 mail.wibble.com @localhost A ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 57290 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.wibble.com. IN A ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jul 21 17:28:20 2011 ;; MSG SIZE rcvd: 33 And in the logs: Jul 21 17:25:19 ns1 pdns[14821]: Should not get here (mail.wibble.com|1): please run pdnssec rectify-zone wibble.com Im guessing as I have gmysql-dnssec set, its assuming all zones are DNS-SEC enabled. So the question then becomes, can I run 2 gmysql backends, one for sec one for not. Docs don't really tell me this, especially preferably in the same database. Cheers Chris -Original Message- From: pdns-users-boun...@mailman.powerdns.com [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of Stefan Schmidt I am not sure what you mean by 'auth zone'. You can run non DNSSEC zones alongside DNSSEC signed ones no problem, PowerDNS will default to non-DNSSEC operation for a Zone if it doesn't find any key material or option for it in the backend. Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users Knowledge I.T. ‘Unifying Business Technology’ www.knowledgeit.co.uk Knowledge Limited, Company Registration: 1554385 Registered Office: New Century House, Crowther Road, Washington, Tyne Wear. NE38 0AQ Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR Tel: 0845 142 0020. Fax: 0845 142 0021 E-Mail Disclaimer: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages to clients of Knowledge IT may
Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(n on) sec + sec.
Hi stefan Have Dns sec working without issue its the non sec which isn't R Thanks Chris --- original message --- From: Stefan Schmidt zaph...@zaphods.net Subject: Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec. Date: 21st July 2011 Time: 6:21:57 pm On Thu, Jul 21, 2011 at 6:46 PM, Chris Russell chris.russ...@knowledgeit.co.uk wrote: As an addendum, also tried multi launch with the same issue specifying dnssec on one launch: launch=gmysql:sec,gmysql:nonsec gmysql-sec-dnssec ... Have to be missing something silly here. I'm not sure if it makes any difference but this works for me with gmysql-priv-dnssec=yes Something equally silly would be if you were missing the tables necessary for DNSSEC operations as specified at http://doc.powerdns.com/generic-mypgsql-backends.html#id479879 where it says To support or migrate to DNSSEC, the following SQL statements must be executed. Is your table structure 'DNSSEC-ready'? for mail. the ordername should be 'mail' although as you are not querying with +dnssec i don't think PowerDNS would bother. what does a `pdnssec show-zone wobble.com` say? Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users Knowledge I.T. ‘Unifying Business Technology’ www.knowledgeit.co.uk Knowledge Limited, Company Registration: 1554385 Registered Office: New Century House, Crowther Road, Washington, Tyne Wear. NE38 0AQ Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR Tel: 0845 142 0020. Fax: 0845 142 0021 E-Mail Disclaimer: This e-mail message is intended to be received only by persons entitled to receive the confidential information it may contain. E-mail messages to clients of Knowledge IT may contain information that is confidential and legally privileged. Please do not read, copy, forward, or store this message unless you are an intended recipient of it. If you have received this message in error, please forward it to the sender and delete it completely from your computer system. Please consider the environment before printing this email. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.
On Thu, Jul 21, 2011 at 6:38 PM, Chris Russell chris.russ...@knowledgeit.co.uk wrote: So the question then becomes, can I run 2 gmysql backends, one for sec one for not. Docs don't really tell me this, especially preferably in the same database. Ah sorry i didn't read all the way down to your question. No you cannot. The reason for that is that backends are exhausted for zone content in the order in which they are specified in the launch statement and the for loop breaks after the first backend answers something else than 'i don't know', so the first to answer 'wins' one could say. This means that your 'sec' backend will always answer first for the content of the database. However you don't need to serve the data via a dedicated 'sec' and 'non sec' backend as even if dnssec is enabled for a backend PowerDNS will still serve that domain without dnssec perfectly normal. Please compare the output of dig soa zaphods.net @mandelbrot.zaphods.net +norec to dig soa zaphods.net @mandelbrot.zaphods.net +norec +dnssec Enabling DNSSEC for a domain does not mean that a name server will cease serving regular DNS content and protocol, it just means that it will respond differently when 'DNSSEC OK' (DO) bit is set for a query. Running `pdnssec rectify-zone wibble.com` will just add the 'mail' to the ordername column of your records table btw. With DNSSEC in non-narrow mode you need to run this whenever you change a record. I suspect running it might already solve your problem. Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Odd Recursor/Authoritative problem with a private domain
Hello to all on the list! I'm seeing something kind of weird in our DNS setup, and was hoping I could bounce it off all of you to see if I could get some input. First off, structure of our system: 6 Recursor servers, sitting behind a Foundry Load balancer, running pdns-recursor version 3.3-1 from the RPMs provided by PowerDNS 6 Authoritative servers, also sitting behind a Foundry Load balancer, running pdns-static-2.9.22-1 from the RPMs provided by PowerDNS Other than the below problem, the setup works wonderfully. On to the problem. We set up a private zone named gnint.prv within our authoritative DNS servers to provide for private hostnames on our backend network (using 10.1.20.0/255.255.252.0). Within our recursors, we put the following into our config: forward-zones-file=/etc/powerdns/stub-zone.conf and within the stub-zone.conf file, we have the following: gnint.prv=66.152.94.11, 66.152.94.12, 66.152.94.13 10.in-addr.arpa=66.152.94.11, 66.152.94.12, 66.152.94.13 The IP's referenced in the stub-zone.conf file are our load balancer IP's that split across all 6 authoritative servers. When I try to do a lookup of an address I have defined within the gnint.prv domain using the linux host command, I get the following: $ host gn-ldap01.gnint.prv gn-ldap01.gnint.prv has address 10.1.20.1 Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN) Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN) Notice that I get 2 NXDOMAIN responses along with the valid response. This is what bugs me, because I think this causes *some* machines to fail to resolve the hostname. If I try some other domain against the recursors, I only see one answer: $ host www.gammanetworking.com www.gammanetworking.com has address 66.152.94.25 Of course, this would not be working thru the stub-zone.conf facility, but instead looking up via whois record. Also, interesting to note that reverse DNS lookups do not show a similar problem: $ host 10.1.20.1 1.20.1.10.in-addr.arpa domain name pointer gn-ldap01.gnint.prv. Does anyone have any ideas on what I'm missing? Jeremy ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Odd Recursor/Authoritative problem with a private domain
On Thu, Jul 21, 2011 at 8:00 PM, Jeremy Utley p...@gammanetworking.com wrote: gnint.prv=66.152.94.11, 66.152.94.12, 66.152.94.13 10.in-addr.arpa=66.152.94.11, 66.152.94.12, 66.152.94.13 ... $ host gn-ldap01.gnint.prv gn-ldap01.gnint.prv has address 10.1.20.1 Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN) Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN) Are those machines maybe using some kind of asynchronous dns library? If you do a dig @IP gn-ldap01.gnint.prv for each of your loadbalancer IPs does it show NXDOMAIN somewhere? Also worth trying: Does ping gn-ldap01.gnint.prv work every time? Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] When I enable master, It opens issues with ipv6
Hello, Could somebody help me? My PowerDNS is working fine, but When I enable *master=yes* in pdns.conf It will open issues with ipv6 as shown on logs I have this: pdns.conf *local-address=xxx.xxx.xxx.xxx,127.0.0.1* *#local-ipv6=::1* *#query-local-address6=::1* *xxx.xxx.xxx.xxx is an IPv4 ip like 200.100.63.15* Jul 21 02:48:12 ns1 pdns[7904]: Respawning Jul 21 02:48:13 ns1 pdns[8005]: Guardian is launching an instance Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to 127.0.0.1:53 Jul 21 02:48:13 ns1 pdns[8005]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol Jul 21 02:48:14 ns1 pdns[7904]: Our pdns instance exited with code 1 Jul 21 02:48:14 ns1 pdns[7904]: Respawning Jul 21 02:48:15 ns1 pdns[8026]: Guardian is launching an instance Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to 127.0.0.1:53 Jul 21 02:48:15 ns1 pdns[8026]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol Jul 21 02:48:16 ns1 pdns[7904]: Our pdns instance exited with code 1 Jul 21 02:48:16 ns1 pdns[7904]: Respawning Jul 21 02:51:39 ns1 pdns[17792]: Guardian is launching an instance Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to 127.0.0.1:53 Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to 127.0.0.1:53 Jul 21 02:51:39 ns1 pdns[17792]: Chrooted to './' Jul 21 02:51:39 ns1 pdns[17792]: DNS Proxy launched, local port 29105, remote127.0.0.1:1553 Jul 21 02:51:39 ns1 pdns[17792]: Creating backend connection for TCP Jul 21 02:51:39 ns1 pdns[17792]: Master/slave communicator launching Jul 21 02:51:39 ns1 pdns[17792]: Launched webserver on 127.0.0.1:8081 Jul 21 02:51:39 ns1 pdns[17792]: Communicator thread died because of STL error: Creating local resolver socket for ::: Address family not supported by protocol Jul 21 02:51:40 ns1 pdns[17641]: Our pdns instance exited with code 0 Jul 21 02:51:40 ns1 pdns[17641]: Respawning ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Odd Recursor/Authoritative problem with a private domain
On 7/21/2011 1:14 PM, Stefan Schmidt wrote: On Thu, Jul 21, 2011 at 8:00 PM, Jeremy Utleyp...@gammanetworking.com wrote: gnint.prv=66.152.94.11, 66.152.94.12, 66.152.94.13 10.in-addr.arpa=66.152.94.11, 66.152.94.12, 66.152.94.13 ... $ host gn-ldap01.gnint.prv gn-ldap01.gnint.prv has address 10.1.20.1 Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN) Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN) Are those machines maybe using some kind of asynchronous dns library? Not to my knowledge. The machines are bog standard CentOS 5.6 machines, using the stock host command that comes with CentOS (bind-utils-9.3.6-16.P1.el5 package). If you do a dig @IP gn-ldap01.gnint.prv for each of your loadbalancer IPs does it show NXDOMAIN somewhere? No it does not, running dig against both the recursors and the authoritative, whether going thru the load balancer, or directly to the machines, no NXDOMAIN responses are given. Also worth trying: Does ping gn-ldap01.gnint.prv work every time? It's erratic. I have seen pings fail due to failure to resolve the hostname, other times it works just fine. Jeremy ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] When I enable master, It opens issues with ipv6
Oops. Botched the list address. On Thu, 21 Jul 2011, Charles Sprickman wrote: On Thu, 21 Jul 2011, kim Doff wrote: Hello Charles, Hello, please keep traffic on the list so everyone can see the replies. Could you please help me? My PowerDNS 3.0 on Debian 6.0.2/ 64 bits is working fine, but When I enable master=yes in pdns.conf It will open issues with ipv6 as shown on logs http://old.nabble.com/startup-fails-when-%22master%3Dyes%22-tc31696172.html Even if you don't need IPv6, you need to have an IPv6 loopback or link-local IP. From the linked thread: PowerDNS really wants IPv6 enabled. Charles Errors: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol and Communicator thread died because of STL error: Creating local resolver socket for ::: Address family not supported by protocol I have this: pdns.conf #local-address=0.0.0.0 local-address=xxx.xxx.xxx.xxx,127.0.0.1 #local-ipv6=::1 #query-local-address6=::1 local-port=53 xxx.xxx.xxx.xxx is an IPv4 ip like 200.100.63.15 Jul 21 02:48:12 ns1 pdns[7904]: Respawning Jul 21 02:48:13 ns1 pdns[8005]: Guardian is launching an instance Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to 127.0.0.1:53 Jul 21 02:48:13 ns1 pdns[8005]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol Jul 21 02:48:14 ns1 pdns[7904]: Our pdns instance exited with code 1 Jul 21 02:48:14 ns1 pdns[7904]: Respawning Jul 21 02:48:15 ns1 pdns[8026]: Guardian is launching an instance Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to 127.0.0.1:53 *Jul 21 02:48:15 ns1 pdns[8026]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol* Jul 21 02:48:16 ns1 pdns[7904]: Our pdns instance exited with code 1 Jul 21 02:48:16 ns1 pdns[7904]: Respawning Jul 21 02:51:39 ns1 pdns[17792]: Guardian is launching an instance Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to 127.0.0.1:53 Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to 127.0.0.1:53 Jul 21 02:51:39 ns1 pdns[17792]: Chrooted to './' Jul 21 02:51:39 ns1 pdns[17792]: DNS Proxy launched, local port 29105, remote 127.0.0.1:1553 Jul 21 02:51:39 ns1 pdns[17792]: Creating backend connection for TCP Jul 21 02:51:39 ns1 pdns[17792]: Master/slave communicator launching Jul 21 02:51:39 ns1 pdns[17792]: Launched webserver on 127.0.0.1:8081 *Jul 21 02:51:39 ns1 pdns[17792]: Communicator thread died because of STL error: Creating local resolver socket for ::: Address family not supported by protocol* Jul 21 02:51:40 ns1 pdns[17641]: Our pdns instance exited with code 0 Jul 21 02:51:40 ns1 pdns[17641]: Respawning ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.
Hi Chris, On Thu, Jul 21, 2011 at 8:57 PM, Chris Russell chris.russ...@knowledgeit.co.uk wrote: I think I've confused the issue with the two backends, I actually set this up as a test as running with one wasn't working. To back to the original issue, I have PDNSsec + DNS-SEC + ipv6 working flawlessly, without issues. However, for other reasons I need to serve zones where I don't wish to have any signing information in the database for this zone. This means I don't want to run secure-zone or rectify-zone instead keep that zone DNS-SEC free. Essentially configuring DNS-SEC on a zone by zone basis. That is the default and afaik only way PowerDNS works. The problem is, I can push records into the DB as per a standard unsigned zone, but pdnssec will not serve these records only the SOA. So can pdnssec serve unsigned zones where no DNS-SEC related records exist when the g-mysql backend is set to gmysql-dnssec ? Alright so i think we're getting closer to the culprit. You will need to have the auth field set to '1' i.e. True for most if not all records Documentation [1] says: The 'auth' field should be set to '1' for data for which is itself authoritative, which includes the SOA record and its own NS records. The 'auth' field should be 0 however for NS records which are used for delegation, and also for any glue (A, ) records present for this purpose. Do note that the DS record for a secure delegation should be authoritative! And that works for me. Even so you are not serving DNSSEC signed zone data i think when setting dnssec to on for a backend PowerDNS will just assume that if the auth field is there and is '0' or False that it does not need to serve this as authoritative data. Or am I stuck with PDNS serving DNS-SEC enabled zones, OR non DNS-SEC enabled zones but not both :-/ Nope, definitely not. This usually just works. dig a foo.zaphods.org @mandelbrot.zaphods.net +norec +dnssec ; DiG 9.7.3 a foo.zaphods.org @mandelbrot.zaphods.net +norec +dnssec ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 7345 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 2800 ;; QUESTION SECTION: ;foo.zaphods.org. IN A ;; ANSWER SECTION: foo.zaphods.org.3600IN A 127.0.0.1 ;; Query time: 54 msec ;; SERVER: 217.197.86.168#53(217.197.86.168) ;; WHEN: Thu Jul 21 21:12:26 2011 ;; MSG SIZE rcvd: 60 mysql select * from dns_record where domain_id=778; +-+---+-+--+--+--+--+-+-+---+--+ | id | domain_id | name| type | content | ttl | prio | description | dynamic | ordername | auth | +-+---+-+--+--+--+--+-+-+---+--+ | 7448641 | 778 | zaphods.org | NS | chiyoda.zaphods.net | 3600 |0 | NULL| 0 | |1 | | 7448642 | 778 | zaphods.org | NS | mandelbrot.zaphods.net | 3600 |0 | NULL| 0 | | 1 | | 7448643 | 778 | zaphods.org | NS | shinagawa.zaphods.net | 3600 |0 | NULL| 0 | |1 | | 7448644 | 778 | zaphods.org | NS | taito.zaphods.net | 3600 |0 | NULL| 0 | |1 | | 7448645 | 778 | zaphods.org | SOA | mandelbrot.zaphods.net hostmas...@zaphods.net 2011072101 28800 14400 360 86400 86400 | 3600 |0 | NULL| 0 | |1 | | 7448646 | 778 | foo.zaphods.org | A| 127.0.0.1 | 3600 |0 | | 0 | |1 | +-+---+-+--+--+--+--+-+-+---+--+ 6 rows in set (0.00 sec) (note that my have renamed my queries to use 'dns_record' as table name for the 'records' table as python django kind of insisted on that naming scheme - no biggie ;-) versus dig a foo.zaphods.net @mandelbrot.zaphods.net +norec +dnssec ; DiG 9.7.3 a foo.zaphods.net @mandelbrot.zaphods.net +norec +dnssec ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 55871 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0 ;; QUESTION SECTION: ;foo.zaphods.net.
Re: [Pdns-users] When I enable master, It opens issues with ipv6
Hi Charles, On Thu, Jul 21, 2011 at 9:21 PM, Charles Sprickman sp...@bway.net wrote: http://old.nabble.com/startup-fails-when-%22master%3Dyes%22-tc31696172.html Even if you don't need IPv6, you need to have an IPv6 loopback or link-local IP. Ah now i remember reading about this issue. Thank you for reminding us. Interestingly enough even with the deployment of PowerDNS Server on virtuozzo and openvz containers i never encountered this problem. Being quite the network geek, i always enable IPv6 in kernels though as well, you know legacy IP(v4) is doomed anyway. ;-) Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] When I enable master, It opens issues with ipv6
On Jul 21, 2011, at 3:37 PM, Stefan Schmidt wrote: Hi Charles, On Thu, Jul 21, 2011 at 9:21 PM, Charles Sprickman sp...@bway.net wrote: http://old.nabble.com/startup-fails-when-%22master%3Dyes%22-tc31696172.html Even if you don't need IPv6, you need to have an IPv6 loopback or link-local IP. Ah now i remember reading about this issue. Thank you for reminding us. Interestingly enough even with the deployment of PowerDNS Server on virtuozzo and openvz containers i never encountered this problem. Being quite the network geek, i always enable IPv6 in kernels though as well, you know legacy IP(v4) is doomed anyway. ;-) I also recall that the issue only shows up when you run in a master/slave setup, not in native mode. Just wanted to clarify that. And I was certainly not going to argue for the removal of the IPv6 requirement. The more I play with it, the more eager I am to see more people start using it. Charles Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] When I enable master, It opens issues with ipv6
I have my PowerDNS 3.0 on OpenVZ VPS On Thu, Jul 21, 2011 at 1:37 PM, Stefan Schmidt zaph...@zaphods.net wrote: Hi Charles, On Thu, Jul 21, 2011 at 9:21 PM, Charles Sprickman sp...@bway.net wrote: http://old.nabble.com/startup-fails-when-%22master%3Dyes%22-tc31696172.html Even if you don't need IPv6, you need to have an IPv6 loopback or link-local IP. Ah now i remember reading about this issue. Thank you for reminding us. Interestingly enough even with the deployment of PowerDNS Server on virtuozzo and openvz containers i never encountered this problem. Being quite the network geek, i always enable IPv6 in kernels though as well, you know legacy IP(v4) is doomed anyway. ;-) Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] When I enable master, It opens issues with ipv6 . ..
but I have my PowerDNS 3.0 on OpenVZ VPS. The VPS is not ipv6 compliance Can I set up a link-local IP IPv6 on my VPS? On Thu, 21 Jul 2011, kim Doff wrote: Could you please help me? My PowerDNS 3.0 on Debian 6.0.2/ 64 bits is working fine, but When I enable master=yes in pdns.conf It will open issues with ipv6 as shown on logs http://old.nabble.com/startup-**fails-when-%22master%3Dyes%22-** tc31696172.htmlhttp://old.nabble.com/startup-fails-when-%22master%3Dyes%22-tc31696172.html Even if you don't need IPv6, you need to have an IPv6 loopback or link-local IP. From the linked thread: PowerDNS really wants IPv6 enabled. --- Hello, Could somebody help me? My PowerDNS is working fine, but When I enable *master=yes* in pdns.conf It will open issues with ipv6 as shown on logs I have this: pdns.conf *local-address=xxx.xxx.xxx.xxx,127.0.0.1* *#local-ipv6=::1* *#query-local-address6=::1* *xxx.xxx.xxx.xxx is an IPv4 ip like 200.100.63.15* Jul 21 02:48:12 ns1 pdns[7904]: Respawning Jul 21 02:48:13 ns1 pdns[8005]: Guardian is launching an instance Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to 127.0.0.1:53 Jul 21 02:48:13 ns1 pdns[8005]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol Jul 21 02:48:14 ns1 pdns[7904]: Our pdns instance exited with code 1 Jul 21 02:48:14 ns1 pdns[7904]: Respawning Jul 21 02:48:15 ns1 pdns[8026]: Guardian is launching an instance Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to 127.0.0.1:53 Jul 21 02:48:15 ns1 pdns[8026]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol Jul 21 02:48:16 ns1 pdns[7904]: Our pdns instance exited with code 1 Jul 21 02:48:16 ns1 pdns[7904]: Respawning Jul 21 02:51:39 ns1 pdns[17792]: Guardian is launching an instance Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to 127.0.0.1:53 Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to xxx.xxx.xxx.xxx:53 Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to 127.0.0.1:53 Jul 21 02:51:39 ns1 pdns[17792]: Chrooted to './' Jul 21 02:51:39 ns1 pdns[17792]: DNS Proxy launched, local port 29105, remote127.0.0.1:1553 Jul 21 02:51:39 ns1 pdns[17792]: Creating backend connection for TCP Jul 21 02:51:39 ns1 pdns[17792]: Master/slave communicator launching Jul 21 02:51:39 ns1 pdns[17792]: Launched webserver on 127.0.0.1:8081 Jul 21 02:51:39 ns1 pdns[17792]: Communicator thread died because of STL error: Creating local resolver socket for ::: Address family not supported by protocol Jul 21 02:51:40 ns1 pdns[17641]: Our pdns instance exited with code 0 Jul 21 02:51:40 ns1 pdns[17641]: Respawning ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Master/Slave communications
Hello, Is possible to have Master/Slave communications over Ips IPv4 for PowerDNS 3.x? or ... Ips must be IPv6 for PowerDNS 3.x Thanks Kim ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Master/Slave communications
On Thu, 21 Jul 2011, kim Doff wrote: Hello, Is possible to have Master/Slave communications over Ips IPv4 for PowerDNS 3.x? Yes. or ... Ips must be IPv6 for PowerDNS 3.x You must have IPv6 enabled for PowerDNS to start in master/slave mode, regardless of whether or not your master/slave communications are over v4 or v6. You will get an error message about being unable to bind to an address and the process will exit if you attempt to start PowerDNS without an available IPv6 address. Solution: Add an IPv6 address, it need not be globally routable. Charles Thanks Kim ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PDNS recursor Dual Stack
When setting pdns recursor to use an IPv4 and IPv6 address (comma separated in local-ip) the server doesn't respond to queries over IPv6. Any quick tips to look at? Thanks Sent via Wireless ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users