On Mon, Jun 22, 2020 at 09:57:13AM +0000, Bill Pye via Pdns-users wrote: > Hi all > > I'm a home user of your excellent software and by no means an expert in DNS. > A while ago I was experimenting with setting-up rpz files on my DNS servers, > that all worked OK. Recently I've been trying to configure the rpz via AXFR > from ioc2rpz here: [ https://ioc2rpz.net/ | https://ioc2rpz.net/ ] > > After a bit of trial and error (normal for me!) I have this working quite > well but I did hit a 'problem' and have a couple of questions. > > While reading the documentation of the feed it mentioned that the feeds were > updated every thirty minutes, PDNS-recursor documentation states that the > zones default is used if not specified in the config file: > > "refresh > > > > An integer describing the interval between checks for updates. By default, > the RPZ zone’s default is used" > > > > > That sounded reasonable so I left that alone and started with one feed which > contained four records. Strangely that resulted in an IXFR being done every > second, I left that running for a while (i.e. for about 12 hours) and it > never stopped. Is this a bug and should I file one on github? > > > > > > Next a question, the documentation states the Refresh is an "integer" but it > doesn't mention that it's a per-second "integer" - should that be added to > the documentation? . Could the fact that if it's left empty be responsible > for my once-per-second IXFR? As the feed said it was updated every thirty > minutes override that once-per-second? > > The relevant SOA record from my feed is this: > > dns-bh.ioc2rpz. 604800 IN SOA ioc2rpz-srv1.ioc2rpz.net. ioc2rpz.ioc2rpz.com. > 1591664280 43200 900 2592000 7200 > > Obviously that has a refresh of 15 minutes which is not the 30 mins the > document says but should my once-per-second IXFR be happening with that SOA? > Once I added a refresh to my rpzmaster entry it all worked as expected. :) > > I hope that all makes sense but if I've missed something or it isn't too > clear then just let me know. > > Regards > > > Bill
Please always tell which version you are using. An issue that sounds very much lkike what you are seeing was fixed in https://github.com/PowerDNS/pdns/pull/8778. This is also in 4.3.1 For older versions, you should set a refresh interval explicitly. As for the feed's data update interval vs their published refresh interval in their SOA record, I think yo have to contact the feed source. -Otto _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
