Re: [Pdns-users] pdns-recursor zone-forward block and allow lists

On 30/04/2024 08:23, Jan Gardian via Pdns-users wrote: tcpdump: " 17:31:22.071802 IP 192.168.0.101.41941 > pdns-recursor.domain: 65094+ [1au] A? liveaqest.live. (55) 17:31:22.072588 IP pdns-recursor.55092 > dns.google.domain: 5457+% [1au] A? liveaqest.live. (43) 17:31:22.090703 IP dns.google.do

Re: [Pdns-users] Signing one entry with pdnsutil

On 12/07/2024 15:15, Roberto Greiner via Pdns-users wrote: In the procedure documented in https://pdnsmanager.org/documentation/letsencrypt/, it says to add the public key to the record using PDNS manager. Just to clarify: there is no "public key" involved in Letsencrypt. It's just a random c

Re: [Pdns-users] Signing one entry with pdnsutil

On 12/07/2024 15:38, Brian Candler via Pdns-users wrote: Just to clarify: there is no "public key" involved in Letsencrypt. It's just a random challenge, and it's just a TXT record. So all you need to learn is how to add a TXT record to your zone - and then remove it aft

Re: [Pdns-users] Question about behavior when settings invalid IP in domain A record

On 26/07/2024 21:27, Jorge Bastos via Pdns-users wrote: DOMANIN.TLD IN A 185.99.65. I inserted that exact invalid IP. It is by design by RFC? If you gave the true domain, we could answer you within a few seconds. But without seeing the true domain and hence the actual problem, we're play

Re: [Pdns-users] Question about behavior when settings invalid IP in domain A record

On 27/07/2024 10:07, Jan-Piet Mens via Pdns-users wrote: DOMANIN.TLD IN A 185.99.65. interesting IP address. Indeed.  The OP emphasised that this is literally the invalid IP address they put in. If the first three octets are correct then the prefix belongs to a Czech internet exchange.

Re: [Pdns-users] Question about recurring log SQL error upon upgrading to 4.7.3 due to Debian upgrade from 11.x to 12.6

On 09/08/2024 07:34, Chris Moody via Pdns-users wrote: Just to add a bit more, I found this exact issue listed on github but have applied the proposed fix and am still experiencing the daemon failure. https://github.com/PowerDNS/pdns/issues/11892 Is there any possibility that the database in

[Pdns-users] Preferred filename of recursor settings

At https://doc.powerdns.com/recursor/yamlsettings.html it says: /Starting with version 5.1.0, in the absence of a recursor.yml file, an existing recursor.conf will be processed as YAML, if that fails, it will be processed as old-style configuration. Packages will stop installing a old-style re

Re: [Pdns-users] Preferred filename of recursor settings

On 10/09/2024 11:56, Otto Moerbeek wrote: Whether to read .yml or .conf include files is determined by the format of mai settings file, not the name. I understand that. Let me rephrase: is a brand new installation going to install the (yaml) configuration as "recursor.conf" or "recursor.yml"?

Re: [Pdns-users] Return CNAME or other alias backend as A

On 05/02/2020 20:31, Daniel Miller via Pdns-users wrote: The above domain would be invalid as CNAME's are illegal for MX and NS records. But is there perhaps a configuration setting that would have PowerDNS internally resolve and return the CNAMEs as the correct A records - so any query of this

Re: [Pdns-users] Return CNAME or other alias backend as A

On 06/02/2020 15:18, Daniel Miller wrote: I initially thought so - but per the manual, "The ALIAS record provides a way to have CNAME-like behaviour on the zone apex." As far as I'm aware, there's no limitation to use it only at the zone apex.  It's just that the zone apex has NS and SOA recor

Re: [Pdns-users] Best way to setup pdns for ACME challenges and "virtual" entries

On 01/03/2020 19:28, Michael Rommel via Pdns-users wrote: 1. the easy one: put the challenge of ACME into the DNS at runtime. Now, I did this previously with isc-bind and used the dynamic dns update feature for the relevant zone. Since I have not yet hands-on-experience with pdsn, I am asking f

Re: [Pdns-users] Recursor and subdomain forward

On 20/03/2020 10:38, Giovanni Vecchi via Pdns-users wrote: is there a "smart" way to instruct recursor to forward zone and each own "subdomain" to an authoritative server? Something like this: forward-zone=*.domain.local= The expectation is that queries to every level starting from domain.loc

Re: [Pdns-users] Recursor and subdomain forward

On 20/03/2020 10:56, Giovanni Vecchi via Pdns-users wrote: @Brian: my bad, my local domain isn't an ".local" one but ".sec", so please consider domain.sec as root domain The current behaviour is that public root domain are queried for every *.domain.sec from recursor instead the authoritative on

Re: [Pdns-users] Recursor and subdomain forward

Works for me, with 4.3.0-1pdns.bionic Added to recursor.conf: forward-zones=domain.sec=127.0.0.1:5300 Restarted pdns-recursor Test: root@cache1:~# dig @localhost testing.domain.sec a ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @localhost testing.domain.sec a ; (1 server found) ;; global options

Re: [Pdns-users] Recursor and subdomain forward

On 20/03/2020 17:18, Giovanni Vecchi via Pdns-users wrote: I think the problem was that following zone forwarding need to be configured with "forwarding-zone*+*=" directive, but if I didn't find any feedback in the documentation (https://doc.powerdns.com/recursor/settings.html#forward-zones): m

Re: [Pdns-users] Recursor and subdomain forward

On 23/03/2020 13:28, Giovanni Vecchi via Pdns-users wrote: /sudo rec_control get-parameter forward-zones forward-zones=""/ From rec logs: /Mar 23 13:21:05 server pdns_recursor[9349]: Reading zone forwarding information from '/etc/powerdns/recursor.d/zones.conf' Mar 23 13:21:05 server pdns_recu

Re: [Pdns-users] Hidden Master, Dynamic IPv4, IPv6 Privacy

On 27/03/2020 16:23, Matthew Monaco via Pdns-users wrote: What is PDNS protecting me from by requiring that the slave keeps a list of master IPs in the `domains` table? Notifies are optional and unreliable, so they can't be depended on. By design, slaves contact the master periodically, to che

Re: [Pdns-users] Hidden Master, Dynamic IPv4, IPv6 Privacy

On 27/03/2020 19:41, Klaus Darilion via Pdns-users wrote: DNS Master/Slave was not designed for dynamic IP addresses. As a workaround you could use some overlay whoch provides a static IP (OpenVPN, stunnel, ssh tunnels, ...) Good point. Wireguard would be a great fit for this: it works very we

Re: [Pdns-users] IPv4 shared address space (100.64.0.0/10) Reverse Zone

On 03/04/2020 08:36, Giovanni Vecchi via Pdns-users wrote: is there a way to create a single reverse zone for 100.64.0.0/10 in Auth Server? Reverse delegation is done on octet boundaries, so you'll need to create 64.100.in-addr.arpa to 127.100.in-addr.arpa inclusive. I

Re: [Pdns-users] pdns-recursor - Recursor options to ignore when authoritative server does not set the AA bit in DNS reply

On 15/04/2020 15:37, Caleb Bontrager via Pdns-users wrote: The question I have is if there is a configuration ability to remove the AA bit requirement for resolution? I can't answer the specific question, but I tested that my own local pdns-recursor (4.3.0-1pdns.bionic) *is* able to resolve le

Re: [Pdns-users] Force NXDOMAIN status response

On 30/04/2020 14:47, Giovanni Vecchi via Pdns-users wrote: is there a way to force pdns recursor to reply with NXDOMAIN instead of SERVFAIL in case of REFUSED replies by auth? The scenario is the following: - auth zones: good.beer and its subdomains - rec forward every *.good.beer query to aut

Re: [Pdns-users] Force NXDOMAIN status response

On 30/04/2020 15:55, Giovanni Vecchi via Pdns-users wrote: auth is 4.3.0 and it reply with REFUSED for unknown zones because of that: https://blog.powerdns.com/2015/03/02/from-noerror-to-refused/ Have you tested it?  An unknown zone is not the same as a subdomain of a configured zone. Think

Re: [Pdns-users] Force NXDOMAIN status response

On 30/04/2020 16:28, Giovanni Vecchi via Pdns-users wrote: I think I understood what's going on: only subdomain zones were created but not tld. For instance: - good.beer does not exists - foo.good.beer exists Ah, makes sense.  In that case, indeed you're lame for "bar.good.beer". So just cre

Re: [Pdns-users] ecs-add-for in recursor 4.3.0 failing to match IPv6 subnet

On 02/05/2020 13:36, Kevin P. Fleming via Pdns-users wrote: Unless I've misunderstood something, this appears to be a bug, as "::" should have matched any incoming IPv6 address. I'd say "::/0" should match any incoming IPv6 address - have you tried that? I would expect "::" only to match the s

Re: [Pdns-users] ecs-add-for in recursor 4.3.0 failing to match IPv6 subnet

On 02/05/2020 14:14, Kevin P. Fleming wrote: The docs for this setting show '::' in the defaults, but clearly that is incorrect as it should be '::/0', and that misled me. Ah I see: https://docs.powerdns.com/recursor/settings.html#ecs-add-for I think it's worth raising a github ticket for that

Re: [Pdns-users] recursor fail to resolve

On 04/05/2020 13:41, Remi Gacogne via Pdns-users wrote: I don't know how bind does resolve but we are doing the right thing here, we get a delegation to two NS (mail1.alestra.net.mx. and dns.alestra.net.mx.) for s-s.mx. from the mx. zone, and both of these servers fail to respond to the first req

Re: [Pdns-users] dnssec and lua-config--file

On 13/05/2020 08:18, Pierrick CHOVELON via Pdns-users wrote: Now, let's imagine I want to resolve foo.example.net and also bar.example.net . Do I have to create two zone files one for foo.example.net and one for bar.e

Re: [Pdns-users] dnssec and lua-config--file

On 13/05/2020 09:05, Pierrick CHOVELON wrote: Thx, both of you. It works like a charm. Great.  Also look at the "auth-zones" option - depending on your use case it may be another option. https://docs.powerdns.com/recursor/settings.html#auth-zones I'll have a look on the forward-zones-file.

[Pdns-users] dnstap problem

I am trying to get dnstap to work with pdns-recursor 4.3.1-1pdns.bionic from the powerdns repo, under Ubuntu 18.04, but failing. I want to send to a remote network destination.  I've added one line to /etc/powerdns/recursor.lua, so it now looks like this: -- Debian default Lua configuration f

Re: [Pdns-users] dnstap problem

On 22/06/2020 07:03, Otto Moerbeek wrote: AF 2 is inet, not inet6, in /usr/include/sys/socket.h on my (OpenBSD) machine: #define AF_INET 2 Ah I see, I was going by pdns/dnstap.proto: // SocketFamily: the network protocol family of a socket. This specifies how // to interpret "network

Re: [Pdns-users] Running auth server and recursor on the same server, upgrading from 4.0.9

On 23/06/2020 19:07, Yves Goergen via Pdns-users wrote: I have only one server and one IPv4 address, so using a multi-IP setup just isn't possible. With the decreased availability of IPv4 addresses, this isn't realistic either. It's not a problem: your recursor can be behind NAT on a private I

Re: [Pdns-users] Running auth server and recursor on the same server, upgrading from 4.0.9

On 23/06/2020 19:38, Juraj Lutter wrote: While we’re at it: How would one solve the situation where the domains are in, like, SQL? Well, I'd probably just run a cronjob to do a SQL query and write them out periodically. But I've come across a situation where I would need to do this. Regular

Re: [Pdns-users] Running auth server and recursor on the same server, upgrading from 4.0.9

On 23/06/2020 19:45, Brian Candler via Pdns-users wrote: On 23/06/2020 19:38, Juraj Lutter wrote: While we’re at it: How would one solve the situation where the domains are in, like, SQL? Well, I'd probably just run a cronjob to do a SQL query and write them out periodically. But I&#x

Re: [Pdns-users] Running auth server and recursor on the same server, upgrading from 4.0.9

On 23/06/2020 19:47, Yves Goergen wrote: Okay, so I'll have to repeat all the domains from the auth server's database in a static config file? What's the use of the database then? Well, if your authoritative server has a public IP address, then you can just put NS records in the parent zone -

Re: [Pdns-users] Syslog configuration, files are almost identical

On 01/07/2020 16:03, Pierrick CHOVELON via Pdns-users wrote: I'm running a powerdns-recursor server and I configured the syslog part to log into the facility 5. I used the default configuration with the tree files and put them in /var/log/pdns : local5.info                  

Re: [Pdns-users] Unable to forward-zone to primary PowerDNS server

On 06/07/2020 17:13, Clarence Mills via Pdns-users wrote: Just recently set up a network containing  1 dnsdist, 1 reccursor  and 1 PDNS server. I'm unable to resolve my internal domain  millsresidence.com. I'm using forward-zones-recurse=millsresidence.com=192.168.0.32 within my recursor. i've

Re: [Pdns-users] Unable to forward-zone to primary PowerDNS server

On 06/07/2020 22:07, Clarence Mills wrote: Here's the output of the dig commmand That looks sound. For comparison, I am running pdns-recursor 4.3.2 for my home network.  recursor.conf contains: allow-from-file=/etc/powerdns/allow.nets config-dir=/etc/powerdns forward-zones-file=/etc/powerdn

Re: [Pdns-users] PowerDNS Recursor 4.3.3 and 4.2.4 released

On 17/07/2020 13:13, Bjoern Franke via Pdns-users wrote: is something stuck with the package builds? Inhttp://repo.powerdns.com/ubuntu/pool/main/p/pdns/ the last 4.2.x builds for bionic are 4.2.2. I just did an update and I got this as expected: root@cache1:~# dpkg-query -l | grep pdns ii  p

Re: [Pdns-users] pdns+dnsdist doesn't act like authoritative server

On 20/07/2020 06:55, Ted Fines via Pdns-users wrote: I should clarify what exactly happens.  When I execute a ‘dig’, I see the Question and the Authority section (which is the .vu TLD authority) but nothing in the Answer section.  When I was only using pdns, without the recursor and dnsdist,

Re: [Pdns-users] Log written in multiple files

On 29/07/2020 08:10, Pierrick CHOVELON via Pdns-users wrote: But logs are still written in /var/log/messages Have you got any idea ? This is an rsyslog issue, not a pdns issue. You probably have /etc/rsyslog.d/50-default.conf containing *.*;auth,authpriv.none  -/var/log/syslog which

Re: [Pdns-users] Issues with PowerDNS Authoritative Server on CentOS7

On 17/08/2020 22:33, Fabio Perez via Pdns-users wrote: I installed 2 VMs each running PowerDNS as Authoritative servers, but for whatever reason I cannot make this to work. When I set other VMs with the nameserver of my DNS, none of my query get resolved. That sounds like expected behavio

Re: [Pdns-users] Issues with PowerDNS Authoritative Server on CentOS7

On 18/08/2020 16:05, Fabio Perez wrote: Hello Brian, Thanks for getting back to me, but now I’m even more confuse. I though that If I create an Authoritative DNS sever and add that IP on a different VM as a nameserver, the second VM will only receive answers from the DNS if the DNS has that

Re: [Pdns-users] Issues with PowerDNS Authoritative Server on CentOS7

On 18/08/2020 19:44, Fabio Perez wrote: Hello Brian, Thank you so much for all of that information. I think I understand a little bit more this DNS. If I may ask you something more: What I want to do is to build a website (https://www.mosaic.site) where people can open an account with us a

Re: [Pdns-users] TSIG with bind backend

On 24/08/2020 14:22, Brian Candler via Pdns-users wrote: One option is to import your BIND zone files into one of the database backends to powerDNS. I should have added: one of the big benefits to using a SQL backend is that you can use native SQL replication (e.g. mysql replication or psql

Re: [Pdns-users] TSIG with bind backend

On 24/08/2020 13:43, Frédéric Benoit via Pdns-users wrote: everything that i use works well except TSIG. I indeed need some machines on my network to update dns record. I think you mean Dynamic DNS updates (TSIG can be used for different things, e.g. AXFR) Unfortunately, I believe the BIND b

Re: [Pdns-users] How to set up pdns recursor to repeat the query if it does not get an answer

On 18/09/2020 15:05, Mira Krejci via Pdns-users wrote: thank you for your reply. If it's a feature and can't be changed, I have a big problem that I'll have to solve by changing the software to another. For example, Bind asks more than once if answer does not come. Users are angry that DNS reso

Re: [Pdns-users] PowerDNS Recursor (+PDNS?) and auto-update of local hostname DNS

On 17/10/2020 03:22, Nicholas Williams via Pdns-users wrote: Hello all, For background/context, I currently run a geographically-dispersed PowerDNS infrastructure with a MySQL backend publicly, and then on a private network I run PowerDNS Recursor for name resolution. My router software is V

Re: [Pdns-users] PowerDNS Recursor (+PDNS?) and auto-update of local hostname DNS

On 17/10/2020 20:54, Nicholas Williams wrote: First, the concern. I run MySQL in master/slave replication mode. I have a master MySQL server that I write to, and the PowerDNS servers connect to the slaves, not the master. Is there some way to tell PowerDNS to send updates to the master, or wil

Re: [Pdns-users] Logging queries out of the zones with IP

On 19/10/2020 16:14, Luis Daniel Lucio Quiroz via Pdns-users wrote: I am trying to build a fail2ban rule. Because my PDNS is not a public DNS, but it just hosts specific zones nobody should be querying anything else but those specific zones, right? I can't find an option to log those queries.

Re: [Pdns-users] NAT PowerDNS Server

On 21/10/2020 13:02, jurgen Isaacs via Pdns-users wrote: Our contractor setup two DNS servers each with internal and external ip . We would like to bind all requests to the private ip and VIP the public ip on the firewall to the internal private ip basically running all request from outside v

Re: [Pdns-users] Front End for powerdns auth

On 02/11/2020 17:34, Eric Beck via Pdns-users wrote: Does anyone know of a current web front end for powerdns auth 4.xx The old poweradmin 2.17 is ages old. I've searched but didn't find anything. There's a big list here: https://github.com/PowerDNS/pdns/wiki/WebFrontends ___

Re: [Pdns-users] recursor failing to pick up change in master .ca zone file

On 16/11/2020 15:35, Eric Beck via Pdns-users wrote: The recursor was still one .ca master zone file behind I'm not sure what you mean by "one .ca master zone file behind". The recursor doesn't copy the zone file; it reads (and caches) individual records. , even after plenty of time had el

Re: [Pdns-users] Additional UDP ports

On 22/11/2020 20:21, Yves Goergen via Pdns-users wrote: I've noticed that the PDNS server listens on more than the configured ports. There are several other UDP ports open: ss -ulpn |egrep 'State|pdns' State  Recv-Q Send-Q  Local Address:Port  Peer Address:Port Process UNCONN 0  0   19

Re: [Pdns-users] IXFR request refused response

On 23/11/2020 13:33, Sebastian Sandberg via Pdns-users wrote: I have questions regarding IXFR. I have a problem in my lab where pdns is refusing IXFR requests to check current serial of a master zone in pdns. This seems to appear when IXFR is requested over UDP. Aside: I see in ./docs/modes-

Re: [Pdns-users] IXFR request refused response

On 24/11/2020 07:12, Sebastian Sandberg wrote: I have a problem when sending zone updates from pdns to Opendnssec for zone signing. After sending a notification from pdns to opendnssec, opendnssec request ixfr over udp and gets back rcode REFUSED. Have not yet found a solution for this. Perh

Re: [Pdns-users] API to add additional IP to an existing hostname

On 25/11/2020 14:23, Rudy Setiawan via Pdns-users wrote: So sorry I think there is a misunderstanding, I am not thinking of replacing an existing rrset but more of adding a new rrset with the same hostname but different IP address. For example: app.test.com IN A 1.1.1.1 a

Re: [Pdns-users] Reg. PDNS recursor Ver 4.1.16

On 09/12/2020 07:30, Kiran Kumar via Pdns-users wrote: How do we minimize answers-slow, We are running on CentOS Linux release 7.9.2009 (Core) on VM with 4VCPUs and 16GB RAM. rec_control get-all | grep answer *answers-slow    80903* answers0-1      598471 answers1-10     1057756 answers10-100 

Re: [Pdns-users] allow-dns update-from

https://docs.powerdns.com/authoritative/settings.html#allow-dnsupdate-from The netblock "0.0.0.0/0" matches all IPv4 addresses, and "::/0" matches all IPv6 addresses.  You will see this in the example given immediately afterwards: https://docs.powerdns.com/authoritative/settings.html#allow-no

Re: [Pdns-users] AXFR Zone Transfer Problem

On 08/01/2021 16:22, Ralph via Pdns-users wrote: I configured PowerDNS Auth and recursor on one vm. Everything works fine - recursion, authoritative zone etc How? Bound to different ports I am guessing? I think the problem is the pdns recursor which is configured in front of the construct

Re: [Pdns-users] AXFR Zone Transfer Problem

On 08/01/2021 16:47, Ralph wrote: Is this even possible to add a port to the master ip on the slave ? Depends what the slave is running.  I know you can with bind. I've never tried it with pdns-auth or any other auth server. As I understood it correctly I require the recursor. I'm not sure

Re: [Pdns-users] AXFR Zone Transfer Problem

On 08/01/2021 21:04, Ralph via Pdns-users wrote: Is it possible to put the pdns-auth in front, so that every request for which we are not responsible for gets forwarded to the pdns-recursor? No, that's not possible. As I said before, they are doing different jobs.  Bind the two processes to

Re: [Pdns-users] Dnstap and kafka

On 13/01/2021 14:58, Michael Chisina via Pdns-users wrote: I want to frame stream powerdns  recursor DNS query and response using dnstap to an apache kafka remote server (202.20.20.1). # what are the configurations needed on recursor? dnstap doesn't talk to kafka. You'll need to run some midd

Re: [Pdns-users] Dnstap and kafka

On 14/01/2021 13:11, Michael Chisina wrote: Thanks for the info # is there any need for middleware software if I use dtap (dnstap favoured) following from github https://github.com/mimuret/dtap#kafka That *is* the middleware software. _

Re: [Pdns-users] Powerdns server is not passing Authority parameter

On 19/01/2021 08:40, Dedan Irungu via Pdns-users wrote:    recursive_ips:addMask('0.0.0.0/0 ') -- These network masks are the ones from allow-recursion in the Authoritative Server      addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor')) These two lines togeth

Re: [Pdns-users] Powerdns server is not passing Authority parameter

On 19/01/2021 10:07, Dedan Irungu via Pdns-users wrote: The issue was on dnsdist configuration it worked by changing.     recursive_ips:addMask('0.0.0.0/ 0')      to     recursive_ips:addMask('127.0.0.1/8 ') Thank you for your assistance. By the way, if

Re: [Pdns-users] Pipebackend can't run backend

On 21/01/2021 20:48, Dan Campbell - dan--- via Pdns-users wrote: I just installed the Authoritative server 4.4.0 on a CentOS 8 virtual machine and I’m trying to get a simple pipebackend running. The backend is a python script that runs from the command line, but pdns_server fails to start an

Re: [Pdns-users] Pipebackend can't run backend

On 21/01/2021 23:11, Dan Campbell - dan--- via Pdns-users wrote: The problem was this line in the pdns.service file: ProtectHome=true Changing it to false solved he problem. Good catch - thanks for sharing! ___ Pdns-users mailing list Pdns-users@m

Re: [Pdns-users] how to make each record has it's own TTL for multiple records with the same name and type?

On 23/01/2021 15:44, Mohamed Alsemany via Pdns-users wrote: I have this problem while using powerdns api , I can't use multiple records with the same name and type with different TTL for each record ! Do you mean something like this? foo.bar. IN 120 A 1.2.3.4 foo.bar. IN 60 A 5.6.7.8 This is

Re: [Pdns-users] build powerdns in docker mode failed

On 03/02/2021 16:43, Cheikh Dieng via Pdns-users wrote: *COPY failed: file not found in build context or excluded by .dockerignore: stat builder/helpers/set-configure-ac-version.sh: file does not exist * It's in a git submodule: $ cat .gitmodules [submodule "builder"]     path = builder

Re: [Pdns-users] Ubuntu trusty packages gone?

On 05/02/2021 09:49, nocturo--- via Pdns-users wrote: I’ve noticed that trusty has been dropped from the repo.powerdns.com and my systems are failing to update. Is there a reason for this as I can’t find any information on it, and trusty is still a supported for a good year by Ubuntu. Actuall

Re: [Pdns-users] Ubuntu trusty packages gone?

On 05/02/2021 10:48, Markus Ehrlicher via Pdns-users wrote: Trusty is Ubuntu 14.04 and this version is out of support since nearly two years D'oh, my mistake (I hate codenames) ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mail

Re: [Pdns-users] PowerDNS Authoritative Server 4.4.1

On 08/02/2021 11:23, Peter van Dijk via Pdns-users wrote: On Mon, 2021-02-08 at 12:07 +0100, Peter van Dijk wrote: is available at downloads.powerdns.com and packages for CentOS 7 and 8, Debian Buster, Ubuntu Xenial, Bionic and Focal are available from repo.powerdns.com. Correction: because Xen

Re: [Pdns-users] Dynamic DNS Script

On 17/02/2021 11:22, Kevin P. Fleming via Pdns-users wrote: If you are the operator of the zone where that host entry lives, and you are serving that zone using a PowerDNS Authoritative Server, then the answer is yes. The Auth Server supports RFC2136 (https://doc.powerdns.com/authoritative/dnsupd

Re: [Pdns-users] PowerDNS Authoritative Server 4.4.1

On 19/02/2021 09:01, Peter van Dijk via Pdns-users wrote: Our plan: * reinstate 4.4 (and older, I think) for Stretch soon * communicate clearly * most likely not release 4.5 for Stretch * remove Stretch again somewhere late in 2021 That all sounds very reasonable to me, thank you.  Having both

Re: [Pdns-users] How to Update from PDNS 4.1.14 to Latest?

On 24/02/2021 11:24, Jackson Yap via Pdns-users wrote: curl -o /etc/yum.repos.d/powerdns-auth-master.repo https://repo.powerdns.com/repo-files/centos-auth-master.repo For production, use the "4.4.x" branch, not the "master" branch. ___ Pdns-users mai

Re: [Pdns-users] DNSSEC UDP problems

On 09/03/2021 14:01, Steffan via Pdns-users wrote: [powerdns-auth-master] name=PowerDNS repository for PowerDNS Authoritative Server - master branch baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/auth-master For production use, you would be better with the "version 4.4.X" branch

Re: [Pdns-users] [E] Re: How to update IP address of records

On 23/03/2021 17:29, Chhavi Mittal via Pdns-users wrote: Yes, I didn't realize that the 'content' column is not indexed. It's actually a much bigger problem then. Is there any other smarter way to perform IP address updates? As well as CNAME, have you looked at the ALIAS pseudo-RR type? https

Re: [Pdns-users] [E] Re: How to update IP address of records

On 25/03/2021 21:49, Chhavi Mittal wrote: Hello, This ALIAS approach is exactly what I was looking for. Thank you for sharing it.! I tried to set it up and now have both pdns authoritative and recursor servers running on my host and I have added following entries in my DB but when I try to do

Re: [Pdns-users] Ask for upgrade pdns authoritative from 4.1.3 to 4.4.1

On 26/03/2021 11:59, Wafa BEN KHOUD via Pdns-users wrote: Please, can you describe me how upgrade pdns authoritative from 4.1.3 to 4.4.1? 1. Read the release notes for the intervening major versions, in particular check for "Removed Features" to see if anything that you depend on will break.

Re: [Pdns-users] CNAME RRset issues

On 26/03/2021 20:29, Larry Wapnitsky via Pdns-users wrote: I'm looking to replace A records with CNAMES, and have been able to do so seamlessly on one of my domains, but another keeps giving me errors relating to RRSET conflict ( IN CNAME: Conflicts with pre-existing RRset). I've deleted the n

Re: [Pdns-users] ALIAS not resolving to IP address

On 29/03/2021 21:34, Chhavi Mittal via Pdns-users wrote: I have a pdns and pdns_recursor running on the same server and I have one ALIAS record and one A record for the alias both belonging to the same domain entry but when I do 'dig' on the ALIAS it's not returning an answer. In that case wh

Re: [Pdns-users] [E] Re: ALIAS not resolving to IP address

On 31/03/2021 20:12, Chhavi Mittal wrote: This is what I get in tcpdump: I see a call to 53 for securityservices and then a call to 8699 for mydomain.com and then 2 more pair of calls for the same but end result is a timeout. 12:09:18.666913 IP (tos 0x0, ttl 64, id 5331,

Re: [Pdns-users] [E] Re: ALIAS not resolving to IP address

On 31/03/2021 20:57, Brian Candler via Pdns-users wrote: OK, so auth sends the request for mydomain.com to the recursor on 8699, but the recursor doesn't forward it to auth on localhost:53, so your dig client times out and retries 5 seconds later. Is your recursor definitely listeni

Re: [Pdns-users] PDNS with no direct access to root servers

On 06/04/2021 12:30, Eelco via Pdns-users wrote: I've setup a pdns/pdns-recursor with it's own zones. The pdns/pdns-recursor is behind a firewall with no access to any root-servers. The pdns/pdns-recursor is working for the local zones and can forward queries to a DNS server through a firewal

Re: [Pdns-users] Planning a PowerDNS Auth Server Upgrade - 3.3.3 > Latest

On 06/04/2021 13:01, Charlie R via Pdns-users wrote: What other obvious things am I missing? What else should I be looking at / better understanding? Check the upgrade guides and changelogs

Re: [Pdns-users] LMDB or SQLite backend

On 27/04/2021 16:07, Ambauen Daniel (ID NET) via Pdns-users wrote: One reason is I don't want to have a separate server process for the database. ... Our DNS system includes ~ 1100 domains and 600'000 domain names without DNSSEC. One domain is very large (400'000 records), many are smaller than

Re: [Pdns-users] DNS Forwarding on Master/Slave Servers

On 07/05/2021 06:14, Steven Garner via Pdns-users wrote: I have a noob question about DNS forwarding - just implemented pdns version 4.2.1 on three servers on separate networks I have to ask: why are you implementing something which is approaching end-of-life?  PowerDNS Authoritative current v

Re: [Pdns-users] DNS Forwarding on Master/Slave Servers

On 07/05/2021 11:35, Steven Garner wrote:  I thought the best practice to ensure current software on Ubuntu was to use apt, first to update and then to install: sudo apt update sudo apt install pdns-server pdns-backend-mysql -y That gives you some version which has probably percolated

Re: [Pdns-users] DNS Forwarding on Master/Slave Servers

On 07/05/2021 22:38, Steven Garner wrote: Create the file: '/etc/apt/sources.list.d/pdns.list' with this content: deb [arch=amd64] http://repo.powerdns.com/ubuntu  focal-auth-44 ... E: Malformed entry 1 in list file /etc/apt/so

Re: [Pdns-users] DNS Forwarding on Master/Slave Servers

On 08/05/2021 14:54, Steven Garner wrote: Thank you for your continued support and patience.  That did it: Followed the installation steps, and then: => Job for pdns.service failed because the control process exited with error code. => journalctl -xe:  Unable to open /etc/powerdns/pdns.d/pdns.

Re: [Pdns-users] DNS Forwarding on Master/Slave Servers

On 08/05/2021 16:14, Steven Garner wrote: If I want to provide authoritative dns for several hundred public domains, am I correct that (as of version  4.1.0), I need to install PowerDNS Recursor (v 4.5.X) and dnsdist (v 1.6.X) in addition to PowerDNS Authoritative Server (v 4.4.X), to allow for

Re: [Pdns-users] PDNS working on localhost but not publicly

On 14/05/2021 02:55, Steven Garner via Pdns-users wrote: The router connecting ns2.opensourceserver.io 's 207.177.51.156 public IP address to the PDNS server's 192.168.1.2 private IP address is RouterOS 6.42.12, NAT/port forwarded: /ip firewall nat add

Re: [Pdns-users] Private IP Addresses in DNS Records

On 14/05/2021 13:03, Nikolaos Milas via Pdns-users wrote: 2. If anyone on the Internet looks up *directly* a particular hostname under private.noa.gr zone (e.g. example.private.noa.gr), won't they be able to see data about it? Shouldn't we somehow deny all Internet requests for that particular

Re: [Pdns-users] Private IP Addresses in DNS Records

On 14/05/2021 16:13, Nikolaos Milas wrote: Hmm, probably you mean IPv6 Link-local addresses (rather than GUAs); GUAs are reachable indeed. GUAs aren't necessarily reachable: you can have internal ranges that are not routed, or blocked by ACLs.  Or he might have meant ULAs. Either way, I agree

Re: [Pdns-users] Upgrading Auth Server directly from 4.1.14 to 4.4.1

On 19/05/2021 19:40, Nikolaos Milas via Pdns-users wrote: Can we upgrade directly to 4.4.1 provided we do pertinent config changes as described in the upgrade guide, or it is suggested to upgrade in steps, e.g. to the last point release of each major version (4.1.14 --> 4.2.3 --> 4.3.2 --> 4.4.

Re: [Pdns-users] Geo DNS - Apex Alias (not resolving)

$ dig +short @dns0.hotchilli.uk. geo.hotchilli.co.uk. a 46.17.220.152 $ dig +short @dns0.hotchilli.uk. hotchilli.co.uk. a 10.0.2.18 I see that's the response you configured for "unknown.geo.hotchilli.co.uk" I'd be inclined to use tcpdump to look at queries from dist to auth, auth to recursor, a

Re: [Pdns-users] Sub-domains and zones

On 18/06/2021 05:16, Daniel Miller via Pdns-users wrote: Given a published zone of ".myzone.com" - I want to have a list of hosts like: a.sub.myzone.com b.sub.myzone.com c.sub.myzone.com Nothing special. I can implement this by explicitly declaring each host in my parent zone - and this works

Re: [Pdns-users] Zone transfert rejected in Powerdns Letsencrypt challenge

On 21/06/2021 08:53, Cheikh Dieng via Pdns-users wrote: Hi, My powerdns reject request for zone transfert . My powerdns domain is "cloud.lfpw.dsna.fr " it is a sub domain of "lfpw.dsna.fr " (this parent domain  is not a powerdns solution). For

Re: [Pdns-users] Zone transfert rejected in Powerdns Letsencrypt challenge

On 22/06/2021 12:33, Jan-Piet Mens via Pdns-users wrote: For Letsencrypt protocol to generate certificate I have to enable zone transfer in my powerdns. I think you mean "DNS Updates" for Let's Encrypt dns-01, but I don't believe these are possible in PowerDNS with the LDAP backend. Possibly

Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN

On 22/06/2021 14:55, Thomas via Pdns-users wrote: I have upgraded pdns authoritative server from version 4.3 to version 4.4.1 on CentOS 7, MySQL is the backend. If I query a CNAME record on both servers I get the following error (do not remember if it worked before the upgrade): [root@pdns1 lo

  1   2   3   >