Hi Matthew, Matthew Pounsett schreef: > > I seem to have run into a problem with NOTIFY messages sent from a > master pdns server to its slaves. It seems that the interface > selected to be the source of the notify messages is not necessarily > the same interface that pdns listens to for answering queries... and > therefore may not be the interface where slaves expect to find their > master. This is using pdns 2.9.22 on various operating systems. > > I'm managing a configuration with many name server processes running > on individual servers, each holding zones belonging to a single > customer or service. In the this example case I'm dealing with now, I > have two pdns masters running on one server handling different sets of > zones. The server is configured with two interfaces, 192.0.2.1 and > 192.0.2.2. > > Using the local-address directive, the first master is configured to > use 192.0.2.1 and the second is using 192.0.2.2. The master on > 192.0.2.1 works fine, and the slaves see notify messages from the > correct place and all is good. However, the second master is also > sending its notify messages from 192.0.2.1. Since its slaves are > configured to talk to 192.0.2.2, they see this as a notify from an > unauthorized source, and so they ignore it. > > I initially thought this might be a problem with the network > configuration on the servers, until I took a look at the pdns > processes with lsof. Here is the lsof output section reporting the > network interfaces pdns is connected to: > > pdns_serv 21870 root 5u IPv4 45796887 UDP > 192.0.2.2:domain > pdns_serv 21870 root 7u IPv6 45796889 UDP > [2001:DB8::2]:domain > pdns_serv 21870 root 9u IPv4 45796891 TCP > 192.0.2.2:domain (LISTEN) > pdns_serv 21870 root 11u IPv6 45796893 TCP > [2001:DB8::2]:domain (LISTEN) > pdns_serv 21870 root 13u IPv4 45796895 TCP > 127.0.0.1:sunproxyadmin (LISTEN) > pdns_serv 21870 root 17u IPv4 45796903 UDP > *:27740 > > I can see on the slave side that notify messages are arriving from > 192.0.2.1:27740. It seems pretty clear that the master is using the > UDP port bound to INADDR_ANY to send notify messages, which seems to > me to be a problem. > > It seems likely this could be fixed by changing that particular socket > call to use the address defined by local-address in the .conf file. > Unfortunately, my c++ isn't nearly good enough to track that down and > produce a patch. > > Can anyone else confirm this behaviour, and/or suggest a fix? I can only comment on ipv4 but there is a configuration-option called "query-local-address" just for this purpose. Search http://doc.powerdns.com/all-settings.html for this option to see the explanation.
Good luck. Regards, Ton _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users