Re: [Pdns-users] mwscdn.ru issue

Hi Andrey, On Fri, 2023-12-15 at 18:47 +0300, Andrey Sedletsky via Pdns-users wrote: > Good day! > Andrey Sedletsky, PJSC MGTS (Moscow City Telephone Network) > One of our clients contacted us with a problem about the inability to > resolve the resources of their zone through the DNS servers

[Pdns-users] DNS DevRoom at FOSDEM2024 - Call for Participation

Hello DNS enthusiasts and other developers, After four earlier successful and packed DNS devrooms, we are happy to announce a half-day DNS devroom at FOSDEM 2024. As with the previous events, we hope to host talks anywhere from hardcore protocol stuff, to practical sessions for programmers that

Re: [Pdns-users] Remove zombie/dead zones on superslave server

Hi, On Mon, 2022-11-28 at 19:12 +0100, Andrea Biancalani via Pdns-users wrote: > is there a way to be noticed on master's GUI (or slave) of > zombie/dead > zones in superslave server? There is no option like that, as noted in the docs[1]: === Quote === Removal of zones provisioned using the

Re: [Pdns-users] Automated DNSSEC Keyrollover

Hi Adrian, JP, On 5/5/22 18:45, Jan-Piet Mens via Pdns-users wrote: > I haven't looked recently, but it might well be possible with a > judicious use of > pdnsutil(1) to kick a rollover; create new key, wait, remove old keys. Another solution is using the CryptoKeys API[1], you can store the

Re: [Pdns-users] Error With add DKIM Record

Hi Hamed, On 11/18/21 10:19, Hamed Haghshenas via Pdns-users wrote: > > 42AC5720-484A-11EC-843D-F8C6064ABEF7._domainkey    IN    TXT    ( > "v=DKIM1; k=rsa; " >       >

Re: [Pdns-users] Failures of recursor from within pod/coredns OR dig

Hi Alessandro, On 10/21/21 17:21, Alessandro Dentella wrote: >recursor_1| Oct 21 15:12:40 [1] dns1b.thux.lan: OPT answer '.' from > 'thux.lan' nameservers >recursor_1| Oct 21 15:12:40 [1] : no or invalid signature/proof for > dns1b.thux.lan, we likely missed a cut between . and

Re: [Pdns-users] Failures of recursor from within pod/coredns OR dig

Hi Alessandro, On 10/20/21 23:42, Alessandro Dentella via Pdns-users wrote: > If I operate from the node (as opposed to within the container), I notice that > `host` always work while dig does not: Please don't use `host`, it can mask issues. > I tried setting: > >

Re: [Pdns-users] Question on ALIAS Records

Hi Thomas, On 10/5/21 09:00, Thomas via Pdns-users wrote: > Hello. > > We have switched lately to PowerDNS Authoritative Server and a Customer > signaled a modified behaviour of PDNS regarding ALIAS Records. > He has multiple alias records with the same name pointing to different > servers. The

Re: [Pdns-users] Error when querying a domain on PDNS authoritative for first time

Hi Thomas, On 9/29/21 10:46, Thomas via Pdns-users wrote: > Hello. > > We are testing pdns and would like to migrate to it in few days. Now I > have seen errors showing up in the pdns logs when I first query a domain > and (I presume) this domain is not in cache of pdns. > > Error ist the

Re: [Pdns-users] Logging outgoing queries and responses

On 8/4/21 1:55 PM, Hamed Haghshenas via Pdns-users wrote: > I Removed [Brackets], > >   > > But problem exists > > Aug  4 14:40:19 localhost pdns_recursor: STL Exception: [string > "chunk"]:1: ')' expected near '=' > > Aug  4 14:40:19 localhost pdns_recursor: Unable to load Lua script from >

Re: [Pdns-users] Why does pdns-recursor fail to resolve: data.public.lu

Hi Sjon, On 7/12/21 4:34 PM, Sjon Hortensius via Pdns-users wrote: > ah, that's interesting. That probably broke when I upgrade to 4.5.0 > which failed on the previous `query-local-address6` option that was used > to enable ipv6 (besides ipv4). I simply replaced it with > `query-local-address`,

Re: [Pdns-users] Why does pdns-recursor fail to resolve: data.public.lu

Hi Sjors, Please keep the mailing-list in the 'To' field so others can see your emails as well. On 7/12/21 2:05 PM, Sjon Hortensius wrote: > this is using PowerDNS Recursor 4.5.2 on archlinux, my configuration is > pretty plain: > >> export-etc-hosts=on >> local-address=::1 >>

Re: [Pdns-users] Why does pdns-recursor fail to resolve: data.public.lu

Hi Sjon, On 7/12/21 12:49 PM, Sjon Hortensius via Pdns-users wrote: > I could use some help with this domain which powerdns fails on- I've > looked at the trace output and while there is a lot of information, > nothing really stands out to me. This instance resolves other domains > fine, and

Re: [Pdns-users] ALLOW_AXFR_FROM in rel 3.2?

Hi Sandro, On 7/8/21 5:11 PM, Alessandro Dentella via Pdns-users wrote: > I'd like to knwo if ALLOW_AXFR_FROM was already present in rel 3.2. > Where can I get the old docs? Or: is there anybody that can tell me? Please *don't* use Authoritative Server 3.2. It was released in January 2013, is

Re: [Pdns-users] Does the Bind Backend support journaling/IXFR?

Hi Klaus, On 5/4/21 1:36 PM, Klaus Darilion via Pdns-users wrote: > Does the Bind backend support journaling and incoming/outgoing IXFR (as > similar to Bind)? the BIND backend does not do journaling at all, it takes the latest XFR and atomically replaces the zonefile and in-memory content.

Re: [Pdns-users] DNS Forwarding on Master/Slave Servers

Hi Steven, On 5/7/21 7:14 AM, Steven Garner via Pdns-users wrote: > I have a noob question about DNS forwarding - just implemented pdns > version 4.2.1 on three servers on separate networks, intending for one > to be a master (primary) and the other two to be slaves (secondaries).  > So far I

Re: [Pdns-users] DNSSEC Algorithm Rollover Documentation

Hi Klaus, On 5/4/21 10:44 PM, Klaus Darilion via Pdns-users wrote: > Thanks - the description of the conservative approach makes clear why the > "published" column in PDNS was introduced: I guess active=1 and publish=0 > means that RRSIG will be produced but the key itself is not published as

Re: [Pdns-users] CNAME RRset issues

Hi, On 3/26/21 9:29 PM, Larry Wapnitsky via Pdns-users wrote: > I'm looking to replace A records with CNAMES, and have been able to do so > seamlessly on one of my domains, but another keeps giving me errors relating > to RRSET conflict ( IN CNAME: Conflicts with pre-existing RRset). >> I've

Re: [Pdns-users] PDNS notify zones different in cPanel Server

Hi Jackson, On 3/17/21 7:52 AM, Jackson Yap via Pdns-users wrote: > Anyone knows what is the difference between native and master zone? This is in the documentation[1]. Native means that PowerDNS does not do the replication, but the backend is responsible for this (e.g. database replication or

Re: [Pdns-users] DNSSEC UDP problems

Hi, On 3/9/21 3:01 PM, Steffan via Pdns-users wrote: >> Are you actually using AXFR to transfer the zone to the nameservers? Or are > you using database replication? Because ALIAS live-signing is not > implemented, only signing on AXFR-out is implemented. This is in the > documentation I sent you

Re: [Pdns-users] DNSSEC UDP problems

Hi, On 3/9/21 2:44 PM, Steffan via Pdns-users wrote: > Hm that was a one time error > > Upgraded to: > pdns-4.5.0-0.alpha0.master.826.gd1a09d600.1pdns Running bleeding edge in production is not recommended. Although we haven't had big issues in the master branch for quite a while. Just keep

Re: [Pdns-users] DNSSEC UDP problems

Hi Steffen, On 3/9/21 2:20 PM, Steffan via Pdns-users wrote: > Hm that explanes a lot  > > expand-alias=yes was allready enabled > i now have outgoing-axfr-expand-alias=yes enabled and restarted pdns > > But it is still complaines abouth the A record > > Error resolving for crazyforprint.nl

Re: [Pdns-users] DNSSEC UDP problems

Hi Steffen, On 3/9/21 1:35 PM, Steffan via Pdns-users wrote: > This domain is not using a A record > > But a ALIAS and CNAME > > Is that why dnssec failes? Yes, see https://doc.powerdns.com/authoritative/guides/alias.html#alias-and-dnssec Cheers, Pieter -- Pieter Lexis PowerDNS.COM BV --

Re: [Pdns-users] DNSSEC UDP problems

Hi Steffen, On 3/9/21 1:13 PM, Steffan via Pdns-users wrote: > Suddenly im getting DNSSE|C warnings. > Any idees what im missing here? > > When analysing the dns with dnsviz.net im seeing > > " The server(s) were not responsive to queries over UDP. > (2a00:1bd0:740:1:2::2,

Re: [Pdns-users] missing ubuntu package

Hi, On 3/5/21 11:06 AM, Susoczki Attila via Pdns-users wrote: > we use > deb [arch=amd64] http://repo.powerdns.com/ubuntu > xenial-rec-44 main > > on Ubuntu Xenial (16.04) > but in the pool this file is missing > >

Re: [Pdns-users] How to Update from PDNS 4.1.14 to Latest?

Hi Jackson, On 2/25/21 3:21 AM, Jackson Yap via Pdns-users wrote: > I have fixed the error. The issue is strangely the installer did not set > the permission of pdns.conf correct. The default permissions in the package allow the service to read the file. but if indeed it wasn't 755, it won't

Re: [Pdns-users] How to Update from PDNS 4.1.14 to Latest?

Hi Jackson, On 2/24/21 10:56 AM, Jackson Yap wrote: > That means for PDNS authoritative system, we can update directly through > yum with following (on top of existing system): > > yum install epel-release && > dnf install -y 'dnf-command(config-manager)' && > dnf config-manager --set-enabled

Re: [Pdns-users] How to Update from PDNS 4.1.14 to Latest?

Hi Jackson, On 2/24/21 8:57 AM, Jackson Yap wrote: > After checking for compatibility and pdnsutil check-all-zones, how do I > update from one PDNS authoritative server version to another? I would recommend checking after upgrading :). Usually it makes sense to 1. Install the new version 2.

Re: [Pdns-users] How to Update from PDNS 4.1.14 to Latest?

Hi Jackson, On 2/24/21 8:30 AM, Jackson Yap via Pdns-users wrote: > As PDNS 4.1 is EOL, can anyone shares the procedures to upgrade to the > latest PDNS version? I assume is PDNS 4.4.1? There's an upgrade guide on the documentation website that you can follow from your current version to the

Re: [Pdns-users] Drop Requests for domain

Hi Markus, On 10/22/20 9:02 AM, Markus Ehrlicher via Pdns-users wrote: > does exist any option, to drop requests to powerdns authoritative-server > (4.3.1) for *.domain.xyz? There is not. dnsdist[1] could do this for you. But usually dropping queries on you auth is a bad idea, as it gives

Re: [Pdns-users] Why is PowerDNS recursor missing "guardian"?

Hi Steinar, On 6/2/20 12:12 PM, Steinar Haug via Pdns-users wrote: > PowerDNS (authoritative) has the possibility of running within a > guardian process. As far as I can see this functionality is not > available for PowerDNS recursor. Is this something which could be > included in a future

Re: [Pdns-users] Serial lagging in authoritative 4.2.2 using native MySQL sync from 4.1.13

Hi Christian, On 5/15/20 4:03 PM, Cristian Seres via Pdns-users wrote: > they seem to match: > [...] I did some digging and found out the behaviour for INCEPTION-INCREMENT changed between 4.1 and 4.2 (in 4.2.0-alpha1) in commit f613d242[1] in PR #4547[3]. As we'd increase the SOA serial by 2

Re: [Pdns-users] Serial lagging in authoritative 4.2.2 using native MySQL sync from 4.1.13

Hi Christian, On 5/14/20 3:20 PM, Cristian Seres via Pdns-users wrote: > one of three authoritative name servers (ns3) which uses authoritative > version 4.2.2 gives older serial number than the other two which use > version 4.1.13. Can you check the default-soa-edit* settings between the

Re: [Pdns-users] local-port not necessary in auth server?

Hi Kevin, On 4/2/20 1:54 PM, Kevin P. Fleming via Pdns-users wrote: > I just realized that by accident I've been adding a port number in > local-ipv6, and it's been working as I intended, even though the > documentation does not say that port numbers can be included in > local-address or

Re: [Pdns-users] pdnsutil rectify-all-zones

Hi Sean, On 3/30/20 11:40 PM, Sean Lair via Pdns-users wrote: > Should we be running “pdnsutil rectify-all-zones” anytime a new record > is added? Is there a way to automate this after every record or should > we have it scheduled via cron? The answer is 'it depends'. It mostly depends on how

Re: [Pdns-users] Recursor: Response looses AD flag if Lua script hook returns true

Hi Simon, On 3/28/20 5:34 PM, Simon Erhardt via Pdns-users wrote: > We use PowerDNS Recursor to intercept certain lookups and return values > from a database instead. Therefore we use the Luad scripting capability. > Now we noticed that requests with DNSSEC lose the set AD flag when a > hook in

Re: [Pdns-users] 4.2 to 4.3 Authoritative Upgrade path

Hi Giovanni, On 3/17/20 12:15 PM, Giovanni Vecchi via Pdns-users wrote: > thanks for your quick reply. > If 4.2 queries do not ask for that field, I can't figure out what could > go wrong, isn't it? > Otherwise, what's the best upgrade path for this scenario? May I need to > stop every powerdns

Re: [Pdns-users] 4.2 to 4.3 Authoritative Upgrade path

Hi Giovanni, On 3/16/20 6:11 PM, Giovanni Vecchi via Pdns-users wrote: > my scenario is the following: > - several 4.2 Authoritative servers > - multi-master database configuration (Percona XtraDB Cluster for instance) > > In order to upgrade to 4.3 and avoid downtime, is it safe to upgrade the >

Re: [Pdns-users] Disable ENABLE-LUA-RECORDS and PRESIGNED GET queries on remote backend

Hi Vyentis, On 3/5/20 4:45 PM, Vytenis A via Pdns-users wrote: > Can pDNS skip those records completely? Otherwise we'd flood the logs > with 404 errors No it can't, but you can just send an HTTP 200 with this JSON to make pdns not log things: { "result": [] } Best regards, Pieter -- Pieter