Re: [Pdns-users] Hidden slave doesn't retreive domain from master
On Thu, 2011-08-25 at 21:42 +0200, Posner, Sebastian wrote: Enrico van Goor wrote: Aug 25 13:22:44 Unable to find backend willing to host example.org for potential supermaster 10.12.3.50 The IP of the nameserver isn't is the NS records of the domain and isn't meant to. When I do add the NS record, the AXFR does work. The supermasters table needs an entry for the hidden master. Something like: ip nameserver account hidden master ipname of primary nameserverinternal Do you already have such an entry? Yes, the supermasters table does have an entry for the hidden master. The problem is in your backend. Not all backends support superslave-operations, as this mode needs the ability to dynamically create new zones. Which backend(s) do you use and how are they configured? I use MySQL as the backend for powerdns. I think is is well configured, because when I add the NS record of the slave to the domain it is added to the hidden slave. allow-recursion=0.0.0.0/0 allow-axfr-ips=10.12.3.50 config-dir=/etc/powerdns daemon=yes disable-axfr=yes disable-tcp=no guardian=yes launch=gmysql lazy-recursion=yes local-address=10.12.3.52 local-port=53 module-dir=/usr/lib/powerdns setgid=pdns setuid=pdns master=yes slave=yes slave-cycle-interval=60 socket-dir=/var/run version-string=powerdns gmysql-host=127.0.0.1 gmysql-user=poweradmin gmysql-password=secret gmysql-dbname=powerdns gmysql-supermaster-query=select account from supermasters where ip='%s' mysql select * from supermasters; ++--+-+ | ip | nameserver | account | ++--+-+ | 10.12.3.50 | master.example.com | admin | ++--+-+ 1 row in set (0.00 sec) Regards, Enrico ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Hidden slave doesn't retreive domain from master
Ton van Rosmalen wrote: snip mysql select * from supermasters; ++--+-+ | ip | nameserver | account | ++--+-+ | 10.12.3.50 | master.example.com | admin | ++--+-+ 1 row in set (0.00 sec) Maybe I'm mistaken again but if this the non-changed output of the query you need to change the nameserver-record. AFAIK this must contain the name of the primary nameserver-name (or maybe a valid nameservers) as available in the zone. For example, if you use ns1.solcon.nl as primary NS-record you need to have 'ns1.solcon.nl' as the nameserver-record in de supermasters-table. In this regard, primary nameserver is the nameserver mentioned in the SOA of the zone. So it's not necessarily the first NS-record in the zone; it doesn't even need to be part of the NS-Set at all. @bert hubert: If the log-message Enrico gave in his original message is what is logged in this case, developer should think about improving the information content of the log-message to prevent error-seeking in wrong places ;) kind regards, Sebastian -- Sebastian Posner Unix-Systemspezialist AM Data Center Services, Shared Infrastructure Deutsche Telekom AG, Products Innovation ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Hidden slave doesn't retreive domain from master
Hi Ton, On Fri, 2011-08-26 at 14:48 +0200, Ton van Rosmalen wrote: Hi Enrico, Op 26-8-2011 14:23, Enrico van Goor schreef: On Thu, 2011-08-25 at 21:42 +0200, Posner, Sebastian wrote: snip mysql select * from supermasters; ++--+-+ | ip | nameserver | account | ++--+-+ | 10.12.3.50 | master.example.com | admin | ++--+-+ 1 row in set (0.00 sec) Maybe I'm mistaken again but if this the non-changed output of the query you need to change the nameserver-record. AFAIK this must contain the name of the primary nameserver-name (or maybe a valid nameservers) as available in the zone. For example, if you use ns1.solcon.nl as primary NS-record you need to have 'ns1.solcon.nl' as the nameserver-record in de supermasters-table. I'm testing anycast in combination with powerdns. The IP-addressen in the NS records are configured in a BGP domain on a few routers. The DNS have a real IP which is different from the IP addressen advertised in the domain records. That's why I use the also-notify option. I'm not testing on our production platform, but in a lab. master.example.com Is the supermaster in my lab. This needs to be hidden from the internet and is used to provision the superslaves. The superslaves are accessed through the anycast addresses, which pass the DNS request to 1 of the nodes (superslaves). Regards, Enrico ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Hidden slave doesn't retreive domain from master
Enrico van Goor wrote: snip mysql select * from supermasters; ++--+-+ | ip | nameserver | account | ++--+-+ | 10.12.3.50 | master.example.com | admin | ++--+-+ 1 row in set (0.00 sec) Maybe I'm mistaken again but if this the non-changed output of the query you need to change the nameserver-record. AFAIK this must contain the name of the primary nameserver-name (or maybe a valid nameservers) as available in the zone. For example, if you use ns1.solcon.nl as primary NS-record you need to have 'ns1.solcon.nl' as the nameserver-record in de supermasters-table. I'm testing anycast in combination with powerdns. The IP-addressen in the NS records are configured in a BGP domain on a few routers. The DNS have a real IP which is different from the IP addressen advertised in the domain records. That's why I use the also-notify option. I'm not testing on our production platform, but in a lab. master.example.com Is the supermaster in my lab. This needs to be hidden from the internet and is used to provision the superslaves. The superslaves are accessed through the anycast addresses, which pass the DNS request to 1 of the nodes (superslaves). Could you provide the zonefile or at least @, SOA and NS-set for the zone in question? kind regards, Sebastian -- Sebastian Posner Unix-Systemspezialist AM Data Center Services, Shared Infrastructure Deutsche Telekom AG, Products Innovation ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Hidden slave doesn't retreive domain from master
Hi Enrico, Op 25-8-2011 14:08, Enrico van Goor schreef: Hi All, I'm currently testing a setup powerdns authoritative server 3.0 and anycast. There is 1 supermaster en a few superslaves. The supermaster sends an also-notify to the superslaves. The superslave does receive the NOTIFY, but doesn't do an AXFR. Aug 25 13:22:44 Received NOTIFY for example.org from 10.12.3.50 for which we are not authoritative Aug 25 13:22:44 Unable to find backend willing to host example.org for potential supermaster 10.12.3.50 The IP of the nameserver isn't is the NS records of the domain and isn't meant to. When I do add the NS record, the AXFR does work. The supermasters table needs an entry for the hidden master. Something like: ip nameserver account hidden master ipname of primary nameserverinternal Do you already have such an entry? Kind regards, Ton van Rosmalen ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Hidden slave doesn't retreive domain from master
On Thu, 2011-08-25 at 15:10 +0200, Ton van Rosmalen wrote: Hi Enrico, Op 25-8-2011 14:08, Enrico van Goor schreef: Hi All, I'm currently testing a setup powerdns authoritative server 3.0 and anycast. There is 1 supermaster en a few superslaves. The supermaster sends an also-notify to the superslaves. The superslave does receive the NOTIFY, but doesn't do an AXFR. Aug 25 13:22:44 Received NOTIFY for example.org from 10.12.3.50 for which we are not authoritative Aug 25 13:22:44 Unable to find backend willing to host example.org for potential supermaster 10.12.3.50 The IP of the nameserver isn't is the NS records of the domain and isn't meant to. When I do add the NS record, the AXFR does work. The supermasters table needs an entry for the hidden master. Something like: ip nameserver account hidden master ipname of primary nameserverinternal Do you already have such an entry? Yes, the supermasters table does have an entry for the hidden master. Regards, Enrico ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Hidden slave doesn't retreive domain from master
Enrico van Goor wrote: Aug 25 13:22:44 Unable to find backend willing to host example.org for potential supermaster 10.12.3.50 The IP of the nameserver isn't is the NS records of the domain and isn't meant to. When I do add the NS record, the AXFR does work. The supermasters table needs an entry for the hidden master. Something like: ip nameserver account hidden master ipname of primary nameserverinternal Do you already have such an entry? Yes, the supermasters table does have an entry for the hidden master. The problem is in your backend. Not all backends support superslave-operations, as this mode needs the ability to dynamically create new zones. Which backend(s) do you use and how are they configured? kind regards, Sebastian -- Sebastian Posner Unix-Systemspezialist AM Data Center Services, Shared Infrastructure Deutsche Telekom AG, Products Innovation ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
