On Fri, Nov 18, 2022 at 01:14:27AM +0000, Andy Smith wrote:
> What happens is that a NOTIFY is sent out, PowerDNS sees it and queries
> for SOA and logs this:
>
> Nov 18 00:25:26 daiquiri pdns_server[32452]: While checking domain freshness:
> Query to '2001:ba8:1f1:f085::53' for SOA of
> 'f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa' did not return a SOA
Well, hours of head scratching then I send this email and suddenly find
something that is probably very relevant:
"auth: slave zone soa check does not use tcp if udp answer was
truncated #10447"
https://github.com/PowerDNS/pdns/issues/10447
So, PowerDNS can't retry its SOA queries over TCP.
I assume that bind9's behaviour has changed to be more correct and
there's nothing I can/should configure on that side to let this work
again. So I'll see what the PDNS folks have to say but it looks like
I'll have to upgrade all the PDNS servers and then make use of the
"secondary-check-sgnature-freshness=no" option:
https://doc.powerdns.com/authoritative/settings.html#secondary-check-signature-freshness
Thanks,
Andy
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
