[Pdns-users] Management of compiled (installed from source) pdns software

2011-07-21 Thread Nick Milas 

On 20/7/2011 9:54 πμ, Nick Milas wrote:



By the way, if compiling/installing from source, is there a way to do 
a complete uninstall (like "make uninstall")? That would be very 
useful in many scenarios.





Hi,

I have installed v3.0 build 2235 on a CentOS box from source.

How can I test final v3.0 RC3 as an RPM on the same box? Is it possible 
to remove the compiled from source version before installing the RPM? How?


I don't think I should have both installed at the same time, as there 
are filename/path differences.


Also, when building from source, should the build process be done as a 
non-root user (as is generally recommended)?


Please help.

Thanks,
Nick
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] PDNS recursor Dual Stack

2011-07-21 Thread Chris Hesselrode 
When setting pdns recursor to use an IPv4 and IPv6 address (comma separated
in local-ip) the server doesn't respond to queries over IPv6.

Any quick tips to look at?

Thanks

Sent via Wireless
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Master/Slave communications

2011-07-21 Thread Charles Sprickman 

On Thu, 21 Jul 2011, kim Doff wrote:


Hello,

Is possible to have Master/Slave communications over Ips IPv4 for PowerDNS
3.x?


Yes.


or  ...  Ips must be IPv6 for PowerDNS 3.x


You must have IPv6 enabled for PowerDNS to start in master/slave mode, 
regardless of whether or not your master/slave communications are over v4 
or v6.


You will get an error message about being unable to bind to an address and 
the process will exit if you attempt to start PowerDNS without an 
available IPv6 address.


Solution: Add an IPv6 address, it need not be globally routable.

Charles


Thanks

Kim


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Master/Slave communications

2011-07-21 Thread kim Doff 
Hello,

Is possible to have Master/Slave communications over Ips IPv4 for PowerDNS
3.x?

or  ...  Ips must be IPv6 for PowerDNS 3.x

Thanks

Kim
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] When I enable master, It opens issues with ipv6 . ..

2011-07-21 Thread kim Doff 
but 

I have my PowerDNS 3.0 on OpenVZ VPS.

The VPS is not ipv6 compliance


Can I set up a link-local IP IPv6 on my VPS?



On Thu, 21 Jul 2011, kim Doff wrote:


> Could you please help me?
>
> My PowerDNS 3.0 on Debian 6.0.2/ 64 bits is working fine,
>
> but
>
> When I enable master=yes in pdns.conf
> It will open issues with ipv6 as shown on logs
>

http://old.nabble.com/startup-**fails-when-%22master%3Dyes%22-**
tc31696172.html

Even if you don't need IPv6, you need to have an IPv6 loopback or link-local
IP.

>From the linked thread:

"PowerDNS really wants IPv6 enabled."

---
Hello,

Could somebody help me?

My PowerDNS is working fine, but

When I enable *master=yes* in pdns.conf
It will open issues with ipv6 as shown on logs


I have this:


pdns.conf

*local-address=xxx.xxx.xxx.xxx,127.0.0.1*
*#local-ipv6=::1*
*#query-local-address6=::1*


*xxx.xxx.xxx.xxx is an IPv4 ip like 200.100.63.15*



Jul 21 02:48:12 ns1 pdns[7904]: Respawning
Jul 21 02:48:13 ns1 pdns[8005]: Guardian is launching an instance
Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to 127.0.0.1:53
Jul 21 02:48:13 ns1 pdns[8005]: Fatal error: Unable to acquire a UDPv6
socket: Address family not supported by protocol
Jul 21 02:48:14 ns1 pdns[7904]: Our pdns instance exited with code 1
Jul 21 02:48:14 ns1 pdns[7904]: Respawning
Jul 21 02:48:15 ns1 pdns[8026]: Guardian is launching an instance
Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to 127.0.0.1:53
Jul 21 02:48:15 ns1 pdns[8026]: Fatal error: Unable to acquire a UDPv6
socket: Address family not supported by protocol
Jul 21 02:48:16 ns1 pdns[7904]: Our pdns instance exited with code 1
Jul 21 02:48:16 ns1 pdns[7904]: Respawning



Jul 21 02:51:39 ns1 pdns[17792]: Guardian is launching an instance
Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to 127.0.0.1:53
Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to 127.0.0.1:53
Jul 21 02:51:39 ns1 pdns[17792]: Chrooted to './'
Jul 21 02:51:39 ns1 pdns[17792]: DNS Proxy launched, local port 29105,
remote127.0.0.1:1553
Jul 21 02:51:39 ns1 pdns[17792]: Creating backend connection for TCP
Jul 21 02:51:39 ns1 pdns[17792]: Master/slave communicator launching
Jul 21 02:51:39 ns1 pdns[17792]: Launched webserver on 127.0.0.1:8081
Jul 21 02:51:39 ns1 pdns[17792]: Communicator thread died because of STL
error: Creating local resolver socket for ::: Address family not supported
by protocol
Jul 21 02:51:40 ns1 pdns[17641]: Our pdns instance exited with code 0
Jul 21 02:51:40 ns1 pdns[17641]: Respawning
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] When I enable master, It opens issues with ipv6

2011-07-21 Thread kim Doff 
I have my PowerDNS 3.0 on OpenVZ VPS

On Thu, Jul 21, 2011 at 1:37 PM, Stefan Schmidt  wrote:

> Hi Charles,
>
> On Thu, Jul 21, 2011 at 9:21 PM, Charles Sprickman  wrote:
> >>
> http://old.nabble.com/startup-fails-when-%22master%3Dyes%22-tc31696172.html
> >>
> >> Even if you don't need IPv6, you need to have an IPv6 loopback or
> >> link-local IP.
>
> Ah now i remember reading about this issue. Thank you for reminding us.
> Interestingly enough even with the deployment of PowerDNS Server on
> virtuozzo and openvz containers i never encountered this problem.
> Being quite the network geek, i always enable IPv6 in kernels though
> as well, you know legacy IP(v4) is doomed anyway. ;-)
>
>  Stefan
> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] When I enable master, It opens issues with ipv6

2011-07-21 Thread Charles Sprickman 
On Jul 21, 2011, at 3:37 PM, Stefan Schmidt wrote:

> Hi Charles,
> 
> On Thu, Jul 21, 2011 at 9:21 PM, Charles Sprickman  wrote:
>>> http://old.nabble.com/startup-fails-when-%22master%3Dyes%22-tc31696172.html
>>> 
>>> Even if you don't need IPv6, you need to have an IPv6 loopback or
>>> link-local IP.
> 
> Ah now i remember reading about this issue. Thank you for reminding us.
> Interestingly enough even with the deployment of PowerDNS Server on
> virtuozzo and openvz containers i never encountered this problem.
> Being quite the network geek, i always enable IPv6 in kernels though
> as well, you know legacy IP(v4) is doomed anyway. ;-)

I also recall that the issue only shows up when you run in a master/slave 
setup, not in native mode.  Just wanted to clarify that.

And I was certainly not going to argue for the removal of the IPv6 requirement. 
 The more I play with it, the more eager I am to see more people start using it.

Charles

> 
> Stefan

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] When I enable master, It opens issues with ipv6

2011-07-21 Thread Stefan Schmidt 
Hi Charles,

On Thu, Jul 21, 2011 at 9:21 PM, Charles Sprickman  wrote:
>> http://old.nabble.com/startup-fails-when-%22master%3Dyes%22-tc31696172.html
>>
>> Even if you don't need IPv6, you need to have an IPv6 loopback or
>> link-local IP.

Ah now i remember reading about this issue. Thank you for reminding us.
Interestingly enough even with the deployment of PowerDNS Server on
virtuozzo and openvz containers i never encountered this problem.
Being quite the network geek, i always enable IPv6 in kernels though
as well, you know legacy IP(v4) is doomed anyway. ;-)

 Stefan
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.

2011-07-21 Thread Stefan Schmidt 
Hi Chris,

On Thu, Jul 21, 2011 at 8:57 PM, Chris Russell
 wrote:
>  I think I've confused the issue with the two backends, I actually set this 
> up as a test as running with one wasn't working.
>
>  To back to the original issue,  I have PDNSsec + DNS-SEC + ipv6 working 
> flawlessly, without issues.  However, for other reasons I need to serve zones 
> where I don't wish to have any signing information in the database for this 
> zone. This means I don't want to run secure-zone or rectify-zone instead keep 
> that zone DNS-SEC free.
>
>  Essentially configuring DNS-SEC on a zone by zone basis.

That is the default and afaik only way PowerDNS works.

>  The problem is,  I can push records into the DB as per a standard unsigned 
> zone, but pdnssec will not serve these records only the SOA.  So can pdnssec 
> serve unsigned zones where no DNS-SEC related records exist when the g-mysql 
> backend is set to gmysql-dnssec ?

Alright so i think we're getting closer to the culprit. You will need
to have the auth field set to '1' i.e. True for most if not all
records
Documentation [1] says:
"The 'auth' field should be set to '1' for data for which is itself
authoritative, which includes the SOA record and its own NS records."
"The 'auth' field should be 0 however for NS records which are used
for delegation, and also for any glue (A, ) records present for
this purpose. Do note that the DS record for a secure delegation
should be authoritative!"
And that works for me.
Even so you are not serving DNSSEC signed zone data i think when
setting dnssec to on for a backend PowerDNS will just assume that if
the auth field is there and is '0' or False that it does not need to
serve this as authoritative data.

>  Or am I   stuck with PDNS serving DNS-SEC enabled zones, OR non DNS-SEC 
> enabled zones but not both :-/

Nope, definitely not. This usually just works.

dig a foo.zaphods.org @mandelbrot.zaphods.net +norec +dnssec
; <<>> DiG 9.7.3 <<>> a foo.zaphods.org @mandelbrot.zaphods.net +norec +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7345
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 2800
;; QUESTION SECTION:
;foo.zaphods.org.   IN  A

;; ANSWER SECTION:
foo.zaphods.org.3600IN  A   127.0.0.1

;; Query time: 54 msec
;; SERVER: 217.197.86.168#53(217.197.86.168)
;; WHEN: Thu Jul 21 21:12:26 2011
;; MSG SIZE  rcvd: 60
mysql> select * from dns_record where domain_id=778;
+-+---+-+--+--+--+--+-+-+---+--+
| id  | domain_id | name| type | content
   |
ttl  | prio | description | dynamic | ordername | auth |
+-+---+-+--+--+--+--+-+-+---+--+
| 7448641 |   778 | zaphods.org | NS   | chiyoda.zaphods.net
   |
3600 |0 | NULL|   0 |   |1 |
| 7448642 |   778 | zaphods.org | NS   |
mandelbrot.zaphods.net
  | 3600 |0 | NULL|   0 |   |
  1 |
| 7448643 |   778 | zaphods.org | NS   | shinagawa.zaphods.net
   |
3600 |0 | NULL|   0 |   |1 |
| 7448644 |   778 | zaphods.org | NS   | taito.zaphods.net
   |
3600 |0 | NULL|   0 |   |1 |
| 7448645 |   778 | zaphods.org | SOA  |
mandelbrot.zaphods.net hostmas...@zaphods.net 2011072101 28800 14400
360 86400 86400 | 3600 |0 | NULL|   0 |
|1 |
| 7448646 |   778 | foo.zaphods.org | A| 127.0.0.1
   |
3600 |0 | |   0 |   |1 |
+-+---+-+--+--+--+--+-+-+---+--+
6 rows in set (0.00 sec)
(note that my have renamed my queries to use 'dns_record' as table
name for the 'records' table as python django kind of insisted on that
naming scheme - no biggie ;-)

versus

dig a foo.zaphods.net @mandelbrot.zaphods.net +norec +dnssec

; <<>> DiG 9.7.3 <<>> a foo.zaphods.net @mandelbrot.zaphods.net +norec +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55871
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0

;; QUESTION SECTION:
;foo.zaphods.net.

Re: [Pdns-users] When I enable master, It opens issues with ipv6

2011-07-21 Thread Charles Sprickman 

Oops.  Botched the list address.

On Thu, 21 Jul 2011, Charles Sprickman wrote:


On Thu, 21 Jul 2011, kim Doff wrote:


Hello Charles,


Hello, please keep traffic on the list so everyone can see the replies.


Could you please help me?

My PowerDNS 3.0 on Debian 6.0.2/ 64 bits is working fine,

but

When I enable master=yes in pdns.conf
It will open issues with ipv6 as shown on logs


http://old.nabble.com/startup-fails-when-%22master%3Dyes%22-tc31696172.html

Even if you don't need IPv6, you need to have an IPv6 loopback or link-local 
IP.


From the linked thread:

"PowerDNS really wants IPv6 enabled."

Charles




Errors:
Fatal error: Unable to acquire a UDPv6 socket:
Address family not supported by protocol

and

Communicator thread died because of STL error:
Creating local resolver socket for :::
Address family not supported by protocol



I have this:


pdns.conf

#local-address=0.0.0.0
local-address=xxx.xxx.xxx.xxx,127.0.0.1
#local-ipv6=::1
#query-local-address6=::1
local-port=53

xxx.xxx.xxx.xxx is an IPv4 ip like 200.100.63.15





Jul 21 02:48:12 ns1 pdns[7904]: Respawning
Jul 21 02:48:13 ns1 pdns[8005]: Guardian is launching an instance
Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to 127.0.0.1:53
Jul 21 02:48:13 ns1 pdns[8005]: Fatal error: Unable to acquire a UDPv6
socket: Address family not supported by protocol
Jul 21 02:48:14 ns1 pdns[7904]: Our pdns instance exited with code 1
Jul 21 02:48:14 ns1 pdns[7904]: Respawning
Jul 21 02:48:15 ns1 pdns[8026]: Guardian is launching an instance
Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to 127.0.0.1:53
*Jul 21 02:48:15 ns1 pdns[8026]: Fatal error: Unable to acquire a UDPv6
socket: Address family not supported by protocol*
Jul 21 02:48:16 ns1 pdns[7904]: Our pdns instance exited with code 1
Jul 21 02:48:16 ns1 pdns[7904]: Respawning



Jul 21 02:51:39 ns1 pdns[17792]: Guardian is launching an instance
Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to 127.0.0.1:53
Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to 127.0.0.1:53
Jul 21 02:51:39 ns1 pdns[17792]: Chrooted to './'
Jul 21 02:51:39 ns1 pdns[17792]: DNS Proxy launched, local port 29105,
remote 127.0.0.1:1553
Jul 21 02:51:39 ns1 pdns[17792]: Creating backend connection for TCP
Jul 21 02:51:39 ns1 pdns[17792]: Master/slave communicator launching
Jul 21 02:51:39 ns1 pdns[17792]: Launched webserver on 127.0.0.1:8081
*Jul 21 02:51:39 ns1 pdns[17792]: Communicator thread died because of STL
error: Creating local resolver socket for ::: Address family not supported
by protocol*
Jul 21 02:51:40 ns1 pdns[17641]: Our pdns instance exited with code 0
Jul 21 02:51:40 ns1 pdns[17641]: Respawning




___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.

2011-07-21 Thread bert hubert 
On Thu, Jul 21, 2011 at 07:57:39PM +0100, Chris Russell wrote:

>   The problem is,  I can push records into the DB as per a standard
> unsigned zone, but pdnssec will not serve these records only the SOA.  So
> can pdnssec serve unsigned zones where no DNS-SEC related records exist
> when the g-mysql backend is set to gmysql-dnssec ?

Just set the 'auth' field to 1 for each record and it will work. If you set
it to 0 it won't.  You don't need to deal with the other fields.

Please let me know if this solves your issue.

Bert
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.

2011-07-21 Thread Chris Russell 

> Running `pdnssec rectify-zone wibble.com` will just add the 'mail' to the 
> ordername column of your records table btw. With DNSSEC in

 HI Stefan,

  I think I've confused the issue with the two backends, I actually set this up 
as a test as running with one wasn't working.

  To back to the original issue,  I have PDNSsec + DNS-SEC + ipv6 working 
flawlessly, without issues.  However, for other reasons I need to serve zones 
where I don't wish to have any signing information in the database for this 
zone. This means I don't want to run secure-zone or rectify-zone instead keep 
that zone DNS-SEC free.

  Essentially configuring DNS-SEC on a zone by zone basis.

  The problem is,  I can push records into the DB as per a standard unsigned 
zone, but pdnssec will not serve these records only the SOA.  So can pdnssec 
serve unsigned zones where no DNS-SEC related records exist when the g-mysql 
backend is set to gmysql-dnssec ?

  Or am I   stuck with PDNS serving DNS-SEC enabled zones, OR non DNS-SEC 
enabled zones but not both :-/




Cheers

Chris

Knowledge I.T.
'Unifying Business Technology'
www.knowledgeit.co.uk

Knowledge Limited, Company Registration: 1554385
Registered Office: New Century House, Crowther Road, Washington, Tyne & Wear. 
NE38 0AQ
Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR

Tel: 0845 142 0020. Fax: 0845 142 0021

E-Mail Disclaimer: This e-mail message is intended to be received only by 
persons entitled to receive the confidential information it may contain. E-mail 
messages to clients of Knowledge IT may contain information that is 
confidential and legally privileged. Please do not read, copy, forward, or 
store this message unless you are an intended recipient of it. If you have 
received this message in error, please forward it to the sender and delete it 
completely from your computer system.

Please consider the environment before printing this email.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS cannot bind - address family problem --

2011-07-21 Thread Charles Sprickman 

On Thu, 21 Jul 2011, kim Doff wrote:


Hello,

My PowerDNS cannot bind

Logs

Jul 20 17:35:41 ns1 pdns[1308]: Guardian is launching an instance
Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to 127.0.0.1:53
Jul 20 17:35:41 ns1 pdns[1308]: *Fatal error: Unable to acquire a UDPv6
socket: *
*Address family not supported by protocol*
Jul 20 17:35:42 ns1 pdns[1218]: Our pdns instance exited with code 1


IIRC, you need to have an IPv6 address, even if it's just localhost or a 
link-local.


Look for a similar thread in the archives that I started a few months 
back.


Charles



root@ns1:~# ifconfig -a lo
loLink encap:Boucle locale
 inet adr:127.0.0.1  Masque:255.0.0.0
 UP LOOPBACK RUNNING  MTU:16436  Metric:1
 RX packets:10124424 errors:0 dropped:0 overruns:0 frame:0
 TX packets:10124424 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 lg file transmission:0
 RX bytes:2553866141 (2.3 GiB)  TX bytes:2553866141 (2.3 GiB)

*No Ipv6 is set...*


*How can I disable ipv6? *

Best Regards and have a nice day!

Kim


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Odd Recursor/Authoritative problem with a private domain

2011-07-21 Thread Jeremy Utley 

On 7/21/2011 1:14 PM, Stefan Schmidt wrote:

On Thu, Jul 21, 2011 at 8:00 PM, Jeremy Utley  wrote:

gnint.prv=66.152.94.11, 66.152.94.12, 66.152.94.13
10.in-addr.arpa=66.152.94.11, 66.152.94.12, 66.152.94.13

...

$ host gn-ldap01.gnint.prv
gn-ldap01.gnint.prv has address 10.1.20.1
Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN)
Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN)

Are those machines maybe using some kind of asynchronous dns library?
Not to my knowledge.  The machines are bog standard CentOS 5.6 machines, 
using the stock "host" command that comes with CentOS 
(bind-utils-9.3.6-16.P1.el5  package).

If you do a
dig @  gn-ldap01.gnint.prv
for each of your loadbalancer IPs does it show NXDOMAIN somewhere?
No it does not, running dig against both the recursors and the 
authoritative, whether going thru the load balancer, or directly to the 
machines, no NXDOMAIN responses are given.

Also worth trying: Does ping gn-ldap01.gnint.prv work every time?
It's erratic.  I have seen pings fail due to failure to resolve the 
hostname, other times it works just fine.


Jeremy
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] When I enable master, It opens issues with ipv6

2011-07-21 Thread kim Doff 
Hello,

Could somebody help me?

My PowerDNS is working fine, but

When I enable *master=yes* in pdns.conf
It will open issues with ipv6 as shown on logs


I have this:


pdns.conf

*local-address=xxx.xxx.xxx.xxx,127.0.0.1*
*#local-ipv6=::1*
*#query-local-address6=::1*


*xxx.xxx.xxx.xxx is an IPv4 ip like 200.100.63.15*



Jul 21 02:48:12 ns1 pdns[7904]: Respawning
Jul 21 02:48:13 ns1 pdns[8005]: Guardian is launching an instance
Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to 127.0.0.1:53
Jul 21 02:48:13 ns1 pdns[8005]: Fatal error: Unable to acquire a UDPv6
socket: Address family not supported by protocol
Jul 21 02:48:14 ns1 pdns[7904]: Our pdns instance exited with code 1
Jul 21 02:48:14 ns1 pdns[7904]: Respawning
Jul 21 02:48:15 ns1 pdns[8026]: Guardian is launching an instance
Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to 127.0.0.1:53
Jul 21 02:48:15 ns1 pdns[8026]: Fatal error: Unable to acquire a UDPv6
socket: Address family not supported by protocol
Jul 21 02:48:16 ns1 pdns[7904]: Our pdns instance exited with code 1
Jul 21 02:48:16 ns1 pdns[7904]: Respawning



Jul 21 02:51:39 ns1 pdns[17792]: Guardian is launching an instance
Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to 127.0.0.1:53
Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to 127.0.0.1:53
Jul 21 02:51:39 ns1 pdns[17792]: Chrooted to './'
Jul 21 02:51:39 ns1 pdns[17792]: DNS Proxy launched, local port 29105,
remote127.0.0.1:1553
Jul 21 02:51:39 ns1 pdns[17792]: Creating backend connection for TCP
Jul 21 02:51:39 ns1 pdns[17792]: Master/slave communicator launching
Jul 21 02:51:39 ns1 pdns[17792]: Launched webserver on 127.0.0.1:8081
Jul 21 02:51:39 ns1 pdns[17792]: Communicator thread died because of STL
error: Creating local resolver socket for ::: Address family not supported
by protocol
Jul 21 02:51:40 ns1 pdns[17641]: Our pdns instance exited with code 0
Jul 21 02:51:40 ns1 pdns[17641]: Respawning
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Odd Recursor/Authoritative problem with a private domain

2011-07-21 Thread Stefan Schmidt 
On Thu, Jul 21, 2011 at 8:00 PM, Jeremy Utley  wrote:
> gnint.prv=66.152.94.11, 66.152.94.12, 66.152.94.13
> 10.in-addr.arpa=66.152.94.11, 66.152.94.12, 66.152.94.13
...
> $ host gn-ldap01.gnint.prv
> gn-ldap01.gnint.prv has address 10.1.20.1
> Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN)
> Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN)

Are those machines maybe using some kind of asynchronous dns library?

If you do a
dig @ gn-ldap01.gnint.prv
for each of your loadbalancer IPs does it show NXDOMAIN somewhere?

Also worth trying: Does ping gn-ldap01.gnint.prv work every time?

 Stefan
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Odd Recursor/Authoritative problem with a private domain

2011-07-21 Thread Jeremy Utley 

Hello to all on the list!

I'm seeing something kind of weird in our DNS setup, and was hoping I 
could bounce it off all of you to see if I could get some input.  First 
off, structure of our system:


6 Recursor servers, sitting behind a Foundry Load balancer, running 
pdns-recursor version 3.3-1 from the RPMs provided by PowerDNS
6 Authoritative servers, also sitting behind a Foundry Load balancer, 
running pdns-static-2.9.22-1 from the RPMs provided by PowerDNS


Other than the below problem, the setup works wonderfully.  On to the 
problem.


We set up a "private" zone named gnint.prv within our authoritative DNS 
servers to provide for private hostnames on our backend network (using 
10.1.20.0/255.255.252.0).  Within our recursors, we put the following 
into our config:


forward-zones-file=/etc/powerdns/stub-zone.conf

and within the stub-zone.conf file, we have the following:

gnint.prv=66.152.94.11, 66.152.94.12, 66.152.94.13
10.in-addr.arpa=66.152.94.11, 66.152.94.12, 66.152.94.13

The IP's referenced in the stub-zone.conf file are our load balancer 
IP's that split across all 6 authoritative servers.


When I try to do a lookup of an address I have defined within the 
gnint.prv domain using the linux "host" command, I get the following:


$ host gn-ldap01.gnint.prv
gn-ldap01.gnint.prv has address 10.1.20.1
Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN)
Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN)

Notice that I get 2 NXDOMAIN responses along with the valid response.  
This is what bugs me, because I think this causes *some* machines to 
fail to resolve the hostname.  If I try some other domain against the 
recursors, I only see one answer:


$ host www.gammanetworking.com
www.gammanetworking.com has address 66.152.94.25

Of course, this would not be working thru the stub-zone.conf facility, 
but instead looking up via whois record.


Also, interesting to note that reverse DNS lookups do not show a similar 
problem:


$ host 10.1.20.1
1.20.1.10.in-addr.arpa domain name pointer gn-ldap01.gnint.prv.


Does anyone have any ideas on what I'm missing?

Jeremy


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.

2011-07-21 Thread Stefan Schmidt 
On Thu, Jul 21, 2011 at 6:38 PM, Chris Russell
 wrote:

>  So the question then becomes, can I run 2 gmysql backends, one for sec one 
> for not. Docs don't really tell me this, especially preferably in the same 
> database.

Ah sorry i didn't read all the way down to your question.

No you cannot.
The reason for that is that backends are exhausted for zone content in
the order in which they are specified in the launch statement and the
for loop breaks after the first backend answers something else than 'i
don't know', so the first to answer 'wins' one could say.
This means that your 'sec' backend will always answer first for the
content of the database.

However you don't need to serve the data via a dedicated 'sec' and
'non sec' backend as even if dnssec is enabled for a backend PowerDNS
will still serve that domain without dnssec perfectly normal.

Please compare the output of
dig soa zaphods.net @mandelbrot.zaphods.net +norec
to
dig soa zaphods.net @mandelbrot.zaphods.net +norec +dnssec

Enabling DNSSEC for a domain does not mean that a name server will
cease serving regular DNS content and protocol, it just means that it
will respond differently when 'DNSSEC OK' (DO) bit is set for a query.

Running `pdnssec rectify-zone wibble.com` will just add the 'mail' to
the ordername column of your records table btw. With DNSSEC in
non-narrow mode you need to run this whenever you change a record. I
suspect running it might already solve your problem.

 Stefan
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(n on) sec + sec.

2011-07-21 Thread Chris Russell 
Hi stefan

Have Dns sec working without issue its the non sec which isn't

R
Thanks

Chris

--- original message ---
From: "Stefan Schmidt" 
Subject: Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) 
sec + sec.
Date: 21st July 2011
Time: 6:21:57 pm


On Thu, Jul 21, 2011 at 6:46 PM, Chris Russell
 wrote:
>  As an addendum, also tried multi launch with the same issue specifying 
> dnssec on one launch:
>
> launch=gmysql:sec,gmysql:nonsec
> gmysql-sec-dnssec
...
>
>  Have to be missing something silly here.

I'm not sure if it makes any difference but this works for me with
gmysql-priv-dnssec=yes

Something equally silly would be if you were missing the tables
necessary for DNSSEC operations as specified at
http://doc.powerdns.com/generic-mypgsql-backends.html#id479879
where it says "To support or migrate to DNSSEC, the following SQL
statements must be executed".
Is your table structure 'DNSSEC-ready'?

for mail. the ordername should be 'mail' although as you are not
querying with +dnssec i don't think PowerDNS would bother.
what does a `pdnssec show-zone wobble.com` say?

 Stefan
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Knowledge I.T.
‘Unifying Business Technology’
www.knowledgeit.co.uk

Knowledge Limited, Company Registration: 1554385
Registered Office: New Century House, Crowther Road, Washington, Tyne & Wear. 
NE38 0AQ
Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR

Tel: 0845 142 0020. Fax: 0845 142 0021

E-Mail Disclaimer: This e-mail message is intended to be received only by 
persons entitled to receive the confidential information it may contain. E-mail 
messages to clients of Knowledge IT may contain information that is 
confidential and legally privileged. Please do not read, copy, forward, or 
store this message unless you are an intended recipient of it. If you have 
received this message in error, please forward it to the sender and delete it 
completely from your computer system.

Please consider the environment before printing this email.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.

2011-07-21 Thread Stefan Schmidt 
On Thu, Jul 21, 2011 at 6:46 PM, Chris Russell
 wrote:
>  As an addendum, also tried multi launch with the same issue specifying 
> dnssec on one launch:
>
> launch=gmysql:sec,gmysql:nonsec
> gmysql-sec-dnssec
...
>
>  Have to be missing something silly here.

I'm not sure if it makes any difference but this works for me with
gmysql-priv-dnssec=yes

Something equally silly would be if you were missing the tables
necessary for DNSSEC operations as specified at
http://doc.powerdns.com/generic-mypgsql-backends.html#id479879
where it says "To support or migrate to DNSSEC, the following SQL
statements must be executed".
Is your table structure 'DNSSEC-ready'?

for mail. the ordername should be 'mail' although as you are not
querying with +dnssec i don't think PowerDNS would bother.
what does a `pdnssec show-zone wobble.com` say?

 Stefan
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.

2011-07-21 Thread Chris Russell 
 As an addendum, also tried multi launch with the same issue specifying dnssec 
on one launch:

launch=gmysql:sec,gmysql:nonsec
gmysql-sec-dnssec
gmysql-sec-host=127.0.0.1
gmysql-sec-user=x
gmysql-sec-dbname=y
gmysql-sec-password=z
gmysql-nonsec-host=127.0.0.1
gmysql-nonsec-user=x
gmysql-nonsec-dbname=y
gmysql-nonsec-password=z

 Have to be missing something silly here.


Cheers

Chris



-Original Message-
From: pdns-users-boun...@mailman.powerdns.com 
[mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of Chris Russell
Sent: 21 July 2011 17:38
To: zaph...@zaphods.net
Cc: pdns-users@mailman.powerdns.com
Subject: Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) 
sec + sec.

Hi Stefan,

 Thanks for the reply.

 Sorry for the confusion. I think "option for dns-sec in the backend" is the 
key here, because I have this set, as I want to serve some dns-sec zones but 
not all.

 Essentially, PDNS, with Mysql Backend (only), and I`m trying to serve dns-sec, 
and non dns-sec zones.

launch=gmysql
gmysql-dnssec


 Set in pdns.conf.

 In the database:

Domains:

|  6 | wibble.com   | NULL   |   NULL | NATIVE |
NULL | NULL|
++--++++-+-+


mysql> select * from records where domain_id=6;
+-+---+-+--+--+---+--+-+---+--+
| id  | domain_id | name| type | content
  | ttl   | prio | change_date | 
ordername | auth |
+-+---+-+--+--+---+--+-+---+--+
| 694 | 6 | wibble.com  | SOA  | ns1.server.co.uk 
hostmaster.server.net 2011011702 10800 3600 1209600 86400 | 86400 |0 |  
  NULL |   |0 |

| 695 | 6 | mail.wibble.com | A| 1.1.1.1  | 86400 |0 |  
  NULL |   |0 |
| 696 | 6 | wibble.com  | NS   | ns1.server.co.uk | 86400 |0 |  
  NULL |   |0 |


 So I have name server (ns1.server.co.uk is the physical server), SOA and an A 
record. The auth field (for DNS-SEC is 0)

 However results from dig:

[root@ns1 ~]# dig wibble.com @localhost SOA

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> wibble.com @localhost SOA
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18174
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;wibble.com.IN  SOA

;; ANSWER SECTION:
wibble.com. 86400   IN  SOA ns1.server.co.uk 
hostmaster.server.net 2011011702 10800 3600 1209600 86400

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 21 17:22:56 2011
;; MSG SIZE  rcvd: 101

 So, no issues with the SOA, but the A

[root@ns1 ~]# dig mail.wibble.com @localhost A

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> mail.wibble.com @localhost A
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57290
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.wibble.com.   IN  A

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 21 17:28:20 2011
;; MSG SIZE  rcvd: 33


 And in the logs:

Jul 21 17:25:19 ns1 pdns[14821]: Should not get here (mail.wibble.com|1): 
please run pdnssec rectify-zone wibble.com

 Im guessing as I have gmysql-dnssec set, its assuming all zones are DNS-SEC 
enabled.

 So the question then becomes, can I run 2 gmysql backends, one for sec one for 
not. Docs don't really tell me this, especially preferably in the same database.

Cheers

Chris



-Original Message-
From: pdns-users-boun...@mailman.powerdns.com 
[mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of Stefan Schmidt


I am not sure what you mean by 'auth zone'.
You can run non DNSSEC zones alongside DNSSEC signed ones no problem,
PowerDNS will default to non-DNSSEC operation for a Zone if it doesn't
find any key material or option for it in the backend.

 Stefan
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Knowledge I.T.
‘Unifying Business Technology’
www.knowledgeit.co.uk

Knowledge Limited, Company Registration: 1554385
Registered Office: New Century House, Crowther Road, Washington, Tyne & Wear. 
NE38 0AQ
Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR

Tel: 0845 142 0020. Fax: 0845 142 0021

E-Mail Disclaimer: This e-mail message is intended to be received only by 
persons entitled to receive the confidential information it may contain. E-mail 
messages to cli

Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.

2011-07-21 Thread Chris Russell 
Hi Stefan,

 Thanks for the reply.

 Sorry for the confusion. I think "option for dns-sec in the backend" is the 
key here, because I have this set, as I want to serve some dns-sec zones but 
not all.

 Essentially, PDNS, with Mysql Backend (only), and I`m trying to serve dns-sec, 
and non dns-sec zones.

launch=gmysql
gmysql-dnssec


 Set in pdns.conf.

 In the database:

Domains:

|  6 | wibble.com   | NULL   |   NULL | NATIVE |
NULL | NULL|
++--++++-+-+


mysql> select * from records where domain_id=6;
+-+---+-+--+--+---+--+-+---+--+
| id  | domain_id | name| type | content
  | ttl   | prio | change_date | 
ordername | auth |
+-+---+-+--+--+---+--+-+---+--+
| 694 | 6 | wibble.com  | SOA  | ns1.server.co.uk 
hostmaster.server.net 2011011702 10800 3600 1209600 86400 | 86400 |0 |  
  NULL |   |0 |

| 695 | 6 | mail.wibble.com | A| 1.1.1.1  | 86400 |0 |  
  NULL |   |0 |
| 696 | 6 | wibble.com  | NS   | ns1.server.co.uk | 86400 |0 |  
  NULL |   |0 |


 So I have name server (ns1.server.co.uk is the physical server), SOA and an A 
record. The auth field (for DNS-SEC is 0)

 However results from dig:

[root@ns1 ~]# dig wibble.com @localhost SOA

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> wibble.com @localhost SOA
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18174
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;wibble.com.IN  SOA

;; ANSWER SECTION:
wibble.com. 86400   IN  SOA ns1.server.co.uk 
hostmaster.server.net 2011011702 10800 3600 1209600 86400

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 21 17:22:56 2011
;; MSG SIZE  rcvd: 101

 So, no issues with the SOA, but the A

[root@ns1 ~]# dig mail.wibble.com @localhost A

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> mail.wibble.com @localhost A
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57290
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.wibble.com.   IN  A

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 21 17:28:20 2011
;; MSG SIZE  rcvd: 33


 And in the logs:

Jul 21 17:25:19 ns1 pdns[14821]: Should not get here (mail.wibble.com|1): 
please run pdnssec rectify-zone wibble.com

 Im guessing as I have gmysql-dnssec set, its assuming all zones are DNS-SEC 
enabled.

 So the question then becomes, can I run 2 gmysql backends, one for sec one for 
not. Docs don't really tell me this, especially preferably in the same database.

Cheers

Chris



-Original Message-
From: pdns-users-boun...@mailman.powerdns.com 
[mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of Stefan Schmidt


I am not sure what you mean by 'auth zone'.
You can run non DNSSEC zones alongside DNSSEC signed ones no problem,
PowerDNS will default to non-DNSSEC operation for a Zone if it doesn't
find any key material or option for it in the backend.

 Stefan
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Knowledge I.T.
‘Unifying Business Technology’
www.knowledgeit.co.uk

Knowledge Limited, Company Registration: 1554385
Registered Office: New Century House, Crowther Road, Washington, Tyne & Wear. 
NE38 0AQ
Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR

Tel: 0845 142 0020. Fax: 0845 142 0021

E-Mail Disclaimer: This e-mail message is intended to be received only by 
persons entitled to receive the confidential information it may contain. E-mail 
messages to clients of Knowledge IT may contain information that is 
confidential and legally privileged. Please do not read, copy, forward, or 
store this message unless you are an intended recipient of it. If you have 
received this message in error, please forward it to the sender and delete it 
completely from your computer system.

Please consider the environment before printing this email.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.

2011-07-21 Thread Stefan Schmidt 
On Thu, Jul 21, 2011 at 4:43 PM, Chris Russell
 wrote:
>  .. and I hope the answer is RTFM, but...
>
>  I`m looking to push out PDNS as our new primary auth servers and also with 
> DNS-SEC, however only on certain zones. (Essentially to allow 2 migrations, 
> one to PDNS then one to enable DNS-SEC).
>
>  It is possible for pdnssec to also server non auth zones ? if so, how :)
>
>  Using pdns-static-3.0rc3.20110719.2239-1, fairly standard options 
> (gmysql-dnssec) - with the auth field set to 0, I can return an SOA, but no A 
> records for non auth domains.

I am not sure what you mean by 'auth zone'.
You can run non DNSSEC zones alongside DNSSEC signed ones no problem,
PowerDNS will default to non-DNSSEC operation for a Zone if it doesn't
find any key material or option for it in the backend.

 Stefan
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] STL error Creating local resolver socket for ::: Address family not supported by protocol -

2011-07-21 Thread kim Doff 
Yes, I have something as you said so

xxx.xxx.xxx.xxx is an IPv4 address like

local-address=200.100.63.15,127.0.0.1
#local-ipv6=::1
#query-local-address6=::1

On Thu, Jul 21, 2011 at 9:44 AM, kim Doff  wrote:

> Hello,
>
> Could somebody please help me?
>
> I have this:
>
> local-address=xxx.xxx.xxx.xxx,127.0.0.1
> #local-ipv6=::1
> #query-local-address6=::1
>
>
> Jul 21 02:48:12 ns1 pdns[7904]: Respawning
> Jul 21 02:48:13 ns1 pdns[8005]: Guardian is launching an instance
> Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to xxx.xxx.xxx.xxx:53
> Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to 127.0.0.1:53
> *Jul 21 02:48:13 ns1 pdns[8005]: Fatal error: Unable to acquire a UDPv6
> socket: Address family not supported by protocol*
> Jul 21 02:48:14 ns1 pdns[7904]: Our pdns instance exited with code 1
> Jul 21 02:48:14 ns1 pdns[7904]: Respawning
> Jul 21 02:48:15 ns1 pdns[8026]: Guardian is launching an instance
> Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to xxx.xxx.xxx.xxx:53
> Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to 127.0.0.1:53
> Jul 21 02:48:15 ns1 pdns[8026]: Fatal error: Unable to acquire a UDPv6
> socket: Address family not supported by protocol
> Jul 21 02:48:16 ns1 pdns[7904]: Our pdns instance exited with code 1
> Jul 21 02:48:16 ns1 pdns[7904]: Respawning
>
>
>
> Jul 21 02:51:39 ns1 pdns[17792]: Guardian is launching an instance
> Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to xxx.xxx.xxx.xxx:53
> Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to 127.0.0.1:53
> Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to xxx.xxx.xxx.xxx:53
> Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to 127.0.0.1:53
> Jul 21 02:51:39 ns1 pdns[17792]: Chrooted to './'
> Jul 21 02:51:39 ns1 pdns[17792]: DNS Proxy launched, local port 29105,
> remote 127.0.0.1:1553
> Jul 21 02:51:39 ns1 pdns[17792]: Creating backend connection for TCP
> Jul 21 02:51:39 ns1 pdns[17792]: Master/slave communicator launching
> Jul 21 02:51:39 ns1 pdns[17792]: Launched webserver on 127.0.0.1:8081
> *Jul 21 02:51:39 ns1 pdns[17792]: Communicator thread died because of STL
> error: Creating local resolver socket for ::: Address family not supported
> by protocol*
> Jul 21 02:51:40 ns1 pdns[17641]: Our pdns instance exited with code 0
> Jul 21 02:51:40 ns1 pdns[17641]: Respawning
>
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] STL error Creating local resolver socket for ::: Address family not supported by protocol

2011-07-21 Thread kim Doff 
Hello,

Could somebody please help me?

I have this:

local-address=xxx.xxx.xxx.xxx,127.0.0.1
#local-ipv6=::1
#query-local-address6=::1


Jul 21 02:48:12 ns1 pdns[7904]: Respawning
Jul 21 02:48:13 ns1 pdns[8005]: Guardian is launching an instance
Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to 127.0.0.1:53
*Jul 21 02:48:13 ns1 pdns[8005]: Fatal error: Unable to acquire a UDPv6
socket: Address family not supported by protocol*
Jul 21 02:48:14 ns1 pdns[7904]: Our pdns instance exited with code 1
Jul 21 02:48:14 ns1 pdns[7904]: Respawning
Jul 21 02:48:15 ns1 pdns[8026]: Guardian is launching an instance
Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to 127.0.0.1:53
Jul 21 02:48:15 ns1 pdns[8026]: Fatal error: Unable to acquire a UDPv6
socket: Address family not supported by protocol
Jul 21 02:48:16 ns1 pdns[7904]: Our pdns instance exited with code 1
Jul 21 02:48:16 ns1 pdns[7904]: Respawning



Jul 21 02:51:39 ns1 pdns[17792]: Guardian is launching an instance
Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:51:39 ns1 pdns[17792]: UDP server bound to 127.0.0.1:53
Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:51:39 ns1 pdns[17792]: TCP server bound to 127.0.0.1:53
Jul 21 02:51:39 ns1 pdns[17792]: Chrooted to './'
Jul 21 02:51:39 ns1 pdns[17792]: DNS Proxy launched, local port 29105,
remote 127.0.0.1:1553
Jul 21 02:51:39 ns1 pdns[17792]: Creating backend connection for TCP
Jul 21 02:51:39 ns1 pdns[17792]: Master/slave communicator launching
Jul 21 02:51:39 ns1 pdns[17792]: Launched webserver on 127.0.0.1:8081
*Jul 21 02:51:39 ns1 pdns[17792]: Communicator thread died because of STL
error: Creating local resolver socket for ::: Address family not supported
by protocol*
Jul 21 02:51:40 ns1 pdns[17641]: Our pdns instance exited with code 0
Jul 21 02:51:40 ns1 pdns[17641]: Respawning
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] IPv4 and IPv6 sockets at the same time

2011-07-21 Thread Chris Russell 
Hi Martin,

 Actually, as a confirm, we have allow_from set specifically too. So +1 to it 
being the local nets.

Cheers

Chris


> Line 123 in pdns_recursor.cc defines the default allow-from rules:

#define LOCAL_NETS "127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16,
172.16.0.0/12, ::1/128, fe80::/10"




Knowledge I.T.
'Unifying Business Technology'
www.knowledgeit.co.uk

Knowledge Limited, Company Registration: 1554385
Registered Office: New Century House, Crowther Road, Washington, Tyne & Wear. 
NE38 0AQ
Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR

Tel: 0845 142 0020. Fax: 0845 142 0021

E-Mail Disclaimer: This e-mail message is intended to be received only by 
persons entitled to receive the confidential information it may contain. E-mail 
messages to clients of Knowledge IT may contain information that is 
confidential and legally privileged. Please do not read, copy, forward, or 
store this message unless you are an intended recipient of it. If you have 
received this message in error, please forward it to the sender and delete it 
completely from your computer system.

Please consider the environment before printing this email.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] IPv4 and IPv6 sockets at the same time

2011-07-21 Thread Chris Russell 
Hi Martin,

 This may be your version and/or setup.  As a side note, strongly recommend you 
upgrade to Centos 6, as the ipv6 code in the kernel provided with Centos 5 
doesn't perform ipv6 connection tracking properly in terms of the firewall. 
Does work fine but you need to allow more than you should.

 That aside though,

 Running pdns-recursor-3.3-1 here on Centos 5.6, its working fine for both. 
Relevant Line from recursor.conf:




local-address=127.0.0.1,ipv4.address, ::1, ipv6.address


[root@www ~]# pdns_recursor --version
version: 3.3

[root@www ~]# dig www.google.com @127.0.0.1

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> www.google.com @127.0.0.1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16222
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.IN  A

;; ANSWER SECTION:
www.google.com. 86249   IN  CNAME   www.l.google.com.

...
;; SERVER: 127.0.0.1#53(127.0.0.1)


# ipv6

[root@www ~]# dig www.google.com @::1

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> www.google.com @::1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35756
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.IN  A

;; ANSWER SECTION:
www.google.com. 86400   IN  CNAME   www.l.google.com.

...
;; SERVER: ::1#53(::1)




-Original Message-
From: pdns-users-boun...@mailman.powerdns.com 
[mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of Marten Lehmann
Sent: 21 July 2011 12:48
To: pdns-users@mailman.powerdns.com
Subject: Re: [Pdns-users] IPv4 and IPv6 sockets at the same time

Hello,


> Try this:
>
> local-address=127.0.0.1
> local-ipv6=::1

there is no option "local-ipv6" in pdns recursor:
http://doc.powerdns.com/built-in-recursor.html

local-address=::1,127.0.0.1 is partially working: pdns listens on ::1
and 127.0.0.1. But it only answers on 127.0.0.1, not ::1 when both ip
addresses are specified.

Could someone please try running pdns recursor with this config file:

setuid=pdns
setgid=pdns
local-address=::1,127.0.0.1
max-negative-ttl=5
allow-from=0.0.0.0/0

You can also use

local-address=127.0.0.1,::1

order doesn't seem to change the symptom.

# netstat -plntu | grep 53
tcp0  0 127.0.0.1:530.0.0.0:*
 LISTEN  673/pdns_recursor
tcp0  0 ::1:53  :::*
 LISTEN  673/pdns_recursor
udp0  0 127.0.0.1:530.0.0.0:*
 673/pdns_recursor
udp0  0 ::1:53  :::*
 673/pdns_recursor

So pdns recursor is definetely binding to the sockets as specified.

But if you do a

dig google.com @::1

you won't get any answer (at least I don't on a CentOS 5 system with
firewalls disabled for testing).

dig google.com @127.0.0.1

does work however.

Should I file a bug report?

Kind regards
Marten
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Knowledge I.T.
'Unifying Business Technology'
www.knowledgeit.co.uk

Knowledge Limited, Company Registration: 1554385
Registered Office: New Century House, Crowther Road, Washington, Tyne & Wear. 
NE38 0AQ
Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR

Tel: 0845 142 0020. Fax: 0845 142 0021

E-Mail Disclaimer: This e-mail message is intended to be received only by 
persons entitled to receive the confidential information it may contain. E-mail 
messages to clients of Knowledge IT may contain information that is 
confidential and legally privileged. Please do not read, copy, forward, or 
store this message unless you are an intended recipient of it. If you have 
received this message in error, please forward it to the sender and delete it 
completely from your computer system.

Please consider the environment before printing this email.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Potentially Silly Question! - auth server, dns-(non) sec + sec.

2011-07-21 Thread Chris Russell 
 .. and I hope the answer is RTFM, but...

 I`m looking to push out PDNS as our new primary auth servers and also with 
DNS-SEC, however only on certain zones. (Essentially to allow 2 migrations, one 
to PDNS then one to enable DNS-SEC).

 It is possible for pdnssec to also server non auth zones ? if so, how :)

 Using pdns-static-3.0rc3.20110719.2239-1, fairly standard options 
(gmysql-dnssec) - with the auth field set to 0, I can return an SOA, but no A 
records for non auth domains.



Cheers

Chris


Knowledge I.T.
‘Unifying Business Technology’
www.knowledgeit.co.uk

Knowledge Limited, Company Registration: 1554385
Registered Office: New Century House, Crowther Road, Washington, Tyne & Wear. 
NE38 0AQ
Leeds Office: Viscount Court, Leeds Road, Rothwell, Leeds. LS26 0GR

Tel: 0845 142 0020. Fax: 0845 142 0021

E-Mail Disclaimer: This e-mail message is intended to be received only by 
persons entitled to receive the confidential information it may contain. E-mail 
messages to clients of Knowledge IT may contain information that is 
confidential and legally privileged. Please do not read, copy, forward, or 
store this message unless you are an intended recipient of it. If you have 
received this message in error, please forward it to the sender and delete it 
completely from your computer system.

Please consider the environment before printing this email.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] IPv4 and IPv6 sockets at the same time

2011-07-21 Thread Marten Lehmann 

Hello,


This might be a variant of http://wiki.powerdns.com/trac/ticket/209
Could you open a new bug and reference 209 in the description?


no, I've found the problem:

Line 123 in pdns_recursor.cc defines the default allow-from rules:

#define LOCAL_NETS "127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 
172.16.0.0/12, ::1/128, fe80::/10"


So as long as I'm not defining my own allow-from rules the defaults are 
used, which work fine for IPv4 and IPv6 in local nets.


But as my goal was to have the recursor listen on a public IPv4 address 
(e.g. 71.72.73.74) as well as on a local IPv6 address (::1) my 
allow-from rule 0.0.0.0/0 was not sufficient, since it granted IPv4 
access from everywhere but at the same time replaced the default rules 
thus removing the permissions to answer to local IPv6 requests.


So the correct rule in my situation would be:

allow-from=::1/128,0.0.0.0/0

or

allow-from=::0/0,0.0.0.0/0

if I'd like to grant access through IPv6 from everywhere.

Could you please add such IPv6 examples in the documentation at 
http://doc.powerdns.com/built-in-recursor.html? I guess it would be 
helpful for others experimenting with IPv6. Thanks.


Kind regards
Marten
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] PowerDNS cannot bind - address family problem ---

2011-07-21 Thread kim Doff 
Hello Stefan,

Thanks for your reply.

Yes I have

#local-ipv6=::1
#query-local-address6=::1

But I keep receiving this error message

Jul 21 02:48:12 ns1 pdns[7904]: Respawning
Jul 21 02:48:13 ns1 pdns[8005]: Guardian is launching an instance
Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:48:13 ns1 pdns[8005]: UDP server bound to 127.0.0.1:53
Jul 21 02:48:13 ns1 pdns[8005]: Fatal error: Unable to acquire a UDPv6
socket: Address family not supported by protocol
Jul 21 02:48:14 ns1 pdns[7904]: Our pdns instance exited with code 1
Jul 21 02:48:14 ns1 pdns[7904]: Respawning
Jul 21 02:48:15 ns1 pdns[8026]: Guardian is launching an instance
Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 21 02:48:15 ns1 pdns[8026]: UDP server bound to 127.0.0.1:53
Jul 21 02:48:15 ns1 pdns[8026]: Fatal error: Unable to acquire a UDPv6
socket: Address family not supported by protocol
Jul 21 02:48:16 ns1 pdns[7904]: Our pdns instance exited with code 1
Jul 21 02:48:16 ns1 pdns[7904]: Respawning





On Thu, Jul 21, 2011 at 8:15 AM, Stefan Schmidt  wrote:

> On Thu, Jul 21, 2011 at 3:23 PM, kim Doff  wrote:
> > Hello,
>
> Hello,
>
> > My PowerDNS cannot bind
> > Logs
> > Jul 20 17:35:41 ns1 pdns[1308]: Guardian is launching an instance
> > Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to xxx.xxx.xxx.xxx:53
> > Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to 127.0.0.1:53
> > Jul 20 17:35:41 ns1 pdns[1308]: Fatal error: Unable to acquire a UDPv6
> > socket:
> > Address family not supported by protocol
> > Jul 20 17:35:42 ns1 pdns[1218]: Our pdns instance exited with code 1
> >
> > root@ns1:~# ifconfig -a lo
> > loLink encap:Boucle locale
> >   inet adr:127.0.0.1  Masque:255.0.0.0
> >   UP LOOPBACK RUNNING  MTU:16436  Metric:1
> >   RX packets:10124424 errors:0 dropped:0 overruns:0 frame:0
> >   TX packets:10124424 errors:0 dropped:0 overruns:0 carrier:0
> >   collisions:0 lg file transmission:0
> >   RX bytes:2553866141 (2.3 GiB)  TX bytes:2553866141 (2.3 GiB)
> > No Ipv6 is set...
> >
> > How can I disable ipv6?
>
> Am i assuming correctly that in your pdns.conf there is a like like
> the following?
> local-ipv6=xxx.xxx.xxx.xxx:53
> commenting it out will make PowerDNS not try to bind to it.
>
>  Stefan
>
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS cannot bind - address family problem --

2011-07-21 Thread Stefan Schmidt 
On Thu, Jul 21, 2011 at 3:23 PM, kim Doff  wrote:
> Hello,

Hello,

> My PowerDNS cannot bind
> Logs
> Jul 20 17:35:41 ns1 pdns[1308]: Guardian is launching an instance
> Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to xxx.xxx.xxx.xxx:53
> Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to 127.0.0.1:53
> Jul 20 17:35:41 ns1 pdns[1308]: Fatal error: Unable to acquire a UDPv6
> socket:
> Address family not supported by protocol
> Jul 20 17:35:42 ns1 pdns[1218]: Our pdns instance exited with code 1
>
> root@ns1:~# ifconfig -a lo
> lo        Link encap:Boucle locale
>           inet adr:127.0.0.1  Masque:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:10124424 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:10124424 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 lg file transmission:0
>           RX bytes:2553866141 (2.3 GiB)  TX bytes:2553866141 (2.3 GiB)
> No Ipv6 is set...
>
> How can I disable ipv6?

Am i assuming correctly that in your pdns.conf there is a like like
the following?
local-ipv6=xxx.xxx.xxx.xxx:53
commenting it out will make PowerDNS not try to bind to it.

 Stefan
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] PowerDNS cannot bind - address family problem --

2011-07-21 Thread kim Doff 
Hello,

My PowerDNS cannot bind

Logs

Jul 20 17:35:41 ns1 pdns[1308]: Guardian is launching an instance
Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to xxx.xxx.xxx.xxx:53
Jul 20 17:35:41 ns1 pdns[1308]: UDP server bound to 127.0.0.1:53
Jul 20 17:35:41 ns1 pdns[1308]: *Fatal error: Unable to acquire a UDPv6
socket: *
*Address family not supported by protocol*
Jul 20 17:35:42 ns1 pdns[1218]: Our pdns instance exited with code 1


root@ns1:~# ifconfig -a lo
loLink encap:Boucle locale
  inet adr:127.0.0.1  Masque:255.0.0.0
  UP LOOPBACK RUNNING  MTU:16436  Metric:1
  RX packets:10124424 errors:0 dropped:0 overruns:0 frame:0
  TX packets:10124424 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 lg file transmission:0
  RX bytes:2553866141 (2.3 GiB)  TX bytes:2553866141 (2.3 GiB)

*No Ipv6 is set...*


*How can I disable ipv6? *

Best Regards and have a nice day!

Kim
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] IPv4 and IPv6 sockets at the same time

2011-07-21 Thread bert hubert 
On Thu, Jul 21, 2011 at 01:47:31PM +0200, Marten Lehmann wrote:
> Should I file a bug report?

This might be a variant of http://wiki.powerdns.com/trac/ticket/209
Could you open a new bug and reference 209 in the description?

Thanks! We're all very busy with 3.0 auth right now, but the recursor will
get some attention soon too.

Bert
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] IPv4 and IPv6 sockets at the same time

2011-07-21 Thread Marten Lehmann 

Hello,



Try this:

local-address=127.0.0.1
local-ipv6=::1


there is no option "local-ipv6" in pdns recursor: 
http://doc.powerdns.com/built-in-recursor.html


local-address=::1,127.0.0.1 is partially working: pdns listens on ::1 
and 127.0.0.1. But it only answers on 127.0.0.1, not ::1 when both ip 
addresses are specified.


Could someone please try running pdns recursor with this config file:

setuid=pdns
setgid=pdns
local-address=::1,127.0.0.1
max-negative-ttl=5
allow-from=0.0.0.0/0

You can also use

local-address=127.0.0.1,::1

order doesn't seem to change the symptom.

# netstat -plntu | grep 53
tcp0  0 127.0.0.1:530.0.0.0:* 
LISTEN  673/pdns_recursor
tcp0  0 ::1:53  :::* 
LISTEN  673/pdns_recursor
udp0  0 127.0.0.1:530.0.0.0:* 
673/pdns_recursor
udp0  0 ::1:53  :::* 
673/pdns_recursor


So pdns recursor is definetely binding to the sockets as specified.

But if you do a

dig google.com @::1

you won't get any answer (at least I don't on a CentOS 5 system with 
firewalls disabled for testing).


dig google.com @127.0.0.1

does work however.

Should I file a bug report?

Kind regards
Marten
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Error with pdns v3.0 RC3 with LDAP backend - queries return wrong results after backend connection is lost and re-established

2011-07-21 Thread bert hubert 
On Thu, Jul 21, 2011 at 11:38:32AM +0300, Nick Milas wrote:
> On 21/7/2011 11:27 πμ, bert hubert wrote:
> 
> >Can you reproduce with query-cache-ttl=0 and negquery-cache-ttl=0 and
> >cache-ttl=0 ?
> 
> Yes, same behavior, even with the above directives.

You'll need to repeat the query three times, or set distributor-threads=1.
Each backend needs to reconnect, and will generate a SERVFAIL once.

Bert
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Error with pdns v3.0 RC3 with LDAP backend - queries return wrong results after backend connection is lost and re-established

2011-07-21 Thread Nick Milas 

On 21/7/2011 11:27 πμ, bert hubert wrote:


Can you reproduce with query-cache-ttl=0 and negquery-cache-ttl=0 and
cache-ttl=0 ?


Yes, same behavior, even with the above directives.

Nick
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Error with pdns v3.0 RC3 with LDAP backend - queries return wrong results after backend connection is lost and re-established

2011-07-21 Thread bert hubert 
On Thu, Jul 21, 2011 at 11:25:00AM +0300, Nick Milas wrote:
> Hi,
> 
> This (most probably) has to do with the fix of Ticket #260.
> 
> I noticed that in case pdns loses contact with the backend ldap
> server, when it recovers, it no more returns correct results to DNS
> queries. For some hosts it returns only A record, for others only
>  record and in some cases no record at all (no SERVFAIL notice;
> both A and  records are defined).

Can you reproduce with query-cache-ttl=0 and negquery-cache-ttl=0 and
cache-ttl=0 ?

Bert
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] DNSSEC slave servers

2011-07-21 Thread Stefan Schmidt 
On Thu, Jul 21, 2011 at 4:19 AM, kim Doff  wrote:
> Hello,

Hello Kim,

> I set up my Slave Server and use mysql database replication with ssl
> encryption
> as shown here:
> http://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-debian-squeeze
> Could somebody please point me in the right direction  how to set up DNSSEC
> slave servers?

Please have a look at the documentation for the gmysql backend at
http://doc.powerdns.com/generic-mypgsql-backends.html#id479879
In addition to the block after "The default setup conforms to the
following schema:"
for DNSSEC you also need to alter that schema with the block after
"To support or migrate to DNSSEC, the following SQL statements must be
executed:"

Basically you will end up with the additional tables domainmetadata,
cryptokeys and tsgikeys
being used for DNSSEC plus two more columns in the records table.

To put your domains under DNSSEC protection you then need to choose a
mode of operation for them as described in
http://doc.powerdns.com/dnssec-migration.html
and switch them over using the pdnssec utility as it says.

kind regards,

 Stefan
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Error with pdns v3.0 RC3 with LDAP backend - queries return wrong results after backend connection is lost and re-established

2011-07-21 Thread Nick Milas 

Hi,

This (most probably) has to do with the fix of Ticket #260.

I noticed that in case pdns loses contact with the backend ldap server, 
when it recovers, it no more returns correct results to DNS queries. For 
some hosts it returns only A record, for others only  record and in 
some cases no record at all (no SERVFAIL notice; both A and  records 
are defined).


After a pdns-server restart, the problem no more occurs (until there is 
a disconnect with ldap server again).


Initially I thought it had to do with LDAP server issues and I tried 
slapindex, but this did not correct the problem.


I see this behavior consistently (always) when connection with ldap 
server is lost and re-established and is always solved when pdns-server 
is restarted (and only then).


Please advise.

Thanks,
Nick
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users