Problem is that the error is reported by Zerigo, so you'll have to contact them to figure out whats wrong.
> >>Feb 6 02:18:03 powerdns pdns[30068]: Received unsuccessful > >>notification report for 'example.com' from 68.71.141.22:53, rcode: 5 This line here says that 68.71.141.22 tells you it was unable to comply. Aki On Thu, Feb 06, 2014 at 04:59:53PM +0530, sajid-gmail wrote: > > Hi Aki Tuomi, > > our slave server is Zerigo.net. > We do not have any access to that slave server for firing that > command which you have given me, > > For that testing purpose, I have put our live IP in axfr setting & > we got the result which is shown below, > > dig axfr example.com @powerdns.bmsend.com > > ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> axfr example.com @master.server.com > ;; global options: +cmd > example.com. 300 IN SOA a.ns.zerigo.net. > sysad.server1.com. 2014012701 3600 60 604800 86400 > example.com. 300 IN NS a.ns.zerigo.net. > example.com. 300 IN NS b.ns.zerigo.net. > example.com. 300 IN NS c.ns.zerigo.net. > example.com. 300 IN NS d.ns.zerigo.net. > example.com. 300 IN NS e.ns.zerigo.net. > example.com. 300 IN NS f.ns.zerigo.net. > example.com. 300 IN A 76.74.155.235 > www.example.com. 300 IN CNAME example.com. > example.com. 300 IN MX 10 > mail.rediffmailpro.com. > example.com. 300 IN SOA a.ns.zerigo.net. > sysad.server1.com. 2014012701 3600 60 604800 86400 > ;; Query time: 514 msec > ;; SERVER: 38.x.x.x#53(38.x.x.x) > ;; WHEN: Thu Feb 6 16:04:52 2014 > ;; XFR size: 12 records (messages 3, bytes 470) > > > From above output, > AXFR is seem to be working fine > > Awaiting your kind reply. > > Thanks > > > On 02/06/2014 04:00 PM, Aki Tuomi wrote: > >Hi Sajid, > > > >Please go to your *slave* host and run > > > >dig axfr domain @master > > > >Also, please check your slave and master log files. > > > >Aki > > > >On Thu, Feb 06, 2014 at 03:56:08PM +0530, sajid-gmail wrote: > >>Hello, > >> > >>Now, we disabled the IPV6 notification issue, > >> > >>But still we got below error, > >> > >>Feb 6 01:54:36 powerdns pdns[28933]: *Received unsuccessful* > >>notification report for 'example.com' from x.x.x.x:53, rcode: 4 > >> > >> > >>Also, > >> > >>We would like to mentioned that we had setup Powerdns as a hidden master, > >>& when we notified to our slave DNS server from our Master using > >>below commands then our Master servers sent notification to all the > >>real Name servers of the domain which we have not define or specify > >>in pdns.conf of hidden master server. > >> > >>allow-axfr-ips= 68.71.141.22 174.36.24.251 > >>disable-axfr=no > >> > >> > >>Command that we fired on Master: > >>------------------------------------ > >>*pdns_control notify example .com* > >>pdns_control notify-host example.com 68.71.141.22 > >>pdns_control notify-host example.com 174.36.24.251 > >> > >> > >>But still received unsuccessful notification that you can see in below log: > >>Feb 6 02:18:02 powerdns pdns[30068]: Notification request to host > >>68.71.141.22 for domain 'example.com' received > >>Feb 6 02:18:03 powerdns pdns[30068]: Received unsuccessful > >>notification report for 'example.com' from 68.71.141.22:53, rcode: 5 > >>Feb 6 02:18:03 powerdns pdns[30068]: Removed from notification > >>list: 'example.com' to 68.71.141.22:53 > >> > >> > >>Please help us in how to configure auto slave notification& auto > >>axfr on Hidden Master > >> > >> > >>Our pdns.conf as per given below, > >> > >>*cat /etc/powerdns/pdns.conf* > >># Autogenerated configuration file template > >>################################# > >># add-superfluous-nsec3-for-old-bind Add superfluous NSEC3 record > >>to positive wildcard response > >># > >># add-superfluous-nsec3-for-old-bind=yes > >> > >>################################# > >># allow-axfr-ips Allow zonetransfers only to these subnets > >># > >>allow-axfr-ips= 68.71.141.22, 174.36.24.251 > >> > >> > >>################################# > >># allow-recursion List of subnets that are allowed to recurse > >># > >># allow-recursion=0.0.0.0/0 > >>#allow-recursion=127.0.0.1 > >> > >>################################# > >># any-to-tcp Answer ANY queries with tc=1, shunting to TCP > >># > >># any-to-tcp=no > >> > >>################################# > >># cache-ttl Seconds to store packets in the PacketCache > >># > >># cache-ttl=20 > >> > >>################################# > >># chroot If set, chroot to this directory for more security > >># > >># chroot=./ > >> > >>################################# > >># config-dir Location of configuration directory (pdns.conf) > >># > >> config-dir=/etc/powerdns > >> > >>################################# > >># config-name Name of this virtual configuration - will rename > >>the binary image > >># > >># config-name= > >> > >>################################# > >># control-console Debugging switch - don't use > >># > >># control-console=no > >> > >>################################# > >># daemon Operate as a daemon > >># > >>daemon=yes > >> > >>################################# > >># default-ksk-algorithms Default KSK algorithms > >># > >># default-ksk-algorithms=rsasha256 > >> > >>################################# > >># default-ksk-size Default KSK size (0 means default) > >># > >># default-ksk-size=0 > >> > >>################################# > >># default-soa-mail mail address to insert in the SOA record if > >>none set in the backend > >># > >># default-soa-mail= > >> > >>################################# > >># default-soa-name name to insert in the SOA record if none set > >>in the backend > >># > >># default-soa-name=a.misconfigured.powerdns.server > >> > >>################################# > >># default-ttl Seconds a result is valid if not set otherwise > >># > >># default-ttl=3600 > >> > >>################################# > >># default-zsk-algorithms Default ZSK algorithms > >># > >># default-zsk-algorithms=rsasha256 > >> > >>################################# > >># default-zsk-size Default KSK size (0 means default) > >># > >># default-zsk-size=0 > >> > >>################################# > >># disable-axfr Disable zonetransfers but do allow TCP queries > >># > >>disable-axfr=no > >> > >>################################# > >># disable-tcp Do not listen to TCP queries > >># > >>disable-tcp=no > >> > >>################################# > >># distributor-threads Default number of Distributor (backend) > >>threads to start > >># > >># distributor-threads=3 > >> > >>################################# > >># do-ipv6-additional-processing Do AAAA additional processing > >># > >># do-ipv6-additional-processing=yes > >> > >>################################# > >># edns-subnet-option-number EDNS option number to use > >># > >># edns-subnet-option-number=20730 > >> > >>################################# > >># edns-subnet-processing If we should act on EDNS Subnet options > >># > >># edns-subnet-processing=no > >> > >>################################# > >># entropy-source If set, read entropy from this file > >># > >># entropy-source=/dev/urandom > >> > >>################################# > >># experimental-direct-dnskey EXPERIMENTAL: fetch DNSKEY RRs from > >>backend during DNSKEY synthesis > >># > >># experimental-direct-dnskey=no > >> > >>################################# > >># experimental-json-interface If the webserver should serve JSON data > >># > >># experimental-json-interface=no > >> > >>################################# > >># experimental-logfile Filename of the log file for JSON parser > >># > >># experimental-logfile=/var/log/pdns.log > >>experimental-logfile=/var/log/pdns.log > >>################################# > >># fancy-records Process URL and MBOXFW records > >># > >># fancy-records=no > >> > >>################################# > >># guardian Run within a guardian process > >># > >># guardian=no > >> > >>################################# > >># include-dir Include *.conf files from this directory > >># > >># include-dir= > >> > >>################################# > >># launch Which backends to launch and order to query them in > >># > >># launch= > >> > >>################################# > >># load-modules Load this module - supply absolute or relative path > >># > >># load-modules= > >> > >>################################# > >># local-address Local IP addresses to which we bind > >># > >>#local-address=0.0.0.0 > >> > >> > >>################################# > >># local-ipv6 Local IP address to which we bind > >># > >># local-ipv6= > >> > >>################################# > >># local-port The port on which we listen > >># > >># local-port=53 > >> > >>################################# > >># log-dns-details If PDNS should log DNS non-erroneous details > >># > >>log-dns-details=on > >> > >>################################# > >># log-dns-queries If PDNS should log all incoming DNS queries > >># > >># log-dns-queries=no > >> > >>################################# > >># log-failed-updates If PDNS should log failed update requests > >># > >># log-failed-updates= > >> > >>################################# > >># logging-facility Log under a specific facility > >># > >># logging-facility= > >> > >>################################# > >># loglevel Amount of logging. Higher is more. Do not set below 3 > >># > >>loglevel=4 > >> > >>################################# > >># lua-prequery-script Lua script with prequery handler > >># > >># lua-prequery-script= > >> > >>################################# > >># master Act as a master > >># > >>master=yes > >> > >>################################# > >># max-cache-entries Maximum number of cache entries > >># > >># max-cache-entries=1000000 > >> > >>################################# > >># max-ent-entries Maximum number of empty non-terminals in a zone > >># > >># max-ent-entries=100000 > >> > >>################################# > >># max-queue-length Maximum queuelength before considering situation lost > >># > >>max-queue-length=5000 > >> > >>################################# > >># max-tcp-connections Maximum number of TCP connections > >># > >># max-tcp-connections=10 > >> > >>################################# > >># module-dir Default directory for modules > >># > >># module-dir=/usr/local/lib > >> > >>################################# > >># negquery-cache-ttl Seconds to store negative query results in > >>the QueryCache > >># > >># negquery-cache-ttl=60 > >> > >>################################# > >># no-shuffle Set this to prevent random shuffling of answers - > >>for regression testing > >># > >># no-shuffle=off > >> > >>################################# > >># out-of-zone-additional-processing Do out of zone additional processing > >># > >># out-of-zone-additional-processing=yes > >> > >>################################# > >># overload-queue-length Maximum queuelength moving to packetcache only > >># > >># overload-queue-length=0 > >> > >>################################# > >># pipebackend-abi-version Version of the pipe backend ABI > >># > >># pipebackend-abi-version=1 > >> > >>################################# > >># prevent-self-notification Don't send notifications to what we > >>think is ourself > >># > >># prevent-self-notification=yes > >> > >>################################# > >># query-cache-ttl Seconds to store query results in the QueryCache > >># > >># query-cache-ttl=20 > >> > >>################################# > >># query-local-address Source IP address for sending queries > >># > >># query-local-address=0.0.0.0 > >> > >>################################# > >># query-local-address6 Source IPv6 address for sending queries > >># > >># query-local-address6=::1 > >>query-local-address6= > >> > >>################################# > >># query-logging Hint backends that queries should be logged > >># > >>#query-logging=yes > >> > >>################################# > >># queue-limit Maximum number of milliseconds to queue a query > >># > >># queue-limit=1500 > >> > >>################################# > >># receiver-threads Default number of receiver threads to start > >># > >># receiver-threads=1 > >> > >>################################# > >># recursive-cache-ttl Seconds to store packets for recursive > >>queries in the PacketCache > >># > >># recursive-cache-ttl=10 > >> > >>################################# > >># recursor If recursion is desired, IP address of a recursing nameserver > >># > >>#recursor=38.126.54.11 > >> > >>################################# > >># retrieval-threads Number of AXFR-retrieval threads for slave operation > >># > >># retrieval-threads=2 > >> > >>################################# > >># send-root-referral Send out old-fashioned root-referral instead > >>of ServFail in case of no authority > >># > >># send-root-referral=no > >> > >>################################# > >># server-id Returned when queried for 'server.id' TXT or NSID, > >>defaults to hostname > >># > >># server-id= > >> > >>################################# > >># setgid If set, change group id to this gid for more security > >># > >># setgid= > >> > >>################################# > >># setuid If set, change user id to this uid for more security > >># > >># setuid= > >> > >>################################# > >># signing-threads Default number of signer threads to start > >># > >># signing-threads=3 > >> > >>################################# > >># slave Act as a slave > >># > >># slave=no > >> > >>################################# > >># slave-cycle-interval Reschedule failed SOA serial checks once > >>every .. seconds > >># > >># slave-cycle-interval=60 > >> > >>################################# > >># slave-renotify If we should send out notifications for slaved updates > >># > >># slave-renotify=no > >> > >>################################# > >># smtpredirector Our smtpredir MX host > >># > >># smtpredirector=a.misconfigured.powerdns.smtp.server > >> > >>################################# > >># soa-expire-default Default SOA expire > >># > >># soa-expire-default=604800 > >> > >>################################# > >># soa-minimum-ttl Default SOA minimum ttl > >># > >># soa-minimum-ttl=3600 > >> > >>################################# > >># soa-refresh-default Default SOA refresh > >># > >># soa-refresh-default=10800 > >> > >>################################# > >># soa-retry-default Default SOA retry > >># > >># soa-retry-default=3600 > >> > >>################################# > >># soa-serial-offset Make sure that no SOA serial is less than this number > >># > >># soa-serial-offset=0 > >> > >>################################# > >># socket-dir Where the controlsocket will live > >># > >># socket-dir=/var/run > >> > >>################################# > >># tcp-control-address If set, PowerDNS can be controlled over TCP > >>on this address > >># > >># tcp-control-address= > >> > >>################################# > >># tcp-control-port If set, PowerDNS can be controlled over TCP on > >>this address > >># > >># tcp-control-port=53000 > >> > >>################################# > >># tcp-control-range If set, remote control of PowerDNS is > >>possible over these networks only > >># > >># tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, > >>172.16.0.0/12, ::1/128, fe80::/10 > >> > >>################################# > >># tcp-control-secret If set, PowerDNS can be controlled over TCP > >>after passing this secret > >># > >># tcp-control-secret= > >> > >>################################# > >># traceback-handler Enable the traceback handler (Linux only) > >># > >># traceback-handler=yes > >> > >>################################# > >># trusted-notification-proxy IP address of incoming notification proxy > >># > >># trusted-notification-proxy= > >> > >>################################# > >># urlredirector Where we send hosts to that need to be url redirected > >># > >># urlredirector=127.0.0.1 > >> > >>################################# > >># version-string PowerDNS version in packets - full, anonymous, > >>powerdns or custom > >># > >># version-string=full > >> > >>################################# > >># webserver Start a webserver for monitoring > >># > >># webserver=no > >> > >>################################# > >># webserver-address IP Address of webserver to listen on > >># > >># webserver-address=127.0.0.1 > >> > >>################################# > >># webserver-password Password required for accessing the webserver > >># > >># webserver-password= > >> > >>################################# > >># webserver-port Port of webserver to listen on > >># > >># webserver-port=8081 > >> > >>################################# > >># webserver-print-arguments If the webserver should print arguments > >># > >># webserver-print-arguments=no > >> > >>################################# > >># wildcard-url Process URL and MBOXFW records > >># > >>wildcard-url=yes > >>################################## > >>module-dir=/usr/lib64 > >>socket-dir=/var/run/pdns-server > >>setuid=powerdns > >>setgid=powerdns > >>launch=gmysql > >>gmysql-host=127.0.0.1 > >>gmysql-user=powerdns > >>gmysql-password=xxxx > >>gmysql-dbname=xxxx > >> > >> > >> > >> > >>Kindly suggest us or give steps which requires in conf file of pdns > >>for setting up Hidden Master DNS server. > >> > >>Awaiting your kind reply. > >> > >>Thanks > >> > >> > >> > >>On 02/06/2014 12:05 PM, sajid-gmail wrote: > >>>Hello, > >>> > >>>I have installed PowerDNS Authoritative Server 3.3 on centos. > >>> > >>>when I allow axfr IPs in master then I got follwing below Error, > >>> > >>>Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve > >>>'x:x:x:x::x' for notifying 'example.com' to server: Unable to send > >>>notify to [2607:f0d0:1004:82::4]:53: Network is unreachable > >>>Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve > >>>'x:x:x:x::x' for notifying 'example.com' to server: Unable to send > >>>notify to [2607:f0d0:3001:90::4]:53: Network is unreachable > >>>Feb 5 22:25:30 powerdns pdns[18815]: Error trying to resolve > >>>'x:x:x:x::x' for notifying 'example.com' to server: Unable to send > >>>notify to [2607:fc88:1001:1::4]:53: Network is unreachable > >>>Feb 5 22:25:30 powerdns pdns[18815]: Query: select > >>>id,name,master,last_check,type from domains where type='SLAVE' > >>>Feb 5 22:25:30 powerdns pdns[18815]: Query: select > >>>id,name,master,last_check,notified_serial,type from domains where > >>>type='MASTER' > >>>Feb 5 22:25:30 powerdns pdns[18815]: Query: select > >>>content,ttl,prio,type,domain_id,name from records where type='SOA' > >>>and name='example.com' > >>>Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve > >>>'x:x:x:x::x' for notifying 'example.com' to server: Unable to send > >>>notify to [2607:f0d0:1004:82::4]:53: Network is unreachable > >>>Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve > >>>'x:x:x:x::x' for notifying 'example.com' to server: Unable to send > >>>notify to [2607:f0d0:3001:90::4]:53: Network is unreachable > >>>Feb 5 22:25:39 powerdns pdns[18815]: Error trying to resolve > >>>'x:x:x:x::x' for notifying 'example.com' to server: Unable to send > >>>notify to [2607:fc88:1001:1::4]:53: *Network is unreachable* > >>> > >>> > >>>Note : x:x:x:x::x (IPv6 address) > >>> > >>>AXFR setting in master: > >>>cat /etc/powerdns/pdns.conf | grep -v "#" | grep axfr > >>>allow-axfr-ips= 192.168.0.1 192.168.1.11 > >>>disable-axfr=no > >>> > >>>Why it is go for IPv6 ip which I am not mentioned in axfr settings, > >>>Why I got "*Network is unreachable*" > >>> > >>>Please help me or give me some steps to resolve this issue. > >>>Please share me with some links that are usefull in this kind of issue, > >>>Or let me know How to stop ipv6 setting in pdns.conf. > >>> > >>> > >>>Awaiting your kind reply. > >>> > >>>Thanks > >>> > >>_______________________________________________ > >>Pdns-users mailing list > >>Pdns-users@mailman.powerdns.com > >>http://mailman.powerdns.com/mailman/listinfo/pdns-users > >
signature.asc
Description: Digital signature
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
