[Pdns-users] getting stats for pdns
Hi, Is there a fast and simple way to get stats for pdns usage? For example dns queries and packets send received and so on. Cause we might be using a third party DNS service and would like to know what are our DNS usage to calculate cost. Thanks. -- Liong Kok Foo ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns error sendto
Hi, I turned off the firewall over the weekend to see if the firewall is the one causing this error. True enough, the error did not show in the logs. This means that somehow the APF firewal is blocking port 53 which I have already opened. Double and Triple and Quadruple and ... checked the settings. Do not understand what's the problem. Maybe someone can shed some light? What other iptables firewall you guys are using for CentOS? I used APF because it is something easy to configure and it was working fine years ago when I started using it. Unfortunately the developed has ceased to provide support. Thanks. Liong Kok Foo On 2/26/2011 7:55 PM, Leen Besselink wrote: On 02/25/2011 07:46 AM, Liong Kok Foo wrote: Hi, I have double checked and I did configured the firewall port 53 tcp/udp. Could it possible there are other port that need to be opened.? I am using APF firewall. If anyone is also using that, please share your configuration. If it's not firewall, where else can I look? What other logs? Sorry for the late reply. It is not the firewall on some network device. It is the firewall (like iptables, ipf or pf) on the machine running the PowerDNS server. Thanks. Hope that helps, if you haven't solved it already Liong Kok Foo On 2/21/2011 5:31 PM, Marc Haber wrote: On Mon, Feb 21, 2011 at 02:07:00PM +0800, Liong Kok Foo wrote: Sorry for my noobness, but could you explain on what you mean by local packet filter? Do you mean firewall? If yes, then what port do I look? FYI, I have open port 53 tcp/udp for outgoing and incoming. That should be enough, if it was done right. Greetings Marc ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns error sendto
Hi, I have double checked and I did configured the firewall port 53 tcp/udp. Could it possible there are other port that need to be opened.? I am using APF firewall. If anyone is also using that, please share your configuration. If it's not firewall, where else can I look? What other logs? Thanks. Liong Kok Foo On 2/21/2011 5:31 PM, Marc Haber wrote: On Mon, Feb 21, 2011 at 02:07:00PM +0800, Liong Kok Foo wrote: Sorry for my noobness, but could you explain on what you mean by local packet filter? Do you mean firewall? If yes, then what port do I look? FYI, I have open port 53 tcp/udp for outgoing and incoming. That should be enough, if it was done right. Greetings Marc ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns error sendto
Sorry for my noobness, but could you explain on what you mean by local packet filter? Do you mean firewall? If yes, then what port do I look? FYI, I have open port 53 tcp/udp for outgoing and incoming. Liong Kok Foo On 2/18/2011 4:32 PM, Marc Haber wrote: On Fri, Feb 18, 2011 at 03:46:50PM +0800, Liong Kok Foo wrote: Few days ago my server got hacked into and someone deleted the /boot directory. We had to reformat the server and re-install everything. I manage to get everything back running however pdns is giving out some error. pdns[2873]: Error sending reply with sendto (socket=5): Operation not permitted See whether your local packet filter allows pdns to send out answers. Greetings Marc ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] pdns error sendto
Hi all, Few days ago my server got hacked into and someone deleted the /boot directory. We had to reformat the server and re-install everything. I manage to get everything back running however pdns is giving out some error. I am sure I must have missed something due to having the pressure to restore everything on this server back ASAP. Would appreciate if someone could shed some light on how to solve this problem. pdns[2873]: Error sending reply with sendto (socket=5): Operation not permitted Thanks. -- Liong Kok Foo ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] lazy-recursion
Hi all, Hope someone can help to answer this noob question. My pdns has gone live. Yeah. But I am seeing a lot of recursion error which is fine as i know those are external domains not authoritive in the pdns server. But can I fix this by enabling lazy-recursion? Currently it is commented out. But default is yes?? Or do i need to install recursor? What's the difference between lazy-recursion and recursor? Thanks. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] reverse dns creation
Hi, Can someone guide me on setting up reverse dns for powerdns? The docs does not mention about it. I have a previous bind for reverse dns as below: in named.conf file:- zone 96.87.222.111.in-addr.arpa. { type master; file /var/named/96.87.222.111.in-addr.arpa.; allow-update { 111.222.221.50; }; }; in 96.87.222.111.in-addr.arpa. file:- $TTL 3D @ IN SOA mydomain.com. hostmaster.mydomain.com. ( 0909200901 ; Serial 10800 ; Refresh 1800; Retry 360 ; Expire 86400) ; Minimum TTL NS ns1.mydomain.com. NS ns2.mydomain.com. ; ; Servers ; 117 IN PTR mail.mydomain.com.sg. How should I setup this in powerdns? Is this even correct? Aren't reverse dns supposed to have only 3 subnets and then last one defined in the PTR record? Please help. Thanks. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] pdns master and windows slave
hi, I am testing master/slave with powerdns as master (11.11.11.11) and windows server dns as slave (22.22.22.22). I created a non-existing domain in powerdns as master. Then created same domain in windows server dns as slave. At first creation, i can get the DNS details from master. Then I make changed to master. From pdns, I ran the command pdns_control notify test.org. Then I get reply says this added into queue. Then I traced /var/log/messages in pdns server. Below is what I get. Feb 2 11:14:22 servervn pdns[30663]: 1 domain for which we are master needs notifications Feb 2 11:14:22 servervn pdns[30663]: Queued notification of domain 'test.org' to 11.11.11.11 Feb 2 11:14:22 servervn pdns[30663]: Queued notification of domain 'test.org' to 22.22.22.22 Feb 2 11:14:22 servervn pdns[30663]: Received NOTIFY for test.org from 22.22.22.22 but slave support is disabled in the configuration Feb 2 11:14:23 servervn pdns[30663]: Received unsuccesful notification report for 'test.org' from 22.22.22.22, rcode: 4 Feb 2 11:14:23 servervn pdns[30663]: Removed from notification list: 'test.org' to 22.22.22.22 Feb 2 11:14:23 servervn pdns[30663]: Removed from notification list: 'test.org' to 11.11.11.11 (was acknowledged) Feb 2 11:14:23 servervn pdns[30663]: Received spurious notify answer for 'test.org' from 11.11.11.11 Feb 2 11:14:25 servervn pdns[30663]: No master domains need notifications Apart from the pdns trying to update itself, which I read is nothing serious, it also failed to update the slave in windows server dns. Please advice. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] recursion needed
Hi, Me again with some noob questions. I have some domains with cname records pointing to another external domain. Let's say the cname is as below: cdn.domain.com IN CNAME domain.cdn-asia.com domain.cdn-asia.com obviously is external domain that points to correct IP address. When I query the NS, it will say Not authoritative for domain.cdn-asia.com. Recursion was desired. Should I be concerned with this error? Or is it just part of the warning you get if pdns is not running recursor? Should I install recursor? Is it really neccessary? Thanks. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns master question
Hi, Thanks for the reply Curtis. Now I know about AXFR. But my question is, 1) I have set the pdns as master but how do I update the slaves normally? Do I tell master where is the slaves or do I tell the slaves who is their master? Sorry...cause the docs only said about setting master=yes but did not explain after that. In bind, there in the named.conf file that specifiy allow update from 11.11.11.11 (slave IP). Then in the slave, I specify the master. Does it work the same for pdns? If so, where do I specify allow update in pdns? 2) Is there any more detailed docs on setting up master/slave for pdns? So far all the tutorials I see are only mentioning db replication. Liong Kok Foo System Administrator Innity Sdn Bhd Office: +603 7880 5611 Direct: +6012 619 9397 On 1/28/2010 10:47 PM, Curtis Maurand wrote: That's what the notification does. If the domain on the other end is up to date, then nothing happens. Otherwise you'll see an AXFR happen. You can manually update the slave by issuing pdns_control retrieve domainname on the slave. On 1/28/2010 4:28 AM, Liong Kok Foo wrote: Would appreciate if someone could help with this problem. This issue is stopping me from having this new pdns running live. Thanks. On 1/26/2010 11:01 AM, Liong Kok Foo wrote: Hi, I am sorry if this seems a very noob question as I am very new to managing DNS. I have already changed pdns config to master=yes. So now I am testing with one domain. I changed that domain to master. Let's call it testdomain.com. This is an existing domain in pdns (NS0) and live NS1.mydomain.com and NS2.mydomain.com. Then I can see from the /var/log/messages this below: 1 domain for which we are master needs notifications Jan 26 10:15:18 servervn pdns[31055]: Queued notification of domain 'testdomain.com' to 1.2.3.4 Jan 26 10:15:19 servervn pdns[31055]: Removed from notification list: 'testdomain.com' to 1.2.3.4 (was acknowledged) Jan 26 10:15:22 servervn pdns[31055]: No master domains need notifications Where 1.2.3.4 is the IP of NS1 (live master running bind). Does this seem correct? How does NS1 know to update testdomain from NS0? Why is NS1 acting like slave to NS0? NS1 is a master. In NS0 (running pdns), there is a line testdomain.com NS ns1.mydomain.com. Could this be the reason why NS0 as master is updating to the NS1? Please advice. Thanks. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] need help setting up pdns
Dear Hubert, Thanks for the reply. I don't think this is nslookup's problem. The message i am getting : /Jan 20 17:31:55 domainvn pdns[21108]: Not authoritative for //'test.com.HOME.COM', sending servfail to 111.222.333.444 (recursion was// desired)/ That is from the pdns server's log. To prove that point, you could query your own pdns using windows desktop from your side with nslookup command. See if you get the same error/warning in your pdns server messages log. Any other ideas? Could it be something to do with SOA and hostmaster? I still not quite sure what they are or maybe I set them up wrongly. Thanks Hello Liong Kok Foo, Am Wednesday 20 January 2010 10:59:47 schrieb Liong Kok Foo: / test.com // // Server: ns0.domain.com // Address: 74.54.111.111 // // Name:test.com // Address: 1.2.3.4 // -- // Results looks okay from nslookup. // // But in the pdns server log file, i tail the /var/log/messages: // // Jan 20 17:31:55 domainvn pdns[21108]: Not authoritative for // 'test.com.HOME.COM', sending servfail to 111.222.333.444 (recursion was // desired) // // Where 111.222.333.444 is external ip for my current internet connection. / Just a gues: what if nslookup at first try to resolve test.com.HOME.COM because HOME.COM is your default domain on your XP client, and after that, because it fails ask for test.com and get the right answer (this will not be loged)? This is the wrong order, but it is Windows XP. Everything is possible... ;-) best regards, hubert -- Hubert Krause Risk Fraud Division INFORM GmbH, Pascalstraße 23, 52076 Aachen, Germany Phone: +49 24 08 - 94 56 5145 E-Mail:hubert.krause at inform-ac.com http://mailman.powerdns.com/mailman/listinfo/pdns-users, Web:http://www.inform-ac.com INFORM Institut fuer Operations Research und Management GmbH Registered AmtsG Aachen HRB1144 Gfhr. Adrian Weiler Registered AmtsG Aachen HRB1144 Gfhr. Adrian Weiler ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] pdns version 2 and 3
Hi, BTW, I am using pdns version : pdns-2.9.21.1-1.el5.rf Should I change to using version 3 recursor instead? I would prefer a stable version with minimum problems. 3 is still in beta, right? Thanks. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users