[Pdns-users] rec_control show-yaml experience

[Christoph via Pdns-users]

Hi,

I want to share my experience when trying to upgrade from recursor 5.1 
to 5.2 on debian 12 using the powerdns repo.

Maybe it is of use for others running into the same problems.

After reading
https://docs.powerdns.com/recursor/upgrade.html
https://docs.powerdns.com/recursor/appendices/yamlconversion.html

I used 'rec_control show-yaml' to migrate to the new config format.

after the conversion and the version upgrade to 5.2.0
recursor failed to start with this error:

"YAML config found, but error occurred processing it" error="duplicate 
field `dnssec` at line 2 column 1" subsystem="config" level="0" 
prio="Error" tid="0" ts="1736975704.921" 
configname="/etc/powerdns/recursor.conf"


# content of /etc/powerdns/config.lua:
zoneToCache(".", "axfr", "193.0.14.129")


--------------------------
converted config file using 'rec_control show-yaml'
--------------------------
# Start of converted recursor.yml based on recursor.conf
dnssec:
  aggressive_nsec_cache_size: 0
  log_bogus: false
  validation: validate
incoming:
  allow_from:
  - '127.0.0.0/8'
  - '109.70.100.0/24'
  edns_padding_from:
  - '127.0.0.0/8'
  - '109.70.100.0/24'
  edns_padding_mode: padded-queries-only
  listen:
  - '127.0.0.1:54'
  - '109.70.100.125:53'
  - '109.70.100.136:53'
  max_concurrent_requests_per_tcp_connection: 1000
  pdns_distributes_queries: false
logging:
  common_errors: false
  loglevel: 3
  quiet: true
  rpz_changes: false
  structured_logging: false
  timestamp: true
nod:
  tracking: false
outgoing:
  max_busy_dot_probes: 5
  source_address:
  - '109.70.100.125'
  - '2a03:e600:100::178'
packetcache:
  max_entries: 500000
recordcache:
  max_entries: 10000000
  refresh_on_ttl_perc: 10
recursor:
  config_dir: /etc/powerdns
  extended_resolution_errors: true
  lua_config_file: /etc/powerdns/config.lua
  nothing_below_nxdomain: dnssec
  qname_minimization: true
  setgid: pdns
  setuid: pdns
  threads: 16
  version_string: PowerDNS Recursor
webservice:
  address: '127.0.0.1'
  allow_from:
  - '127.0.0.1'
  - ::1
  loglevel: normal
  password: <removed>
  webserver: true
# Validation result: OK
# End of converted recursor.conf
#
# Start of converted Lua config .yml based on /etc/powerdns/config.lua
dnssec:
  trustanchors: []
recordcache:
  zonetocaches:
  - zone: '.'
    method: axfr
    sources:
    - '193.0.14.129'
# Validation result: OK
# End of converted /etc/powerdns/config.lua
#

---------------------------------------------------------

I'm not sure why the second 'dnssec:' section appears in the file 
because the config.lua has no dnssec lines. To solve this I removed that 
second dnssec section manually from the generated config file.

next error:

msg="YAML config found, but error occurred processing it" 
error="duplicate field `recordcache` at line 2 column 1"

solution:
merged the zonetocache lines from the duplicate recordcache section the 
the first one.

next error:

msg="YAML settings include values originally in Lua but also sets 
`recursor.lua_config_file`. This is unsupported" subsystem="config" 
level="0" prio="Error" tid="0" ts="1736976250.927" 
configname="/etc/powerdns/recursor.conf"

solution:
manually removed this line from the generated config:
lua_config_file: /etc/powerdns/config.lua

After these config changes recursor started again.

best regards,
Christoph

_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users