Hi,
Sounds like a strange problem.
Just to make sure it's set up correctly.
Could you check that Postfix is talking to PowerDNS Recursor ? Because Postifx
has a seperate resolv.conf (which gets updated when starting Postfix):
/var/spool/postfix/etc/resolv.conf
On Thu, Aug 18, 2016 at
tor from the recursor that it did the
DNSSEC-validation, so it's useful if you want to know what the recursor is
doing.
> —Michael
>
>
> > Am 19.05.2016 um 17:36 schrieb Leen Besselink <l...@consolejunkie.net>:
> >
> > On Thu, May 19, 2016 at 03:00:12PM +0200, Bit World
On Thu, May 19, 2016 at 03:00:12PM +0200, Bit World Computing - Michael Mertel
wrote:
> Hi,
>
Hi,
> I’am currently trying to get a better unterstanding of DNSSEC. But even if I
> enable dnssec=process in my recursor.conf, I cannot get any DNSSEC related
> answer from it. What do I’am doing
On Mon, Dec 07, 2015 at 11:23:31AM +, Federico Olivieri wrote:
> Hi Guys,
>
> Not 100% sure if is a PDNS problem but yesterday I have upgraded it (for
> mistake!) via apt-get command and now I'm running the
> version 0.0.410g1cfe8b4
>
> Since the Upgrade the memory allocation seems not
On Wed, Jul 22, 2015 at 02:10:34PM +0200, Jan-Piet Mens wrote:
(no need to take this off-list)
the only problem is that I am doing MySQL master/slave database
replication. upgrading the schema on the slave(s) will break the
replication process unfortunately.
You spoke of PowerDNS
Hi Peter,
Just had a quick look at the docs. What version are you running ? Did you see
this ?:
When using slaves that AXFR your signed zones, be sure that your slaves
actually support serving DNSSEC. Some servers will gladly AXFR a signed zone,
but not perform DNSSEC processing on it. This
On Wed, May 20, 2015 at 12:26:50PM +0200, Leen Besselink wrote:
On Wed, May 20, 2015 at 12:16:02PM +0200, Peter Thomassen wrote:
Dear experts,
I'm sorry to bug you again, but I am still stuck with deploying DNSSEC
for desec.io, and I'd like to ask for your help once more.
I have
On Wed, May 20, 2015 at 01:34:59PM +0200, Peter Thomassen wrote:
Hi Leen,
On 05/20/2015 12:32 PM, Leen Besselink wrote:
# these failed:
dig @ns1.desec.io +dnssec +norec desec.io DNSKEY
dig @ns1.desec.io +dnssec +norec desec.io A
Here is a working example with an RRSIG for the DNSKEY
On Fri, Jun 27, 2014 at 01:26:07AM +0200, Michael Ströder wrote:
k...@rice.edu wrote:
On Thu, Jun 26, 2014 at 10:21:06PM +0100, Jorge Bastos wrote:
For the DNSSEC part, is there a way to create the DNSSEC information just
by SQL ?
If not, the solution is to run pdnssec secure-zone ZONE
On Wed, Apr 23, 2014 at 01:49:17PM +0200, Johan Kooijman wrote:
Hi all,
I'm seeing something I cannot explain. I've setup my pdns daemon to send
requests for recursions to Google DNS for now. But when I execute a host
lookup, I'm seeing this:
*[13:35:42 jkooijman /home/jkooijman]$ host
On Wed, Mar 05, 2014 at 03:43:02PM +0100, Gilles Massen wrote:
Hello,
This feels a bit like an FAQ, but I wasn't able to dig it out, so: how
can I insert a 'foreign' DNSKEY record in a zone? I don't have the key
material, but I want it signed by the pdns-managed keys (it is for a
secure DNS
On Wed, Feb 26, 2014 at 09:27:42AM +0100, Steffan Noord wrote:
Im not sure if this was sent to the list i didnt recieve the e-mail myself
It did reach the list, no worries.
-Oorspronkelijk bericht-
Van: Steffan Noord [mailto:steffanno...@gmail.com]
Verzonden: dinsdag 25 februari
On Fri, Aug 16, 2013 at 02:31:56PM +0200, abang wrote:
Hi Gerald,
it works on my Pi. So there must be a config failure on your side.
Please try
/usr/sbin/pdns_recursor --daemon=no --trace=yes
on commandline and try again with dig and post us the error messages
if present.
I would
Hi,
* commit 496073b: Since 3.0, pdnssec secure-zone has always generated 3
keys:
one KSK and two ZSK, with one ZSK active. For most, if not almost all,
users, this inactive ZSK is never used. We now no longer generate this
useless ZSK. The resulting smaller DNSKEY RRset
On Thu, Sep 06, 2012 at 02:35:13PM +, Marc van de Geijn wrote:
Thanks, Arsen, for this information.
Are there any statistics on the number of mailservers/... requesting SPF
records instead of TXT records?
I know some of the software on our mailservers doesn't even try SPF.
isc.org
On Fri, Aug 03, 2012 at 04:44:00PM -0300, Mitsue Acosta Murakami wrote:
Hello,
I am using powerdns 2.9.22-8 with MySQL backend on Debian Squeeze and I
need to disable domains from pdns without deleting them. I followed
these instructions:
On 08/18/2011 05:22 PM, Bauer, Steven J. wrote:
-Original Message-
From: bert hubert [mailto:bert.hub...@netherlabs.nl]
Sent: Thursday, August 18, 2011 9:11 AM
To: Bauer, Steven J.
Cc: pdns-users@mailman.powerdns.com
Subject: Re: [Pdns-users] configuring ALSO-NOTIFY support using the
On 08/05/2011 06:31 AM, kim Doff wrote:
Hello,
Hi,
Could you help me?
Well, I can try and give you some information and pointers.
1.
DNSSEC Master/Slave are working faultlessly.
I have PowerDNS v3, PowerAdmin 2.1.5 and MySQL Database Replication
With SSL Encryption.
Here is my
On 08/16/2011 09:42 PM, Erik Weber wrote:
On Tue, Aug 16, 2011 at 8:29 PM, Anthony Eden anthonye...@gmail.com wrote:
On Tue, Aug 16, 2011 at 8:23 PM, Posner, Sebastian s.pos...@telekom.de
wrote:
Erik Weber wrote:
Some other things to consider why running PDNS is better:
[...]
Just shooting
On 08/08/2011 11:34 PM, Leen Besselink wrote:
On 08/08/2011 06:57 PM, Jan-Piet Mens wrote:
Hello,
I was curious as to wether PowerDNS would sign records produced by the
PIPE back-end, particularly since the release notes indicate it may be
possible ([3] also says partial support).
I set up
On 06/17/2011 09:30 PM, Konstantine Karosanidze wrote:
Hello,
Hi,
I run powerdns recursor (v 3.3, from freebsd ports) as an ISP
recursive dns (allmost default config I just use nxdomain lua script
for not found domain to be redirected to search page).
It's been working fine for a while
I tried no space a number of times and it didn't work but just tried again
and... It works.. Arghhh. Thanks
My guess is, this works really well against spammers too. ;-)
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
On 06/17/2011 02:28 AM, Craig Whitmore wrote:
The username/password given (anon/No Spam) doesn't seem to work
on http://wiki.powerdns.com/trac
It says: no space in between
Thanks
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
On 05/26/2011 09:12 AM, Nick Milas wrote:
Hi,
Hi Nick,
Can anyone please tell me how I can have svn access to pdns backends
source tree?
When I look at the http://wiki.powerdns.com/trac/ it says exactly the
same thing you did.
I used:
svn co svn://svn.powerdns.com/pdns/trunk/pdns
On 05/21/2011 06:27 AM, Charles Sprickman wrote:
On Thu, 12 May 2011, k...@rice.edu wrote:
On Thu, May 12, 2011 at 03:37:24AM -0400, Charles Sprickman wrote:
Hello,
We've been using the PDNS recursor for some time now and have been
quite
happy with it. It replaced dnscache and has proven
On 03/31/2011 09:18 AM, Anthony Eden wrote:
On Wed, Mar 30, 2011 at 2:28 PM, Stefan Schmidt zaph...@zaphods.net
mailto:zaph...@zaphods.net wrote:
Hi Anthony,
On Wed, Mar 30, 2011 at 10:22 AM, Anthony Eden
anthonye...@gmail.com mailto:anthonye...@gmail.com wrote:
When
On 03/31/2011 11:42 AM, Anthony Eden wrote:
On Thu, Mar 31, 2011 at 11:32 AM, Leen Besselink
l...@consolejunkie.net mailto:l...@consolejunkie.net wrote:
On 03/31/2011 09:18 AM, Anthony Eden wrote:
On Wed, Mar 30, 2011 at 2:28 PM, Stefan Schmidt
zaph...@zaphods.net
On 02/25/2011 07:46 AM, Liong Kok Foo wrote:
Hi,
I have double checked and I did configured the firewall port 53
tcp/udp. Could it possible there are other port that need to be opened.?
I am using APF firewall. If anyone is also using that, please share
your configuration.
If it's not
the CNAME problems
all went away and when I run dig with +trusted-key= and everything worked.
It also worked with or without the bind backend.
Have a nice day,
Leen Besselink.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http
be initiated and how can it be recognised.
Would it be enough to run some script every day for example ?
I hope this is going to be a good year for everyone,
Leen Besselink.
Thanks,
= Matt
On Jan 6, 2011, at 10:13, bert hubert wrote:
Dear PowerDNS Community,
With the help of many of you
Hello Patrick,
Each of my dns servers runs pdns and each has a slave copy of the
master pdns mysql database and in turn each server looks up the dns
locally via mysql. This has been working great for 2 years.
The problem each server is running pdns which has a DOS vulnerability.
which is
On 12/21/2010 03:03 AM, Patrick Coffin wrote:
Hi,
This is the first time posting to this board. If I am posting to the
wrong list, sorry, and please advise where I should post this request
for assistance.
We are setting up a new installation of pdns and recursor.
We have been running pdns
On 12/21/2010 09:09 PM, Patrick Coffin wrote:
Leen,
Thanks for the reply. We are hosting 1000's of dns records so
entering them in the forwards is not at option.
I will take your advise to split the pdns and recursor to separate
servers.
Should I expect that if I move the pdns to a
On 08/21/2010 08:30 PM, Vishal Uderani wrote:
Hey ,
Hi Vishal,
Ive managed to get a standalone installation of pdns Authoritative
server up and running with a mysql backend and poweradmin interface
. However , i havent found a single mention of a pdns installation
integrating with a
On 07/29/2010 11:47 PM, Jared Watkins wrote:
I’m new to pdns.. and I’ve read the docs and seen how PTR records are
supposed to be setup but I can’t get reverse lookups to work.. nor can
I see from the default sql queries how they would ever be found. So I
assume I’m missing something. =]
I’m
On 06/24/2010 03:08 PM, Michael Braunoeder wrote:
Hi,
Hi,
I'm currently evaluating the PowerDNSSEC implementation and found 2
issues:
As no person which is more knowledgable answered your question, I
thought I would answer with what I know.
-) Is it possible to disable the
On 06/16/2010 10:34 AM, Uroš Gruber wrote:
Hi,
Hello Uroš,
here is result from one of IP
[r...@host1 ~]#dig @91.185.194.202 http://91.185.194.202 118.167.130.182
I think you might have a mistake there.
The proper command with dig would be, -x is for reverse address lookup:
dig
On 03/25/2010 05:54 PM, Laurent Papier wrote:
Le Thu, 25 Mar 2010 15:51:29 +
Simon Bedfordsbedf...@plus.net écrit:
Guys,
We have upgraded our customer caching name servers to pdns recursor 3.2
(which is working very well), this has now been running for 4 days but
in the last 24 hours
(First of all: I'm not a PowerDNS-developer, so I might be wrong)
On 03/04/2010 10:01 AM, Liong Kok Foo wrote:
Hmm...I read the docs on recursion again (which I already read a few
times) and someone this time I got it.
I added google's dns server 8.8.8.8 into the recursor and now external
On 01/29/2010 03:30 PM, Joyce LAMBERT wrote:
I'am using the option send-root-referral=lean (or yes) in my powerdns
authoritative server.
First the import question, why do you want to send a root-referral ?
send-root-referral | --send-root-referral=yes | --send-root-referral=no
|
root wrote:
Hello all,
Hi,
how can I achieve this? what do I need to set up/configure?
If you read question 3 in the FAQ:
http://doc.powerdns.com/pdns-users-faq.html
You mind find you don't need it.
Hope that helps.
Have a nice day,
Leen.
On Thu, Jul 16, 2009 at 03:08:33AM +1000, Duane at e164 dot org wrote:
Stephane Bortzmeyer wrote:
Hi Duane and Stephane,
On Wed, Jul 15, 2009 at 02:59:58AM +1000,
Duane at e164 dot org du...@e164.org wrote
a message of 62 lines which said:
On the other hand do you know of any
SoloUnAltroNick wrote:
Hi,
on my server i have 2 network interfaces.
With the default option:
local-address=0.0.0.0
Server doesn't respond. And in the documentation, it's written that this
value so configured make PDNS listening on all interfaces.
If i set it with my 2 IP (so all
=markup
Hope that helps.
Have a nice day,
Leen Besselink.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
On Thu, Jul 02, 2009 at 06:15:44PM +0300, Jani Karlsson wrote:
Hi,
Your problem is with SOA DNS-record:
The given nameservers return different SOA entries.
So either your SOA serial, data or TTL differs between servers. Or it
just that other server doesn't respond to SOA request that is
Doug Hall wrote:
Is it possible to bind the Powerdns service to two IP addresses on the
same box?? I have two nics...
Hi,
On my machine I have:
/etc/powerdns/recursor.conf
local-address=127.0.0.1, XXX.XXX.XXX.XXX
It looks like /etc/powerdns/pdns.conf has the same kind of setting:
Nicholas Orr wrote:
You'd need to setup a sub-domain and have your primary domain give out
NS for where the sub-domain is hosted.
I remember doing this ages ago with Windows Server DNS, was pretty
straight forward.
hmmm.
Sorry I'm not much more help :/
Anyway, it's called '(DNS)
Johan Kooijman wrote:
Hi,
Thank you for your reply.
Hmm, I'm no expert, but looking at the error and code, I would say,
your TCP-connection to the PowerDNS died.
My guess too.
TCP is different from the normal UDP-packets used by DNS.
If this is a new installation, you are possible
Johan Kooijman wrote:
The last line is a reset packet from client to server, I wouldn't
expect to see a reset packet. I tried a working installation as a
test and I didn't see a reset packet.
I don't know why the client-side does this, but it's not the usual
way.
Also I noticed there were
I'm sorry, I'm having some odd problems with changing addresses, this is a
test-message please ignore.
Have a good weekend ! :-)
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Ton van Rosmalen wrote:
Leen Besselink schreef:
On Tue, Jan 27, 2009 at 10:00:18AM -0800, Augie Schwer wrote:
Obviously; but that's being reactive; I was looking for something more
proactive. --Augie
I've not tested it, but I understand the u32 option is available on
Debian/Linux
On Wed, Jan 28, 2009 at 11:07:53AM -0800, Augie Schwer wrote:
We discussed this on #powerdns a bit as it came up on the
dns-operations list; the conclusion was that dropping the request was
worse because it opened up spoofing attacks. Thanks for the
suggestion though. --Augie
Yes, that is
On Tue, Jan 27, 2009 at 10:00:18AM -0800, Augie Schwer wrote:
Obviously; but that's being reactive; I was looking for something more
proactive. --Augie
I've not tested it, but I understand the u32 option is available on
Debian/Linux for example:
Christof Meerwald wrote:
Hi,
since about Friday late evening I am seeing lots of pdns errors in my syslog
like:
Not authoritative for '', sending servfail to 76.9.31.42 (recursion was
desired)
Over in comp.protocols.dns.bind there is already some discussion about these
DNS requests (which
Leen Besselink wrote:
Christof Meerwald wrote:
Hi,
since about Friday late evening I am seeing lots of pdns errors in my
syslog
like:
Not authoritative for '', sending servfail to 76.9.31.42 (recursion was
desired)
Over in comp.protocols.dns.bind there is already some discussion about
don't need to ask about it again.
Have a nice day,
Leen Besselink.
Thanks regards,
Borin
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
On Fri, Aug 22, 2008 at 01:40:05PM -0500, Kenneth Marshall wrote:
On Fri, Aug 22, 2008 at 07:42:31PM +0200, bert hubert wrote:
On Fri, Aug 22, 2008 at 12:30:36PM -0400, Steve Chapman wrote:
I'm working in an environment that uses split DNS (some parentcompany.com
servers we want resolved
On Tue, Jul 29, 2008 at 12:53:04PM +0200, bert hubert wrote:
On Tue, Jul 29, 2008 at 12:49:24PM +0200, Leen Besselink wrote:
I have an other reason I might want a windows binary. In this case
for PowerDNS-recursor.
You can compile the powerdns recursor on windows if you are reasonably
On Tue, Aug 05, 2008 at 12:30:25AM -0700, Brad Dameron wrote:
And you will see your response times drop from 1-2 seconds to milliseconds. I
did a lot of testing of this and pdns-recursor is definitely the best out
there.
Brad
Hi Brad,
Did you also test Unbound ( www.unbound.net ) ?
On Tue, Aug 05, 2008 at 10:29:14AM +0200, Leen Besselink wrote:
On Tue, Aug 05, 2008 at 12:30:25AM -0700, Brad Dameron wrote:
And you will see your response times drop from 1-2 seconds to milliseconds.
I did a lot of testing of this and pdns-recursor is definitely the best out
I have an other reason I might want a windows binary. In this case
for PowerDNS-recursor.
When I'm going to deploy IPv6, I would really like to have an
IPv6-only network behind the (currently NAT) firewall.
And Windows XP doesn't support DNS over IPv6, installing a local
forwarding IPv6-enabled
On Tue, Jul 29, 2008 at 12:53:04PM +0200, bert hubert wrote:
On Tue, Jul 29, 2008 at 12:49:24PM +0200, Leen Besselink wrote:
I have an other reason I might want a windows binary. In this case
for PowerDNS-recursor.
You can compile the powerdns recursor on windows if you are reasonably
On Tue, Jul 29, 2008 at 11:25:58PM +0200, Christof Meerwald wrote:
On Tue, 29 Jul 2008 23:13:07 +0200, Leen Besselink wrote:
Wouldn't simple UDP forwarding be sufficient in this case? (but you would
still need to find a program to do the UDP forwarding)
Yes, I guess that is possible. You'd
On Wed, Jul 09, 2008 at 08:26:47AM +0200, bert hubert wrote:
On Wed, Jul 09, 2008 at 07:47:45AM +0200, Leen Besselink wrote:
So now the question becomes did anyone inform Bert and/or PowerDNS too ?
I knew about this stuff from the very beginning (February I think), even
before CERT
On Wed, Jul 09, 2008 at 09:03:57AM +0200, Stephane Bortzmeyer wrote:
On Tue, Jul 08, 2008 at 06:13:04PM +0200,
Stephane Bortzmeyer [EMAIL PROTECTED] wrote
a message of 13 lines which said:
Microsoft will be releasing more details tonight,
Apparently done:
This sounds pretty scary, it seems to concerns recursors and
resolver-libraries. The way to solve it, is to use port randomization, which
shouldn't be a big suprise to the PowerDNS-using community.
Massive, Coordinated Patch To the DNS Released [0]
tkrabec alerts us to a CERT advisory
66 matches
Mail list logo