Re: [Pdns-users] anual AXFR works, automatic does not (txt-version)
Hi, I forgot to CC the list, here you find my latest answer to Stefan. It still seems the configuration is OK, but that the PowerDNS master does not start to notify my slaves on startup of new domains. Domain: X.63.215.95.in-addr.arpa I'm quite sure those settings are correct. I present the dig here: ; DiG 9.6-ESV-R1 @ns1.sologigabit.com ns 63.215.95.in-addr.arpa ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 41825 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;63.215.95.in-addr.arpa.IN NS ;; ANSWER SECTION: 63.215.95.in-addr.arpa. 86400 IN NS ns1.sologigabit.com. 63.215.95.in-addr.arpa. 86400 IN NS ns2.sologigabit.com. ;; Query time: 1 msec ;; SERVER: 95.215.63.212#53(95.215.63.212) ;; WHEN: Thu Aug 5 17:53:58 2010 ;; MSG SIZE rcvd: 91 Regards, Pierre With kind regards / Met vriendelijke groet, Pierre van den Oord LikeFiction Kleyn Proffijtlaan 49 2343 DB Oegstgeest The Netherlands T +31 (0)85 7850699 (Mo-Fr 10-17, GMT +1) T +31 (0)6 12469791 (Mobile) M i...@likefiction.com W www.LikeFiction.com --- Please include the original message when you reply! --- Op 5-8-2010 17:49, Stefan Schmidt schreef: On Thu, Aug 05, 2010 at 05:17:03PM +0200, LikeFiction wrote: Hi Stefan, Hey erm LikeFiction, ;) I also need to know the domain name which you configured on your master server. But you can just check it yourself: The name of the nameserver that corresponds to the IP of your master nameserver in the supermasters table needs to be one of the names of nameservers you specified as nameservers for the domain on the master server. Hence a dig @masterip ns domain.tld should give you the same name you specified in the supermasters table in one of the NS records. Stefan Thanks for your reply. The IP addresses are correct in my post, you can dig them both. The nameservers are ns1.solo**gigabit.com and ns2.solo**gigabit.com, please remove the **. The NS records of the domains do include the ns2 server. Also, manual notification is working fine. I don't know why powerDNS, on a fresh start, does not try to AXFR zones to the slave. Do I have to wait for TTL value? I would not expect that. I hope you can dig the nameserver, you will find is list correctly all domains. See for example this /24 subnet for PTR records: webserver:/var/www/sologigabit.com/web/poweradmin# dig -x 95.215.63.213 webserver:/var/www/sologigabit.com/web/poweradmin# dig -x 95.215.63.213 @ns1.sologigabit.com ; DiG 9.6-ESV-R1 -x 95.215.63.213 @ns1.solo**gigabit.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 12733 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;213.63.215.95.in-addr.arpa.IN PTR ;; ANSWER SECTION: 213.63.215.95.in-addr.arpa. 86400 INPTR customerpanel.es. ;; Query time: 0 msec ;; SERVER: 95.215.63.212#53(95.215.63.212) ;; WHEN: Thu Aug 5 17:14:52 2010 ;; MSG SIZE rcvd: 74 On NS2, no record is coming back, as the domain is not transferred by PowerDNS. With kind regards / Met vriendelijke groet, Pierre van den Oord LikeFiction Kleyn Proffijtlaan 49 2343 DB Oegstgeest The Netherlands T +31 (0)85 7850699 (Mo-Fr 10-17, GMT +1) T +31 (0)6 12469791 (Mobile) M i...@likefiction.com W www.LikeFiction.com --- Please include the original message when you reply! --- Op 5-8-2010 16:55, Stefan Schmidt schreef: On Thu, Aug 05, 2010 at 03:55:24PM +0200, LikeFiction wrote: and one row on supermasters table on slave: ip: 95.215.63.212 nameserver: ns2..com (refers to slave itself) Please read section 13.2.1. of http://doc.powerdns.com/slave.html#SUPERMASTER very slowly and carefully. I would suspect that your problem is in the third bulletin point The set of NS records for the domain, as retrieved by the slave from the supermaster, must include the name that goes with the IP address in the supermaster table Yes, it should work right after restart of the master server. I would not go so far as to say that it usually does work right after configuration as many people struggle with exactly that point. ;) As always with DNS, not giving out the actual domain name prevents us from looking at the actual data and hinting you at possible typos or delegation problems. Stefan !DSPAM:4c5ad60e40311804284693! ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] anual AXFR works, automatic does not (txt-version)
Hi, LikeFiction schreef: Hi, I forgot to CC the list, here you find my latest answer to Stefan. It still seems the configuration is OK, but that the PowerDNS master does not start to notify my slaves on startup of new domains. snip In my experience new domains added to the master need a 'pdns_control notify domain' to start the notification to the slave(s). At least our systems always does this after adding a new domain. Regards, Ton ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] anual AXFR works, automatic does not (txt-version)
Good to have found someone with the same problem. Indeed a notify works, but this is not what I want. I could automate it with a cronjob script, but I think it might just be some bug in PowerDNS. With kind regards / Met vriendelijke groet, Pierre van den Oord LikeFiction Kleyn Proffijtlaan 49 2343 DB Oegstgeest The Netherlands T +31 (0)85 7850699 (Mo-Fr 10-17, GMT +1) T +31 (0)6 12469791 (Mobile) M i...@likefiction.com W www.LikeFiction.com --- Please include the original message when you reply! --- Op 6-8-2010 15:17, Ton van Rosmalen schreef: Hi, LikeFiction schreef: Hi, I forgot to CC the list, here you find my latest answer to Stefan. It still seems the configuration is OK, but that the PowerDNS master does not start to notify my slaves on startup of new domains. snip In my experience new domains added to the master need a 'pdns_control notifydomain' to start the notification to the slave(s). At least our systems always does this after adding a new domain. Regards, Ton ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] anual AXFR works, automatic does not (txt-version)
On Aug 6, 2010, at 15:21 , LikeFiction wrote: Good to have found someone with the same problem. Indeed a notify works, but this is not what I want. I could automate it with a cronjob script, but I think it might just be some bug in PowerDNS. Really that shouldn't be necessary. Can you show us whats in your database? I mean the entries in the domains, records and supermasters tables corresponding to the zone, and if it's too big just the apex from the records table. Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] anual AXFR works, automatic does not (txt-version)
On Aug 6, 2010, at 15:52 , LikeFiction wrote: Stefan: As there is no sensitive information inside the tables, I have opened up http://ns1.sologigabit.com/phpmyadmin with user help and password help. You can browse all PDNS tables easily that way. For the mailing list archive, I also present the data for one domain here: While i can not find anything that looks obviously wrong to me, you might try the following: - setting domains.notified_serial to 0 or 1. - providing a full set of ttls in the SOA record such as ns1.sologigabit.com. info.sologigabit.com. 2010080500 10800 3600 604800 3600 Also what does your daemon.log - or wherever pdns logs to - say about this? Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] anual AXFR works, automatic does not (txt-version)
While i can not find anything that looks obviously wrong to me, you might try the following: - setting domains.notified_serial to 0 or 1. - providing a full set of ttls in the SOA record such as ns1.sologigabit.com. info.sologigabit.com. 2010080500 10800 3600 604800 3600 After stopping Pdns, setting notified serial to 0, and starting powerdns in monitor mode, I immediately see an AXFR for this domain come up, and it gets transferred indeed. Other solution I found: Lower the first digit of the SOA field, then start Powerdns. I changed it from 2010080500 to 1010080500. Now also a transfer took place. Adding the 10800 3600 604800 3600 expire values does not seem to do anything (except after also lowering the first number). Or do I have to wait (long) for that? That would not be right, if it was the case. However, why does PowerDNS notifies my slave if I lower either the first SOA number, or set the notified serial to 0? Daemon.log shows: Aug 6 16:37:21 webserver pdns[29052]: Listening on controlsocket in '/var/run/pdns.controlsocket' Aug 6 16:37:21 webserver pdns[29054]: Guardian is launching an instance Aug 6 16:37:21 webserver pdns[29054]: This is module gmysqlbackend.so reporting Aug 6 16:37:21 webserver pdns[29054]: This is a guarded instance of pdns Aug 6 16:37:21 webserver pdns[29054]: UDP server bound to 95.215.63.212:53 Aug 6 16:37:21 webserver pdns[29054]: TCP server bound to 95.215.63.212:53 Aug 6 16:37:21 webserver pdns[29054]: PowerDNS 2.9.21.2 (C) 2001-2008 PowerDNS.COM BV (Nov 25 2008, 22:40:57, gcc 4.3.2) starting up Aug 6 16:37:21 webserver pdns[29054]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according t$ Aug 6 16:37:21 webserver pdns[29054]: Creating backend connection for TCP Aug 6 16:37:21 webserver pdns[29054]: Master/slave communicator launching Aug 6 16:37:21 webserver pdns[29054]: gmysql Connection succesful Aug 6 16:37:21 webserver pdns[29054]: All slave domains are fresh Aug 6 16:37:21 webserver pdns[29054]: gmysql Connection succesful Aug 6 16:37:21 webserver pdns[29054]: About to create 3 backend threads for UDP Aug 6 16:37:21 webserver pdns[29054]: gmysql Connection succesful Aug 6 16:37:21 webserver pdns[29054]: No master domains need notifications Aug 6 16:37:21 webserver pdns[29054]: gmysql Connection succesful Aug 6 16:37:21 webserver pdns[29054]: gmysql Connection succesful With kind regards / Met vriendelijke groet, Pierre van den Oord LikeFiction Kleyn Proffijtlaan 49 2343 DB Oegstgeest The Netherlands T +31 (0)85 7850699 (Mo-Fr 10-17, GMT +1) T +31 (0)6 12469791 (Mobile) M i...@likefiction.com W www.LikeFiction.com --- Please include the original message when you reply! --- Op 6-8-2010 16:11, Stefan Schmidt schreef: On Aug 6, 2010, at 15:52 , LikeFiction wrote: Stefan: As there is no sensitive information inside the tables, I have opened up http://ns1.sologigabit.com/phpmyadmin with user help and password help. You can browse all PDNS tables easily that way. For the mailing list archive, I also present the data for one domain here: While i can not find anything that looks obviously wrong to me, you might try the following: - setting domains.notified_serial to 0 or 1. - providing a full set of ttls in the SOA record such as ns1.sologigabit.com. info.sologigabit.com. 2010080500 10800 3600 604800 3600 Also what does your daemon.log - or wherever pdns logs to - say about this? Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] anual AXFR works, automatic does not (txt-version)
On Aug 6, 2010, at 17:00 , LikeFiction wrote: Ok, I think I found the problem. It's quite simple too. My zones are not changing very often. So, after my re-setup of NS2, and restart master-powerdns, the notified-serial and the first digit serial of SOA where the same. If notified-serial is smaller than SOA, only then PowerDNS will do an AXFR. So, indeed, after setting up a new/extra nameserver, to start the transfer, one should just run SQL: UPDATE domains set notified_serial=0 and make sure that every SOA record is NOT 0. Then, PowerDNS will start notifying slaves. I got put off by thinking you were provisioning a new zone and thus assuming that notified-seriel would be set to 0 or NULL by default. Alright then. Case solved. ;) I think it might be a good idea for future versions of PowerDNS, to force updating all slaves when PowerDNS is started. At first i thought this were a good feature request, but on second though this might not be what people with huge numbers of zones would want. upon restart the would have to deal with increased load in both master and slaves due to them checking their database for out-of-date zones, hence i'm doubtful if Bert would implement it this way. Also iirc there is a slow-start mechanism in place to prevent exactly this behaviour. Stefan ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] anual AXFR works, automatic does not (txt-version)
Need to add one thing: I got put off by thinking you were provisioning a new zone and thus assuming that notified-seriel would be set to 0 or NULL by default. You where in fact for a part correct. By using Poweradmin (some time ago), I created a new zone. Poweradmin however makes a soa with a default value of 0, if I remember correctly. I'm not sure if everyone uses a NULL field als notified_serial, but if this notified_serial is 0 (or maybe if PowerDNS thinks that NULL == 0), then the new zone (without any records) will not be updated untill records are added. I also read that PowerDNS is not automatically changing the SOA record to a yymmddxx value since some version. So, in this case it could be that, for a domain where PowerAdmin did not raise the SOA field 0, the domain is not transferred to the slave. And PowerAdmin is correct, because in the documentation of PowerDNS (some threat on Poweradmin refers to that) it is stated that PowerDNS automatically set's the correct SOA. Bottom line: this bug should be fixed some day, but is not likely to occur often. With kind regards / Met vriendelijke groet, Pierre van den Oord LikeFiction Kleyn Proffijtlaan 49 2343 DB Oegstgeest The Netherlands T +31 (0)85 7850699 (Mo-Fr 10-17, GMT +1) T +31 (0)6 12469791 (Mobile) M i...@likefiction.com W www.LikeFiction.com --- Please include the original message when you reply! --- Op 6-8-2010 17:06, Stefan Schmidt schreef: I got put off by thinking you were provisioning a new zone and thus assuming that notified-seriel would be set to 0 or NULL by default. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] anual AXFR works, automatic does not (txt-version)
Hi all, (Text-version instead of previous HTML, sorry for that) I am having this problem for quite some time now. I have rechecked the configuration many times, but I'm confident it is accurate. I have installed two nameservers, ns1.domain.com and ns2.domain.com. The first is a super-master server. I use the Debian PowerDNS 2.9.22 package, and only added settings to /etc/powerdns/pdns.d/ ns1 (super-master) configuration: gmysql-host=127.0.0.1 gmysql-user= gmysql-password=X gmysql-dbname= master=yes --- Note: in docs on is mentioned. It seems both work. slave=no local-address=95.215.63.212 query-local-address=95.215.63.212 setuid=pdns setgid=pdns allow-axfr-ips=84.243.213.33 disable-axfr=no slave-cycle-interval=60 ns2 (slave) configuration: launch=gmysql gmysql-host=XXX gmysql-user=XXX gmysql-password= gmysql-dbname= local-address=84.243.213.33 query-local-address=84.243.213.33 slave=yes setuid=pdns setgid=pdns and one row on supermasters table on slave: ip: 95.215.63.212 nameserver: ns2..com (refers to slave itself) I am running some domains on the master server. I did install the slaveserver, and shutdown the master-server and slaveserver. Then, I started the slave-server, and thereafter, started the master-server. I would expect the master server to start sending notifications about the domains to the slaveserver, but this is not happening, not even after 15 minutes. This makes the slave respond Not authoritative for . for each domain, whereas the master-server is, of course, working fine. The only solution is to manually issue the notify DOMAIN command for each domain. That is not a workable setup. Why is the slave not automatically notified? Thanks for your help! p.s. Company name of client is blank to make sure Google won't index it. -- With kind regards / Met vriendelijke groet, Pierre van den Oord LikeFiction Kleyn Proffijtlaan 49 2343 DB Oegstgeest The Netherlands T +31 (0)85 7850699 (Mo-Fr 10-17, GMT +1) T +31 (0)6 12469791 (Mobile) M i...@likefiction.com W www.LikeFiction.com --- Please include the original message when you reply! --- ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] anual AXFR works, automatic does not (txt-version)
On Thu, Aug 05, 2010 at 03:55:24PM +0200, LikeFiction wrote: and one row on supermasters table on slave: ip: 95.215.63.212 nameserver: ns2..com (refers to slave itself) Please read section 13.2.1. of http://doc.powerdns.com/slave.html#SUPERMASTER very slowly and carefully. I would suspect that your problem is in the third bulletin point The set of NS records for the domain, as retrieved by the slave from the supermaster, must include the name that goes with the IP address in the supermaster table Yes, it should work right after restart of the master server. I would not go so far as to say that it usually does work right after configuration as many people struggle with exactly that point. ;) As always with DNS, not giving out the actual domain name prevents us from looking at the actual data and hinting you at possible typos or delegation problems. Stefan -- 7. Security Considerations Anyone who gets in between me and my morning coffee should be insecure. - RFC 2324 ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users