[Pdns-users] SSL Proxy with PowerDNS

2023-05-04 Thread Tom Barrett via Pdns-users 
I'm looking for a solution for running an SSL proxy with PowerDNS.  This is
a service that will auto-generate SSL certs (such as letsencrypt) for each
zone.

thanks in advance

Tom


-- 
Thomas Barrett
President
EnCirca, Inc
+1.781.942.9975 (office)
400 W. Cummings Park, Suite 1725
Woburn, MA 01801 USA
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] DNSLink or IPFS Support in PowerDNS

2023-01-20 Thread Tom Barrett via Pdns-users 
I would be interested in speaking with anyone who has experimented with
customizing PowerDNS to support IPFS or the DNSLink TXT record type.

Thanks

Tom

-- 
Thomas Barrett
President
EnCirca, Inc
+1.781.942.9975 (office)
400 W. Cummings Park, Suite 1725
Woburn, MA 01801 USA
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] tips for CNAME Flattening

2020-06-30 Thread Tom Barrett via Pdns-users 
I'm looking for tips on how to implement CNAME Flattening in PowerDNS .  I
believe other DNS providers accomplish this using so-called "ANAME" records.

I assume it involves the use of ALIAS records and found this comment in
another thread:
Starting with the PowerDNS Authoritative Server 4.0.0, DNSSEC ‘washing’ of
ALIAS records is supported on AXFR (*not* on live-signing). Set
outgoing-axfr-expand-alias to ‘yes’ and enable DNSSEC for the zone on the
master. PowerDNS will sign the A/ records during the AXFR.

Does this accomplish CNAME Flattening vis-a-vis the intended ANAME behavior
or is there more to it?

thanks in advance,

Tom
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] problem with 4.1.0 recursion removed

2019-08-11 Thread Tom Ivar Helbekkmo via Pdns-users 
Juha Heinanen via Pdns-users  writes:

> Some of the e164.arpa domains used in my SIP Proxy environment are
> private and thus (on purpose), are not registered under e164.arpa.

Depending on what software you're using, it may be possible to work
around this by using another DNS domain.  With Asterisk, for instance,
the enum.conf file allows you to specify one or more domains to be
searched in addition to e164.arpa -- the example given in the file is
e164.org, but you could easily use a local subdomain.

Otherwise, you might just have to write some Lua code to handle the
lookups for you.  For examples of how to do this in the recursor, see
.

Hmm.  Might it also work to do something really simple involving more
than one recursor?  If the primary recursor had something like this:

forward-zones-recurse=e164.arpa=10.0.0.11;1.1.1.1

...and the one at 10.0.0.11 then had:

forward-zones=e164.arpa=10.0.0.12

...with 10.0.0.12 being the local "authoritative" server for e164.arpa,
might then a number end up first being looked up on 10.0.0.12, and then,
if that failed, using 1.1.1.1?  I guess it's possible that 10.0.0.11
would need a Lua hack to transform a NXDOMAIN into some sort of failure,
to cause the primary recursor to go to 1.1.1.1 (or a third local
recursor, if you prefer, of course).

Could someone who knows more about this than I do tell me how far into
the wrong ball park I am with this stuff?  :)

-tih
-- 
Most people who graduate with CS degrees don't understand the significance
of Lisp.  Lisp is the most important idea in computer science.  --Alan Kay
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Increment SOA programmatically?

2018-11-06 Thread Tom Ivar Helbekkmo via Pdns-users 
MRob  writes:

> So... any to help on this below keeping in mind I use autoserial?

Yeah, Daniel Miller already told you what's wrong and how to fix it.

>>> pdnsutil increase-serial example.org
>> Error: Parsing record content (try 'pdnsutil check-zone'): missing
>> field at the end of record content 'ns.example.org cont...@example.org
>> 0'

The "missing field at the end" means it's looking for more fields than
you've put there.  Daniel suggested:

> ns.example.org cont...@example.org 2018110601 86400 7200 604800 300
>
> Instead of a simple 0 - suggest using a datestamp and starting with
> today's config.  But the other parameters aren't optional (though you
> should adjust for your needs).

If you want to use autoserial, you set the serial number itself to 0, as
you say, so then you get something like:

ns.example.org cont...@example.org 0 86400 7200 604800 300

As Daniel said, the other parameters aren't optional (and the above
values for them are just (reasonable) suggestions).

-tih
-- 
Most people who graduate with CS degrees don't understand the significance
of Lisp.  Lisp is the most important idea in computer science.  --Alan Kay
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] pdns_recursor suddenly decided ALL dnssec queries were bogus

2018-10-11 Thread Tom Ivar Helbekkmo via Pdns-users 
Nick Williams  writes:

> Anyone have any clue what happened? Did the world break or something?

Something.  :)

https://blog.powerdns.com/2018/10/08/powerdns-and-the-icann-ksk-roll/

-tih
-- 
Most people who graduate with CS degrees don't understand the significance
of Lisp.  Lisp is the most important idea in computer science.  --Alan Kay


signature.asc
Description: PGP signature
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS and automatic wildcard Let's Encrypt certificate renewal

2018-10-01 Thread Tom Ivar Helbekkmo via Pdns-users 
Predrag Mijatovic  writes:

> mysql -h localhost -u powerdns -pmypass powerdns -e "select * from tsigkeys"
> +++-+--+
> | id | name   | algorithm   | secret   |
> +++-+--+
> |  1 | cerbot | hmac-sha512 | mysecret |
> +++-+--+
> [...]
> Packet for domain 'mysite.com' denied: can't find TSIG key with name
> 'certbot' and algorithm 'hmac-sha512'

Seems legit.  :)

(You misspelled the key name when you created it.)

-tih
-- 
Most people who graduate with CS degrees don't understand the significance
of Lisp.  Lisp is the most important idea in computer science.  --Alan Kay


signature.asc
Description: PGP signature
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Notification for domains to ip1:53 failed after retries

2018-01-25 Thread Tom Ivar Helbekkmo 
Pieter Lexis  writes:

> Moreover, the DNSBL experience can also be approximated by using the Lua
> scripting functionality in the Recursor[2] to block queries based on a
> loaded list.
> [...]
> 1 - https://doc.powerdns.com/recursor/lua-config/rpz.html
> 2 - https://doc.powerdns.com/recursor/lua-scripting/index.html

I found these two blog postings useful:

https://blog.powerdns.com/2016/01/19/efficient-optional-filtering-of-domains-in-recursor-4-0-0/
https://blog.powerdns.com/2016/06/28/response-policy-zone-support-in-powerdns-recursor/

-tih
-- 
Most people who graduate with CS degrees don't understand the significance
of Lisp.  Lisp is the most important idea in computer science.  --Alan Kay


signature.asc
Description: PGP signature
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] JPowerAdmin - new version

2017-12-28 Thread Tom Ivar Helbekkmo 
Charles Sprickman  writes:

> What are some other web frontends in use? I like the looks of this,
> but I don't like maintaining java web apps...

I like nsedit (https://github.com/tuxis-ie/nsedit/).  It's simple to set
up, and very user friendly.  I must admit, though, that most of the time
I find myself just using "pdnsutil edit-zone" instead.

-tih
-- 
Most people who graduate with CS degrees don't understand the significance
of Lisp.  Lisp is the most important idea in computer science.  --Alan Kay
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Manual AXFR command?

2013-08-20 Thread Tom van Leeuwen 

I've put the script here guys: https://github.com/TvL2386/pdns-tools

On 08/20/2013 11:54 AM, Mohamed Brahimi wrote:


On Mon, Aug 19, 2013 at 5:27 PM, Klaus Darilion 
mailto:klaus.mailingli...@pernau.at>> 
wrote:


That even ignores the serial and always transfers the zone. Put in
into a loop as suggested by Tom and replace MASTER with SLAVE.


Hi Klaus,

Thanks, I've used the script suggested by Tom and it's working 
perfectly (Notification from the Master).
I would use the retrieve option on the slave for double verification, 
but less frequently.


Best regards,
Mohamed



___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Manual AXFR command?

2013-08-14 Thread Tom van Leeuwen 

Query should be: SELECT name FROM domains WHERE type = 'MASTER'

On 08/14/2013 01:09 PM, Tom van Leeuwen wrote:

On your MASTER:

#!/bin/bash

PASS='secret'
USER='pdns'
DB='pdns'

DOMAINS=$(echo "SELECT name FROM domains p WHERE type = 'MASTER'"
| mysql -N -u$USER -p$PASS $DB)

for DOMAIN in $DOMAINS; do
  echo "Sending notifies for: $DOMAIN"
  pdns_control notify $DOMAIN
done


Regards,
Tom

On 08/14/2013 12:58 PM, ymicromed wrote:

Hi,

Is it possible to notify the slaves for all existing domains?
or to retrieve all domain from the master?

Thank you in advance.



--
View this message in 
context:http://powerdns.13854.n7.nabble.com/Manual-AXFR-command-tp10121p10223.html
Sent from the PowerDNS mailing list archive at Nabble.com.

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users




___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Manual AXFR command?

2013-08-14 Thread Tom van Leeuwen 

On your MASTER:

   #!/bin/bash

   PASS='secret'
   USER='pdns'
   DB='pdns'

   DOMAINS=$(echo "SELECT name FROM domains p WHERE type = 'MASTER'" |
   mysql -N -u$USER -p$PASS $DB)

   for DOMAIN in $DOMAINS; do
  echo "Sending notifies for: $DOMAIN"
  pdns_control notify $DOMAIN
   done


Regards,
Tom

On 08/14/2013 12:58 PM, ymicromed wrote:

Hi,

Is it possible to notify the slaves for all existing domains?
or to retrieve all domain from the master?

Thank you in advance.



--
View this message in context: 
http://powerdns.13854.n7.nabble.com/Manual-AXFR-command-tp10121p10223.html
Sent from the PowerDNS mailing list archive at Nabble.com.

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Slave AXFR not working 100% at high rates

2013-07-19 Thread Tom van Leeuwen 
Hi Mohamed,

Thanks for your response!
I have a simple (crappy!) ruby script to notify all slaves, even with a
progressbar -_-

# File: notify-all-slaves.rb
require 'progressbar'

PASS='secret'
USER='powerdns'
DB='powerdns_db'

domains = `echo "SELECT domains.name FROM domains;" | mysql -N -u#{USER}
-p#{PASS} #{DB}`.split("\n")

pbar = ProgressBar.new('notifies', domains.count)
domains.each do |domain|
  `pdns_control notify #{domain}`
  sleep 1
  pbar.inc
end

pbar.finish
###

The main problem seems to be that the MASTER is sending out too many
notifies at once. Isn't there a way to limit the notification rate to
sane values???

Mohamed: I don't see why I should set 'disable-axfr=no' on my slave...
Also: My MASTER is not in the zones as an NS record, so the
self-notication is not happening here.
Also: I don't want/need to exclude any slaves from being notified.

Kind regards,
Tom

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Slave AXFR not working 100% at high rates

2013-07-18 Thread Tom van Leeuwen 

Hi list,

Probably same issues as in this very old post, never answered though: 
http://mailman.powerdns.com/pipermail/pdns-users/2006-July/003655.html

I'm also taking the same subject.

I've been running pdns in my company for a few years now and have been a 
happy user.

We have 1 pdns server running which is MASTER for all zonesthat we have.

For 724 domains that we have, I have added 2 new pdns servers (going 
from 8 to 10 pdns nameservers). Via a batch script I inserted a total of 
2*724 NS records to add those new pdns servers. The script was done 
adding those records before the pdns MASTER noticed the serial updates, 
so for all those 724 domains it started generating notifications in one 
batch.


After some time things calm down in /var/log/syslog and I assume pdns is 
done with all its transfers.


When doing a count of domains and records on the pdns servers that 
should have the same database contents, I get the following results:


domains records
pdns01  724   40783
pdns02  724   40783
pdns03  724   40784
pdns04  724   40297
pdns05  724   39701
pdns06  724   40777
pdns07  724   40781
pdns08  724   40783
pdns09   19 359
pdns10  317   12566

pdns09 and pdns10 are the new nameservers.

I've been walking into this issue a lot a and even have a script to 
workaround this issue.
I have a script that will notify each pdns server for every domain that 
it is authorative for. After each notification it will sleep for 0.1 
seconds. This is the workaround and will fix the issues. If I run it for 
pdns09:


pdns09  724   40784

So, should I increment threads on my MASTER?
I am running the following on my SUPERMASTER:
$ dpkg --list | grep pdns
ii  pdns-backend-mysql   3.0-1.1ubuntu1 generic MySQL 
backend for PowerDNS
ii  pdns-server  3.0-1.1ubuntu1 extremely powerful 
and versatile nameserver


$ pdns_control version
3.0

$ lsb_release -rd
Description:Ubuntu 12.04.2 LTS
Release:12.04

With the following configuration:
  allow-recursion=127.0.0.1
  config-dir=/etc/powerdns
  daemon=yes
  guardian=yes
  lazy-recursion=yes
  module-dir=/usr/lib/powerdns
  setgid=pdns
  setuid=pdns
  socket-dir=/var/run
  version-string=powerdns
  local-address=0.0.0.0
  local-port=53
  launch=gmysql
  gmysql-socket=/var/run/mysqld/mysqld.sock
  gmysql-user=pdns_user
  gmysql-dbname=pdns_db
  gmysql-password=
  disable-axfr=no
  master=yes
  slave=yes
  receiver-threads=2

pdns09: runs the same OS + Package version.
configuration:
  config-dir=/etc/powerdns
  daemon=yes
  disable-axfr=yes
  guardian=yes
  lazy-recursion=yes
  local-address=1.2.3.4
  local-port=53
  module-dir=/usr/lib/powerdns
  setgid=pdns
  setuid=pdns
  socket-dir=/var/run
  version-string=powerdns
  include=/etc/powerdns/pdns.d
  slave=yes
  receiver-threads=2
  allow-recursion=127.0.0.1, 1.2.3.0/24
  recursor=127.0.0.1

Does anybody know if I can fix the issues I'm having? Or that I'm just 
asking too much of my setup and should pipe it down a bit. I understand 
that 10*724 zone transfers at once may simply ask way too much from pdns...


Kind regards,
Tom van leeuwen


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] PDNS ldapbackend issue with PTR queries in strict mode

2012-09-27 Thread Tom Bamford 
h_key: [b49d1940]
50646bd4 bdb_idl_fetch_key: [4cbdcab0]
50646bd4 send_ldap_result: err=0 matched="" text=""
50646bd4 connection_get(18)
=> ldap_bv2dn(dc=aims,dc=ac,dc=za,0)
<= ldap_bv2dn(dc=aims,dc=ac,dc=za)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=aims,dc=ac,dc=za)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=aims,dc=ac,dc=za)=0
50646bd4 SRCH "dc=aims,dc=ac,dc=za" 2 350646bd4 0 0 0
50646bd4 filter:
(&(&(associatedDomain=in-addr.arpa)(sOARecord=*))(objectClass=dNSDomain2))
50646bd4 attrs:50646bd4  SOARecord50646bd4  dNSTTL50646bd4
modifyTimestamp50646bd4
50646bd4 bdb_idl_fetch_key: [01872a84]
50646bd4 bdb_idl_fetch_key: [b49d1940]
50646bd4 bdb_idl_fetch_key: [8268109f]
50646bd4 send_ldap_result: err=0 matched="" text=""
50646bd4 connection_get(18)
=> ldap_bv2dn(dc=aims,dc=ac,dc=za,0)
<= ldap_bv2dn(dc=aims,dc=ac,dc=za)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=aims,dc=ac,dc=za)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=aims,dc=ac,dc=za)=0
50646bd4 SRCH "dc=aims,dc=ac,dc=za" 2 350646bd4 0 0 0
50646bd4 filter:
(&(&(associatedDomain=arpa)(sOARecord=*))(objectClass=dNSDomain2))
50646bd4 attrs:50646bd4  SOARecord50646bd4  dNSTTL50646bd4
modifyTimestamp50646bd4
50646bd4 bdb_idl_fetch_key: [01872a84]
50646bd4 bdb_idl_fetch_key: [b49d1940]
50646bd4 bdb_idl_fetch_key: [1de355a4]
50646bd4 send_ldap_result: err=0 matched="" text=""
50646bd4 connection_get(18)
=> ldap_bv2dn(dc=aims,dc=ac,dc=za,0)
<= ldap_bv2dn(dc=aims,dc=ac,dc=za)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=aims,dc=ac,dc=za)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=aims,dc=ac,dc=za)=0
50646bd4 SRCH "dc=aims,dc=ac,dc=za" 2 350646bd4 0 0 0
50646bd4 filter:
(&(&(associatedDomain=)(sOARecord=*))(objectClass=dNSDomain2))
50646bd4 attrs:50646bd4  SOARecord50646bd4  dNSTTL50646bd4
modifyTimestamp50646bd4
50646bd4 bdb_idl_fetch_key: [01872a84]
50646bd4 bdb_idl_fetch_key: [b49d1940]
50646bd4 bdb_idl_fetch_key: [898e58f3]
50646bd4 send_ldap_result: err=0 matched="" text=""


I am quite stuck in trying to figure this one out. Due to the repeated
queries it looks like pdns isn't finding the SOA record but when I perform
the same ldapsearch manually the entries are indeed returned. Can anyone
offer me some clues?

Many thanks
Tom Bamford

-- 
System Administrator
African Institute for Mathematical Sciences
Cape Town, South Africa
Tel: +27 (0)21 787 9328
Fax: +27 (0)21 787 9321
Jabber: t...@aims.ac.za
Web: www.aims.ac.za
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] 2.9.21.2 SPF records - Parsing Exceptions / STL Errors (WAS: specifying more complex sql queries with gmysql back-end)

2011-12-01 Thread Tom 

Thanks Peter,

That's some good info for me to have a think about :)

Thanks again.  Tom.

On 30/11/11 18:58, Peter van Dijk wrote:

Hello Tom,

On Nov 24, 2011, at 10:38 , Tom wrote:


Exception: Parsing record content: Data field in DNS should start with quote 
(") at position 0 of 'v=spf1 include:_spf.google.com ~all'

and even more worryingly, like this:

TCP Connection Thread died because of STL error: Parsing record content: Data field 
in DNS should start with quote (") at position 0 of 'v=spf1 a:randomdomain.com 
~all'

This is not as bad as it looks - that thread was created just for serving one 
AXFR request, and it would go away at the end of the request (had it been 
successful) anyway.


Basically, after starting to validate these records, and retrospectively fixing 
the records already in the database, my performance has returned to normal.

That's good to hear! Anecdote: a user once reported dismal performance 
(hundreds of queries per second instead of tens of thousands). It turned he, 
too, was measuring how many exceptions per second C++ could generate (not a 
lot!) instead of how many valid requests PowerDNS could handle.


We are running a custom version of 2.9.21.2, with a custom written MSSQL 
back-end which we have as second in priority to the gmysql backend.  I've 
looked in to trying to use OpenDBX in order to upgrade to a later version of 
PDNS (v3+) without having to rewrite portions of the custom back-end, but I 
think it would be too much work to try and re-design our database and control 
panel to work with the database format that OpenDBX requires.  I don't think 
it's practical.  I think upgrading to 2.9.22 wouldn't be too much work, but I'm 
wondering whether the issues I've raised above would have been fixed if we did 
that.  I know that there are some bugs fixed which cause the TCP thread to 
recycle when there are timeouts, but I don't know about these parsing 
exceptions.

I have not looked at 2.9.22, but I can tell you that 3.1-pre still takes parse 
errors very seriously, like your errors pasted above. TXT parsing has become 
more lenient but other invalid data (like 'abdefgh' in an  record) can 
still yield those exceptions. Upgrading to 2.9.22 or 3.0 should not make a 
difference in performance in the face of parse errors. However, I would be 
surprised if forward-porting your patches to 2.9.22 turns out to be very 
complicated.

Kind regards,
Peter van Dijk

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Pdns-users mailing list unavailable

2011-11-29 Thread Tom 
For the benefit of the list - I joined the IRC channel yesterday to 
notify them of the problem, and it seems that the issue was down to some 
maintenance last Friday.  I won't go in to details, as it's not my place 
to do so, but 5-10 minutes after joining IRC, the backlog of mails had 
been freed! :)


Thanks all!

Tom.

On 28/11/11 16:38, Brielle Bruns wrote:

On 11/28/11 12:49 AM, Tom wrote:

Hi there,

I haven't received anything from the pdns-users mailing list since the
24th at 0700 GMT. I can see from the archive page here that there have
been more mails, including 2 replies to the [Pdns-users] Bind Master,
PDNS Slave Notifies being ignored.


And since then, I have had no connections from your servers at all. It
looks like no-one has replied to my mails on the list either, and
they're usually pretty good at getting back to people, so I suspect that
they haven't seen the mail because of this issue.

Hopefully this has just slipped through the net, and someone just needs
to fire up a service that didn't start on boot or something :)

Cheers. Tom.



Or, people were busy with their families if they were in the US 
(Thanksgiving), or were working on a full time job, or some other time 
occupying activity.  This list can go through times of quiet, and 
other times of high activity.


If this is a time critical matter, I do know there is various levels 
of commercial support that are available, including a per incident one:


http://www.powerdns.com/content/services.html

You can also attempt to ask in the #powerdns channel on irc.oftc.net 
and you may get lucky and find one or more of the developers and/or 
power users online and able to talk.




___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Pdns-users mailing list unavailable

2011-11-28 Thread Tom 

Hi there,

I haven't received anything from the pdns-users mailing list since the 
24th at 0700 GMT.  I can see from the archive page here that there have 
been more mails, including 2 replies to the [Pdns-users] Bind Master, 
PDNS Slave Notifies being ignored. 
<http://mailman.powerdns.com/pipermail/pdns-users/2011-November/008379.html>mail, 
and two of my mails which seem to have been received by the list.  I 
haven't received any of them.


All I can see in my mail logs is that on Friday (24th), I received my 
last mail.  I found then, after sending a mail to the list myself, that 
it was deferred on my side because of timeouts connecting to 
mailman.powerdns.com.  Finally, at 15:39 on Friday, the mail was finally 
relayed from my deferred queue


Nov 24 09:37:51 mail postfix/smtp[21094]: connect to 
mailman.powerdns.com[85.17.219.218]: Connection timed out (port 25)
Nov 24 09:37:51 mail postfix/smtp[21094]: E19652EEB9: 
to=, relay=none, delay=21, 
delays=0.04/0.03/21/0, dsn=4.4.1, status=deferred (connect to 
mailman.powerdns.com[85.17.219.218]: Connection timed out)




Nov 24 15:39:43 mail postfix/smtp[30639]: E19652EEB9: 
to=, 
relay=mailman.powerdns.com[85.17.219.218]:25, delay=21734, 
delays=21733/0.02/0.23/0.08, dsn=2.0.0, status=sent (250 2.0.0 Ok: 
queued as A1551740DA)



And since then, I have had no connections from your servers at all.  It 
looks like no-one has replied to my mails on the list either, and 
they're usually pretty good at getting back to people, so I suspect that 
they haven't seen the mail because of this issue.


Hopefully this has just slipped through the net, and someone just needs 
to fire up a service that didn't start on boot or something :)


Cheers.  Tom.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Fwd: 2.9.21.2 SPF records - Parsing Exceptions / STL Errors

2011-11-28 Thread Tom 

Thank you for your help in my previous mail (Peter Van Dijk, Nils
Breunese) (entitled: specifying more complex sql queries with gmysql
back-end).

It looks like I don't need to do that any more.  Basically, I was having
problems with a massive qsize-q, and despite my hugely beefy sql servers
not breaking a sweat in terms of CPU/Memory/Disk IO, I was thinking that
InnoDB might be struggling after seeing the InnoDB status showing loads
and loads of unstarted transactions.  Anyway, it turns out that the
problem was actually down to us recently allowing customers to start
setting up SPF records.  We weren't validating them properly, and we
were seeing a lot of exceptions like the following:

Exception: Parsing record content: Data field in DNS should start with
quote (") at position 0 of 'v=spf1 include:_spf.google.com ~all'

and even more worryingly, like this:

TCP Connection Thread died because of STL error: Parsing record content:
Data field in DNS should start with quote (") at position 0 of 'v=spf1
a:randomdomain.com ~all'

Basically, after starting to validate these records, and retrospectively
fixing the records already in the database, my performance has returned
to normal.

We are running a custom version of 2.9.21.2, with a custom written MSSQL
back-end which we have as second in priority to the gmysql backend.
I've looked in to trying to use OpenDBX in order to upgrade to a later
version of PDNS (v3+) without having to rewrite portions of the custom
back-end, but I think it would be too much work to try and re-design our
database and control panel to work with the database format that OpenDBX
requires.  I don't think it's practical.  I think upgrading to 2.9.22
wouldn't be too much work, but I'm wondering whether the issues I've
raised above would have been fixed if we did that.  I know that there
are some bugs fixed which cause the TCP thread to recycle when there are
timeouts, but I don't know about these parsing exceptions.  We do suffer
with the TCP back-end recycling because of time-out errors, so it'd be
good to fix them anyway!

Any ideas if I should ask one of our developers to try and get our
patches to apply cleanly to 2.9.22?

If only they had contributed the patches to the project all those years
ago...

Thanks for your help so far!

Tom.


PS
nb. Re-sending this email again, as I was getting these maillog entries 
yesterday:

/Nov 24 14:33:24 mail postfix/smtp[28988]: B373F2EECC:
to=, relay=none, delay=3213,
delays=3191/0.03/21/0, dsn=4.4.1, status=deferred (connect to
mailman.powerdns.com[85.17.219.218]: Connection timed out)/

...which meant the list wasn't receiving my mail.  In fact, I didn't
receive any mail from the list after 7AM GMT yesterday, so I think it
might have been down?

The mails I sent did go eventually though:

/Nov 24 15:39:43 mail postfix/smtp[30639]: E19652EEB9:
to=,
relay=mailman.powerdns.com[85.17.219.218]:25, delay=21734,
delays=21733/0.02/0.23/0.08, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as A1551740DA)/

/Nov 24 15:39:48 mail postfix/smtp[30638]: B373F2EECC:
to=,
relay=mailman.powerdns.com[85.17.219.218]:25, delay=7197,
delays=7191/0.03/5.3/0.07, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued
as B949A740DA)/

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] 2.9.21.2 SPF records - Parsing Exceptions / STL Errors

2011-11-28 Thread Tom 
(nb. apologies if this is a duplicate email, however, I sent one earlier 
in reply to my earlier thread, but altered the subject, and it doesn't 
seem to have come through)


Thank you for your help in my previous mail (Peter Van Dijk, Nils 
Breunese) (entitled: specifying more complex sql queries with gmysql 
back-end).


It looks like I don't need to do that any more.  Basically, I was having 
problems with a massive qsize-q, and despite my hugely beefy sql servers 
not breaking a sweat in terms of CPU/Memory/Disk IO, I was thinking that 
InnoDB might be struggling after seeing the InnoDB status showing loads 
and loads of unstarted transactions.  Anyway, it turns out that the 
problem was actually down to us recently allowing customers to start 
setting up SPF records.  We weren't validating them properly, and we 
were seeing a lot of exceptions like the following:


Exception: Parsing record content: Data field in DNS should start with 
quote (") at position 0 of 'v=spf1 include:_spf.google.com ~all'


and even more worryingly, like this:

TCP Connection Thread died because of STL error: Parsing record content: 
Data field in DNS should start with quote (") at position 0 of 'v=spf1 
a:randomdomain.com ~all'


Basically, after starting to validate these records, and retrospectively 
fixing the records already in the database, my performance has returned 
to normal.


We are running a custom version of 2.9.21.2, with a custom written MSSQL 
back-end which we have as second in priority to the gmysql backend.  
I've looked in to trying to use OpenDBX in order to upgrade to a later 
version of PDNS (v3+) without having to rewrite portions of the custom 
back-end, but I think it would be too much work to try and re-design our 
database and control panel to work with the database format that OpenDBX 
requires.  I don't think it's practical.  I think upgrading to 2.9.22 
wouldn't be too much work, but I'm wondering whether the issues I've 
raised above would have been fixed if we did that.  I know that there 
are some bugs fixed which cause the TCP thread to recycle when there are 
timeouts, but I don't know about these parsing exceptions.  We do suffer 
with the TCP back-end recycling because of time-out errors, so it'd be 
good to fix them anyway!


Any ideas if I should ask one of our developers to try and get our 
patches to apply cleanly to 2.9.22?


If only they had contributed the patches to the project all those years 
ago...


Thanks for your help so far!

Tom.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] 2.9.21.2 SPF records - Parsing Exceptions / STL Errors (WAS: specifying more complex sql queries with gmysql back-end)

2011-11-28 Thread Tom 
Thank you for your help.  It looks like I don't need to do this any 
more.  Basically, I was having problems with a massive qsize-q, and 
despite my hugely beefy sql servers not breaking a sweat in terms of 
CPU/Memory/Disk IO, I was thinking that InnoDB might be struggling after 
seeing the InnoDB status showing loads and loads of unstarted 
transactions.  Anyway, it turns out that the problem was actually down 
to us recently allowing customers to start setting up SPF records.  We 
weren't validating them properly, and we were seeing a lot of exceptions 
like the following:


Exception: Parsing record content: Data field in DNS should start with 
quote (") at position 0 of 'v=spf1 include:_spf.google.com ~all'


and even more worryingly, like this:

TCP Connection Thread died because of STL error: Parsing record content: 
Data field in DNS should start with quote (") at position 0 of 'v=spf1 
a:randomdomain.com ~all'


Basically, after starting to validate these records, and retrospectively 
fixing the records already in the database, my performance has returned 
to normal.


We are running a custom version of 2.9.21.2, with a custom written MSSQL 
back-end which we have as second in priority to the gmysql backend.  
I've looked in to trying to use OpenDBX in order to upgrade to a later 
version of PDNS (v3+) without having to rewrite portions of the custom 
back-end, but I think it would be too much work to try and re-design our 
database and control panel to work with the database format that OpenDBX 
requires.  I don't think it's practical.  I think upgrading to 2.9.22 
wouldn't be too much work, but I'm wondering whether the issues I've 
raised above would have been fixed if we did that.  I know that there 
are some bugs fixed which cause the TCP thread to recycle when there are 
timeouts, but I don't know about these parsing exceptions.


Any ideas if I should ask one of our developers to try and get our 
patches to apply cleanly to 2.9.22?


If only they had contributed the patches to the project all those years 
ago...


Thanks for your help so far!

Tom.

On 14/11/11 22:30, Nils Breunese (Lemonbit) wrote:

Tom wrote:


Our setup is a little more complex than the default way of doing things.  We 
have a table which has what we call 'override records', which take priority 
over the records that appear in the normal records database.  We also generate 
SOAs dynamically.  Basically, the query I have does a union with records from 
both overriderecords and records, unless the dns is suspended, which is another 
comparison that needs to be done, and it also determines whether the request 
type is an SOA using a case statement, and then executes a stored procedure to 
generate the 'content' column data.

I just want to write this in to the config file rather than calling it as a 
stored procedure, and I'm hoping then that I can reduce load of the database 
server by actually having MySQL cache the results of the queries (which it 
doesn't do at all when you call a stored proc).

Could you catch all that logic in a view maybe? Then you could write a query 
against that and put that in your config file. Just a thought, I don't know if 
that could work.

http://dev.mysql.com/doc/refman/5.0/en/views.html

Nils.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] specifying more complex sql queries with gmysql back-end

2011-11-14 Thread Tom 

Hi Peter,

Our setup is a little more complex than the default way of doing 
things.  We have a table which has what we call 'override records', 
which take priority over the records that appear in the normal records 
database.  We also generate SOAs dynamically.  Basically, the query I 
have does a union with records from both overriderecords and records, 
unless the dns is suspended, which is another comparison that needs to 
be done, and it also determines whether the request type is an SOA using 
a case statement, and then executes a stored procedure to generate the 
'content' column data.


I just want to write this in to the config file rather than calling it 
as a stored procedure, and I'm hoping then that I can reduce load of the 
database server by actually having MySQL cache the results of the 
queries (which it doesn't do at all when you call a stored proc).


We also have a custom written MSSQL back-end which at the moment is 
restricting us to using powerdns 2.9.21-2, and I'm looking at trying to 
use OpenDBX for this so I can get on to later versions of powerdns.


Thanks.  Tom.

On 12/11/11 21:03, Peter van Dijk wrote:

Hello Tom,

On Nov 11, 2011, at 15:59 , Tom wrote:


With reference to specifying the queries I want to use for the gmysql back-end 
- for instance : gmysql-basic-query=

Am I right in thinking that in the pdns configuration file, I'm not going to be 
able to specify a query with references the name and query type multiple times? 
 I've just realised that the first time you use %s you're referencing the type, 
and the second time, the name.  Is there anything I can do to specify more 
complex queries (which repeat both type and name more than once)?

I understand I could be using stored procedures, but due to MySQLs unique 
implementation, the results of stored procedures are not cached, and nor are 
the results of queries within the procedures, and that's proving to be a real 
problem for me!

I do not have a clear-cut answer for you right away, but I'm curious about what 
you are trying to accomplish. Could you perhaps share some details about your 
setup, maybe even show us what the queries you have in mind look like?

Kind regards,
Peter van Dijk
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] specifying more complex sql queries with gmysql back-end

2011-11-11 Thread Tom 

Greetings list,

With reference to specifying the queries I want to use for the gmysql 
back-end - for instance : gmysql-basic-query=


Am I right in thinking that in the pdns configuration file, I'm not 
going to be able to specify a query with references the name and query 
type multiple times?  I've just realised that the first time you use %s 
you're referencing the type, and the second time, the name.  Is there 
anything I can do to specify more complex queries (which repeat both 
type and name more than once)?


I understand I could be using stored procedures, but due to MySQLs 
unique implementation, the results of stored procedures are not cached, 
and nor are the results of queries within the procedures, and that's 
proving to be a real problem for me!


Many regards.  Tom.


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] query on --out-of-zone-additional-processing

2011-02-11 Thread Tom Boland 


Greetings,

This is from the pdns documentation:

"""
out-of-zone-additional-processing | 
--out-of-zone-additional-processing=yes | 
--out-of-zone-additional-processing=no


   Do out of zone additional processing. This means that if a malicious
   user adds a '.com' zone to your server, it is not used for other
   domains and will not contaminate answers. Do not enable this setting
   if you run a public DNS service with untrusted users. Off by default.

"""

My question is this.  The description indicates that setting this to yes 
would prevent malicious use of your public authoritative DNS server with 
untrusted users (such as in our hosting company), but then goes on to 
say that you shouldn't enable this setting if you run a public DNS 
service with untrusted users?  Could someone please clarify this?



Many thanks.  Tom.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] PDNS returning SERVFAIL instead of NOERROR when requesting a CNAME record that doesn't exist

2009-12-08 Thread Tom Boland 

Greetings.

I currently have a problem on a production server.  There is
a customer attempting to change nameservers on a .de domain name, and 
this is failing as when the automated check for the .de registrar 
attempts to look up a CNAME record on one of the nameserver hostnames,
they get a SERVFAIL response because there is no CNAME record to return. 
 Bind will return NOERROR.


We're using pdns 2.9.21 with a mysql and mssql backend.  Before going 
and filing change requests to upgrade or change the configuration, I'm 
wondering if anyone knows why this is happening specifically, and 
whether this is fixed in later versions, or can be fixed with a 
configuration change.


Many thanks for any advice.  Tom.

nb.  Resending due to having joined the list - my prior message remains 
in the moderation queue

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] problems resolving CNAME's with pdns_recursor 3.1.7

2009-07-16 Thread Tom Mueller 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

sometimes the pdns_recursor doesn't send all A or  records where
the requested CNAME points to.
There are no cascading CNAMES, the CNAME points to an A record.
In the first query the A records are missing, some seconds (and
several more requests) later the A records were sent, too
The TTL shows that the records are fetched by pdns_recursor in the
same second.
Hint: the 'X' in hostnames and IP addresses is a replacement of other
chars and digits.

Additional informations:
We are running 2 instances of pdns_recursor listening at different
ports on this IP to scale the amount of queries.
The  concerning instance has a load average of round about 1500 qps.


There are no error messages in the log - so I wonder what's happened?
There is another issue that sometimes existing  records of another
host not sent but only the A records.

I think, when there was an error condition during recursion the
pdns_recursor has to sent a SERVFAIL, but it didn't.
So it may be possible that there is an issue in the cache management
when a refresh is needed it is not performed immediately?
Any idea?

- 

~ # dig XXftp.rz-ip.net

; <<>> DiG 9.3.4 <<>> XXftp.rz-ip.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36210
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;XXftp.rz-ip.net.IN  A

;; ANSWER SECTION:
XXftp.rz-ip.net. 1545IN  CNAME   XXXservices.rz-ip.net.

;; Query time: 2 msec
;; SERVER: 85.214.7.22#53(85.214.7.22)
;; WHEN: Thu Jul 16 00:25:24 2009
;; MSG SIZE  rcvd: 56

- -

~ # dig XXftp.rz-ip.net

; <<>> DiG 9.3.4 <<>> XXftp.rz-ip.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42761
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;XXftp.rz-ip.net.IN  A

;; ANSWER SECTION:
XXftp.rz-ip.net. 1510IN  CNAME   XXXservices.rz-ip.net.
XXXservices.rz-ip.net.1800IN  A   XXX.XXX.XXX.XXX
XXXservices.rz-ip.net.1800IN  A   XXX.XXX.XXX.XXX

;; Query time: 1 msec
;; SERVER: 85.214.7.22#53(85.214.7.22)
;; WHEN: Thu Jul 16 00:25:59 2009

;; MSG SIZE  rcvd: 88

- -

Best regards

- --
Tom Mueller
Entwicklung Dedicated Servers
- 
Telefon: + 49 (0)30 - 398 02 - 0
Telefax: + 49 (0)30 - 398 02 - 222
E-Mail:  t.muel...@strato-rz.de
- 
Strato Rechenzentrum AG
Pascalstr. 10
10587 Berlin
- - ---
Aufsichtsrat: Damian Schmidt (Vorsitz), Stephan Esch, Andreas Sand
Vorstand: Julien Ardisson, Christian Mueller, Christoph Steffens,
Rene Wienholtz
Amtsgericht Berlin-Charlottenburg HRB 75629

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFKXxlaboB3gPvObwIRAvCrAJ9EOM8YNYHq+J159rMggyIBQ/Wq5wCfd/+2
QrQrCXr/gsxfA4UvwMcmwTg=
=1UMy
-END PGP SIGNATURE-

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Basic PowerDNS Wildcard Question

2008-06-26 Thread Tom Rossi 
Alan,

I'm so sorry!  You are absolutely correct!  I thought I tested that
scenario last night, but I just tested again and it works.  So with
DNS records like the following:

*.example.com CNAME host.anotherdomain.com
example.com A 192.168.0.1

I am able to resolve "anything.example.com" as well as "example.com".

This will work fine BUT a CNAME would be ideal for our setup.  We have
hundreds of domains that all point to the same ip address.  If I
choose this configuration, I will need to update those hundreds of A
records.  Its all in a database now, so at least that won't be too
difficult!

Thanks!
Tom


On Thu, Jun 26, 2008 at 12:15 PM, Alan Hodgson <[EMAIL PROTECTED]> wrote:
> On Thursday 26 June 2008, "Tom Rossi" <[EMAIL PROTECTED]> wrote:
>> Alan,
>>
>> Sorry, I should have included scenario 4 which also does not work:
>>
>> SCENARIO 4
>>
>> *.example.com CNAME host.anotherdomain.com
>> example.com A 192.168.0.1
>>
>> This will resolve "anything.example.com" but will NOT resolve
>> "example.com"
>
>
> That's odd. I know 2.9.21 works fine with that exact setup here, using the
> PostgreSQL backend - just tested it.
>
> --
> Alan
> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Basic PowerDNS Wildcard Question

2008-06-26 Thread Tom Rossi 
Alan,

Sorry, I should have included scenario 4 which also does not work:

SCENARIO 4

*.example.com CNAME host.anotherdomain.com
example.com A 192.168.0.1

This will resolve "anything.example.com" but will NOT resolve "example.com"

On Thu, Jun 26, 2008 at 11:17 AM, Alan Hodgson <[EMAIL PROTECTED]> wrote:
> On Wednesday 25 June 2008, "Tom Rossi" <[EMAIL PROTECTED]> wrote:
>> I'm getting PowerDNS up and running and so far really like it.  I'm
>> having a problem though with creating a record to resolve the domain
>> by itself.  For example, I would like a CNAME or A record for the
>> domain by itself
>
> You can't put a CNAME on the domain itself. CNAME cannot co-exist with any
> other record, including SOA or NS records, and cannot have sub-records.
> It's just a really big no-no in DNS.
>
> --
> Alan
> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Basic PowerDNS Wildcard Question

2008-06-26 Thread Tom Rossi 
Thanks for looking at this for me!  I am on version 2.9.21...

On Thu, Jun 26, 2008 at 1:10 AM, bert hubert <[EMAIL PROTECTED]> wrote:
> Tom,
>
> Before delving deeply in your excellent description below, are you testing
> with 2.9.21?
>
> It is different than 2.9.20 in CNAME handling.
>
>Bert
>
> On Wed, Jun 25, 2008 at 10:05:55PM -0400, Tom Rossi wrote:
>> I'm getting PowerDNS up and running and so far really like it.  I'm
>> having a problem though with creating a record to resolve the domain
>> by itself.  For example, I would like a CNAME or A record for the
>> domain by itself so that "example.com" resolves to an IP address.
>> This shouldn't be a problem, but when I introduce a wildcard, I can't
>> get it to work.  I'm thinking I am missing something basic?  Please
>> take a look:
>>
>> I can't get any of these scenarios to work:
>>
>> SCENARIO 1:
>>
>> *.example.com CNAME host.anotherdomain.com
>>
>> This will resolve "anything.example.com" but will NOT resolve "example.com"
>>
>> SCENARIO 2:
>>
>> *.example.com CNAME host.anotherdomain.com
>> example.com CNAME host.anotherdomain.com
>>
>> This will resolve "anything.example.com" but will NOT resolve "example.com"
>>
>>
>> SCENARIO 3:
>>
>> example.com CNAME host.anotherdomain.com
>> This will NOT resolve "anything.example.com" but will resolve "example.com"
>>
>> I appreciate any help!
>>
>> Thanks,
>> Tom
>> ___
>> Pdns-users mailing list
>> Pdns-users@mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>>
>>
>> !DSPAM:4863058b137929707977280!
>
> --
> http://www.PowerDNS.com  Open source, database driven DNS Software
> http://netherlabs.nl  Open and Closed source services
>
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Basic PowerDNS Wildcard Question

2008-06-25 Thread Tom Rossi 
I'm getting PowerDNS up and running and so far really like it.  I'm
having a problem though with creating a record to resolve the domain
by itself.  For example, I would like a CNAME or A record for the
domain by itself so that "example.com" resolves to an IP address.
This shouldn't be a problem, but when I introduce a wildcard, I can't
get it to work.  I'm thinking I am missing something basic?  Please
take a look:

I can't get any of these scenarios to work:

SCENARIO 1:

*.example.com CNAME host.anotherdomain.com

This will resolve "anything.example.com" but will NOT resolve "example.com"

SCENARIO 2:

*.example.com CNAME host.anotherdomain.com
example.com CNAME host.anotherdomain.com

This will resolve "anything.example.com" but will NOT resolve "example.com"


SCENARIO 3:

example.com CNAME host.anotherdomain.com
This will NOT resolve "anything.example.com" but will resolve "example.com"

I appreciate any help!

Thanks,
Tom
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: Re: Re: [Pdns-users] Newbie Question

2007-04-13 Thread Tom Rossi 

Bert,

Thanks!  Please let me know if I can provide further details...

--Tom

On 4/13/07, bert hubert <[EMAIL PROTECTED]> wrote:


On Fri, Apr 13, 2007 at 12:26:36PM +0200, Tobias Orlamuende wrote:
> PS: I am wondering about the fact that nobody else and/or Bert enters
> this thread... Does nobody else have this problem or is it no problem at
> all???

I normally stay out of a thread if other people ('the powerdns community')
are already helping. I'll take a look at your problem again tomorrow, as
it
appears to be an issue that needs solving.

Bert

--
http://www.PowerDNS.com  Open source, database driven DNS Software
http://netherlabs.nl  Open and Closed source services

___
Pdns-users mailing list
[EMAIL PROTECTED]
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: Re: [Pdns-users] Newbie Question

2007-04-11 Thread Tom Rossi 

Tobias,

So you experienced the same thing?  A failure when a CNAME resolves to a
host on another authoritative nameserver?  Were you using nslookup for your
testing?

Thanks,
Tom

On 4/11/07, Tobias Orlamuende <[EMAIL PROTECTED]> wrote:


 Not that I am able to help, but:

We had some quite similar behaviour some weeks ago while testing some
things.
We had our two productive NS (powerdns) and one NS for testing (also
powerdns). While explicitly asking the testing one which had records for a
special CNAME it returned the IP resolved by a wildcard on the productive
one.
I also found out that if you point a CNAME to a record belonging to
another domain all resolves fine as long as the "other" domain is served by
the same server. E.g.:
test1.mytest.com => CNAME => something.anothertest.com
If there is another authoritative server for anothertest.com than the one
asked for mytest.com things fail. If it is on the same and authoritative,
everything works.
Since we found another possibility to solve "our" problem we just
asked ourselves if this behaviour is either a bug or a feature :-)
Maybe somebody could explain what the idea behind that behaviour is or
confirm it as a bug.

Cheers

Tobias
 --
 *From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]
*Sent:* Dienstag, 10. April 2007 22:43
*To:* Derrik Pates
*Cc:* pdns-users@mailman.powerdns.com
*Subject:* Re: [Pdns-users] Newbie Question

 Yes, when it starts in the monitor mode it connects to the mysql server.
Also, I can resolve any of my A records, just not the CNAME record which is
formatted as I provided earlier.

On 4/10/07, Derrik Pates <[EMAIL PROTECTED]> wrote:
>
> Tom Rossi wrote:
> > The second thing I tried was to remove the recursor key and use the
> pdns
> > as strictly authoritative.  The database remains the same -- a CNAME
> for
> > www.test.com <http://www.test.com>.  Again, I used nslookup to try and
> > resolve, but now I get a "** server can't find www.test.com
> > < http://www.test.com>: SERVFAIL"  Shouldn't it have responded with
> the
> > value of the CNAME even if it couldn't recurse to resolve it?
>
> That sounds like the database itself is misconfigured. Is there anything
>
> in the system logs from PowerDNS stating that it's successfully
> connected to the database? What backend are you using?
>
> --
> Derrik Pates
> [EMAIL PROTECTED]
>


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Newbie Question

2007-04-10 Thread Tom Rossi 

Yes, when it starts in the monitor mode it connects to the mysql server.
Also, I can resolve any of my A records, just not the CNAME record which is
formatted as I provided earlier.

On 4/10/07, Derrik Pates <[EMAIL PROTECTED]> wrote:


Tom Rossi wrote:
> The second thing I tried was to remove the recursor key and use the pdns
> as strictly authoritative.  The database remains the same -- a CNAME for
> www.test.com <http://www.test.com>.  Again, I used nslookup to try and
> resolve, but now I get a "** server can't find www.test.com
> <http://www.test.com>: SERVFAIL"  Shouldn't it have responded with the
> value of the CNAME even if it couldn't recurse to resolve it?

That sounds like the database itself is misconfigured. Is there anything
in the system logs from PowerDNS stating that it's successfully
connected to the database? What backend are you using?

--
Derrik Pates
[EMAIL PROTECTED]

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Newbie Question

2007-04-10 Thread Tom Rossi 

Okay, I've tried out my newfound knowledge and here are my results.  First I
tried adding the "allow-recursion-override=yes" to my config file.  I left
the recursor key set to my other production DNS.  I then started pdns with
"sudo /etc/init.d/pdns monitor".  I used nslookup to try and resolve
www.test.com which is set up with a CNAME.  The result was not the IP of the
CNAME value but that of the true public ip for www.test.com.  What did I do
wrong?  Also, is there a switch to have pdns monitor show me each query?  A
debug logging maybe?

The second thing I tried was to remove the recursor key and use the pdns as
strictly authoritative.  The database remains the same -- a CNAME for
www.test.com.  Again, I used nslookup to try and resolve, but now I get a
"** server can't find www.test.com: SERVFAIL"  Shouldn't it have responded
with the value of the CNAME even if it couldn't recurse to resolve it?

Thanks for your patience guys!
--Tom

On 4/10/07, Tom Rossi <[EMAIL PROTECTED]> wrote:


Thanks for the great explanation!

On 4/10/07, Derrik Pates <[EMAIL PROTECTED]> wrote:
>
> Tom Rossi wrote:
> > Thank you so much for helping me out.  I think I may be showing my
> > ignorance.  I thought it would have to be configured with a recursor
> to
> > be able to resolve something it is not authoritative.  So in my
> > scenario, the DNS is the authority for mydomain.com
> > <http://mydomain.com> and I have an MX record that points to
> > mx.google.com.  My authoritative DNS for mydomain.com needs to be
> > able to resolve mx.google.com.
>
> No, your authoritative nameserver doesn't have to care what
> 'mx.google.com' points to; it just returns the MX record by itself to
> the recursor. If the MX happened to be in a local zone, it could provide
> the A record that it points to, but that's not required. The recursor
> may (optionally) do additional processing, i.e., resolve where
> 'mx.google.com' points to, but this is not required either.
>
> > Do I need to configure a recursor
> > to make that happen?
>
> Your mailserver should either be running a local recursor (good for
> high-demand mailservers to prevent excessive waiting around for
> recursive lookups), or referring to one or more central recursors, which
>
> handle the task of recursive lookups for it.
>
> --
> Derrik Pates
> [EMAIL PROTECTED]
>


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Newbie Question

2007-04-10 Thread Tom Rossi 

Thanks for the great explanation!

On 4/10/07, Derrik Pates <[EMAIL PROTECTED]> wrote:


Tom Rossi wrote:
> Thank you so much for helping me out.  I think I may be showing my
> ignorance.  I thought it would have to be configured with a recursor to
> be able to resolve something it is not authoritative.  So in my
> scenario, the DNS is the authority for mydomain.com
> <http://mydomain.com> and I have an MX record that points to
> mx.google.com.  My authoritative DNS for mydomain.com needs to be
> able to resolve mx.google.com.

No, your authoritative nameserver doesn't have to care what
'mx.google.com' points to; it just returns the MX record by itself to
the recursor. If the MX happened to be in a local zone, it could provide
the A record that it points to, but that's not required. The recursor
may (optionally) do additional processing, i.e., resolve where
'mx.google.com' points to, but this is not required either.

> Do I need to configure a recursor
> to make that happen?

Your mailserver should either be running a local recursor (good for
high-demand mailservers to prevent excessive waiting around for
recursive lookups), or referring to one or more central recursors, which
handle the task of recursive lookups for it.

--
Derrik Pates
[EMAIL PROTECTED]

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Newbie Question

2007-04-09 Thread Tom Rossi 

I've just completed my first PowerDNS installation and have configured
it with recursive lookups and just one zone (test.com).  I created a CNAME
record for www.test.com that points to a real zone on my production
DNS.  Here is the problem, when I try to resolve www.test.com, it
doesn't come back with the IP from my CNAME record lookup, but instead
it actually resolves www.test.com from the public DNS.  This has me
wondering two things:

1.  Is this the correct format for a CNAME record?
INSERT INTO records (domain_id, name, content, type,ttl) VALUES
(1,'www.test.com','host.mydomain.com','CNAME',120);

2.  Should PowerDNS EVER send a recursive lookup for a domain that is
listed in its domains table?  Seems like it should recognize it is the
authority and always respond.

Thanks,
Tom
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PDNS not authoritative for it's own zones

2006-11-24 Thread Tom Z. Napierala 
On Friday 24 November 2006 15:46, bert hubert wrote:
> On Fri, Nov 24, 2006 at 03:42:34PM +0000, Tom Z. Napierala wrote:
> > Nov 24 15:42:55 debian pdns[714]: Not authoritative for 'testdomain.com',
> > sending servfail to 127.0.0.1 (recursion was desired)
> >
> > Is that normal? Why I can't get SOA for that domain?
>
> We've been testing that problem for a long time with you, and it does not
> appear to go away.
>
> However, you are the only one reporting it and everything we tried did not
> help.

I made fresh install on other box and it's the same problem. I've install PDNS 
from the source and got the same. 'll try to do another test install and get 
back to you.

> Did you turn on query-logging as I requested previously?

Yes. Do you need something more.?

-- 
Tom Napierala
DB Alliance Limited
North Point House, New Mallow Road, Cork, Ireland
The National Software Centre, Mahon, Cork, Ireland
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PDNS not authoritative for it's own zones

2006-11-24 Thread Tom Z. Napierala 
On Friday 24 November 2006 14:44, bert hubert wrote:
> On Fri, Nov 24, 2006 at 02:39:00PM +0000, Tom Z. Napierala wrote:
> > I'm struggling with PDSN configuration and I noticed, that it's failing
> > to provide authoritative answers for domains it's set up as a MASTER:
> > monitor:/etc/powerdns# dig @127.0.0.1 testdomain.com
>
> Please see question number 3
> http://doc.powerdns.com/pdns-users-faq.html

I've read that. But the other problem is:

Nov 24 15:42:55 debian pdns[714]: Not authoritative for 'testdomain.com', 
sending servfail to 127.0.0.1 (recursion was desired)

Is that normal? Why I can't get SOA for that domain?

Regards,
-- 
Tom Napierala
DB Alliance Limited
North Point House, New Mallow Road, Cork, Ireland
The National Software Centre, Mahon, Cork, Ireland
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] PDNS not authoritative for it's own zones

2006-11-24 Thread Tom Z. Napierala 
Hi,

I'm struggling with PDSN configuration and I noticed, that it's failing to 
provide authoritative answers for domains it's set up as a MASTER:
monitor:/etc/powerdns# dig @127.0.0.1 testdomain.com

; <<>> DiG 9.2.4 <<>> @127.0.0.1 testdomain.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49884
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;testdomain.com.IN  A

;; ANSWER SECTION:
testdomain.com. 3600IN  A   217.74.49.10

;; Query time: 18 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Nov 24 15:34:39 2006
;; MSG SIZE  rcvd: 48

another one:

monitor:/etc/powerdns# dig @127.0.0.1 testdomain.com SOA && 
tail /var/log/syslog

; <<>> DiG 9.2.4 <<>> @127.0.0.1 testdomain.com SOA
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55713
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;testdomain.com.IN  SOA

;; Query time: 12 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Nov 24 15:43:18 2006
;; MSG SIZE  rcvd: 32

Nov 24 15:42:55 debian pdns[714]: Not authoritative for 'testdomain.com', 
sending servfail to 127.0.0.1 (recursion was desired)



while everything seem to be alright:
mysql> SELECT * FROM domains WHERE name = "testdomain.com";
++---+--+++-+-+
| id | name  | master   | last_check | type   | 
notified_serial | account |
++---+--+++-+-+
| 12 | testdomain.com| NULL |   NULL | MASTER |
NULL | NULL|
++---+--+++-+-+

and:
mysql> SELECT * from records WHERE domain_id = 12;
+-+---+--+--+-+--+--+-+
| id  | domain_id | name | type | 
content | ttl  | prio | change_date |
+-+---+--+--+-+--+--+-+
| 7334587 |12 | testdomain.com   | SOA  | ns4.dbahost.net 
[EMAIL PROTECTED] 1 | 3600 |0 |  1164382460 |
| 7334588 |12 | testdomain.com   | NS   | 
ns4.dbahost.net | 3600 |0 |  1164382460 |
| 7334589 |12 | testdomain.com   | NS   | 
ns4.dbahost.net | 3600 |0 |  1164382460 |
| 7334590 |12 | www.testdomain.com   | A| 
217.74.49.10| 3600 |0 |  1164382460 |
| 7334591 |12 | testdomain.com   | A| 
217.74.49.10| 3600 |0 |  1164382460 |
| 7334592 |12 | mail.testdomain.com  | A| 
217.74.49.10| 3600 |0 |  1164382460 |
| 7334593 |12 | localhost.testdomain.com | A| 
127.0.0.1   | 3600 |0 |  1164382460 |
| 7334594 |12 | testdomain.com   | MX   | 
mail.testdomain.com | 3600 |   10 |  1164382460 |
+-+---+--+--+-----+--+--+-+

Here is my config:
http://monitor.dba.ie/pdns.conf

Any help will be appreciated.

-- 
Tom Napierala
DB Alliance Limited
North Point House, New Mallow Road, Cork, Ireland
The National Software Centre, Mahon, Cork, Ireland
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Failing to give SOA record for slave zones

2006-10-05 Thread Tom Z. Napierala 
Dnia Thursday 05 October 2006 17:22, bert hubert napisał:
> On Thu, Oct 05, 2006 at 05:04:37PM +0100, Tom Z. Napierala wrote:
> > I'm using PDNS 2.9.20. When I'm trying to get SOA for domains configured
> > on that server I'm getting SERVFAIL. syslog output is as follows:
> > Oct  5 16:59:53 ns4 pdns[20758]: Not authoritative for 'domain.tld',
> > sending servfail to xxx.xxx.xxx.xxx.(recursion was desired)
>
> Please show output of:
>
> select * from domains where name='domain.tld'

 2 | dba.ie | 217.74.49.79 |   NULL | SLAVE |  1160087430 | ns2/w9 

> and
> select * from records where name='domain.tld'

+-+---++--+--+--+--+-+
| id  | domain_id | name   | type | 
content  | ttl  | 
prio | change_date |
+-+---++--+--+--+--+-+
| 4892635 | 2 | dba.ie | A| 
204.15.133.155   | 3600 |   
 
0 |NULL |
| 4892636 | 2 | dba.ie | MX   | 
spamfilter.dballiance.ie | 3600 |   
20 |NULL |
| 4892637 | 2 | dba.ie | MX   | 
mail3.dballiance.ie  | 3600 |   
30 |NULL |
| 4892638 | 2 | dba.ie | NS   | 
ns1.dbahost.net  | 3600 |   
 
0 |NULL |
| 4892639 | 2 | dba.ie | NS   | 
ns2.dbahost.net  | 3600 |   
 
0 |NULL |
| 4892640 | 2 | dba.ie | NS   | 
ns4.dbahost.net  | 3600 |   
 
0 |NULL |
| 4892634 | 2 | dba.ie | SOA  | www7.dbahost.net administrator.dba.ie 
2006091901 3600 600 86400 3600 | 3600 |0 |NULL |
+-+---++--+--+--+--+-+


> Please supply details of the zone's master privately.

dba.ie. IN  SOA www7.dbahost.net. administrator.dba.ie. (
2006091901
3600
600
86400
3600 )
dba.ie. IN  NS  ns2.dbahost.net.
www.dba.ie. IN  A   217.74.49.52
support.dba.ie. IN  A   217.74.49.52
monitor.dba.ie. IN  A   204.15.133.155
dba.ie. IN  A   204.15.133.155
dba.ie. IN  NS  ns4.dbahost.net.
dba.ie. IN  MX  30   mail3.dballiance.ie.
dba.ie. IN  MX  20   spamfilter.dballiance.ie.
dba.ie. IN      NS  ns1.dbahost.net.


> Thanks.

Thanks for your interest. Hope it can be rectified.

-- 
Tom Napierala
DB Alliance Limited
North Point House, New Mallow Road, Cork, Ireland
The National Software Centre, Mahon, Cork, Ireland
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Failing to give SOA record for slave zones

2006-10-05 Thread Tom Z. Napierala 
Hi,
I'm submitting this question again, because now I'm considering an error in 
PDNS :(
I'm using PDNS 2.9.20. When I'm trying to get SOA for domains configured on 
that server I'm getting SERVFAIL. syslog output is as follows:
Oct  5 16:59:53 ns4 pdns[20758]: Not authoritative for 'domain.tld', sending 
servfail to xxx.xxx.xxx.xxx.(recursion was desired)

PDNS is configured as slave for that domain, but even when I change it to 
MASTER it doesn't help.
Is this intentional behavior? To get SOA is extremely important for us, as 
some registrars require to have domains configured before attempting to 
register them.

Thanks in advance for help
-- 
Tom Napierala
DB Alliance Limited
North Point House, New Mallow Road, Cork, Ireland
The National Software Centre, Mahon, Cork, Ireland


pgpR85DRjASdq.pgp
Description: PGP signature
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Problem retrieving SOA from slave PowerDNS

2006-08-04 Thread Tom Napierala 
On Friday 04 August 2006 16:28, bert hubert wrote:
> On Fri, Aug 04, 2006 at 04:24:31PM +0100, Tom Napierala wrote:
> > > Jul 19 13:35:00 debian pdns[18182]: Not authoritative for 'domain.com',
> > > sending servfail to x.x.x.x
>
> Can you double double check that you have a domain.com SOA record in the
> database? And a domain.com entry in the domains table?

I'll check that, and I have both. By the way all my domains are affected, not 
only one.

Regards,
-- 
Tom Napierala
___
Pdns-users mailing list
[EMAIL PROTECTED]
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Problem retrieving SOA from slave PowerDNS

2006-08-04 Thread Tom Napierala 
On Wednesday 19 July 2006 15:20, Tom Napierala wrote:
> Hi there,
>
> First of all, big thanks for this wonderfull piece of software, it's
> really impressing.
>
> I'm going to deploy PDNS as a slave server for my hosting
> infrastructure, especially because of it's auto-provisioning
> capabilities (superslave). We have several hosting servers which act as
> a primary servers for domains hosted on themselves, so it's really handy
> to have salve configured automatically.
> I successfully configured PDNS as a slave, set up superslaves and tested
> everything. It works flawlessly, but I have one huge problem. One of our
> registrars checks nameservers before registering domain. Check simply
> means retrieving SOA for particular domain from all NSs. While domain is
> pulled out of the primary nameserver, PDNS refuses to provide SOA for
> any hosts. It's strange, because I can retrieve any other records. In
> the logs I see:
> Jul 19 13:35:00 debian pdns[18182]: Not authoritative for 'domain.com',
> sending servfail to x.x.x.x
>
> This installation is obviously not configured to perform recursive queries.
> OS: Debian Sarge, PowerDNS - 2.9.17 (standard Debian package)
>
> Any help will be appreciated.

Anybody has an idea? Or maybe I did obvious mistake, if so, maybe somebody can 
give me  a clue?

Thanks,
-- 
Tom Napierala
___
Pdns-users mailing list
[EMAIL PROTECTED]
http://mailman.powerdns.com/mailman/listinfo/pdns-users