----- Original Message ----- > From: "Otto Moerbeek" <o...@drijf.net> > To: "bill pye" <bill....@phoenix-systems.co.uk> > Cc: "Pdns-users" <Pdns-users@mailman.powerdns.com> > Sent: Monday, 22 June, 2020 12:40:58 > Subject: Re: [Pdns-users] Problem configuring rpz
> On Mon, Jun 22, 2020 at 09:57:13AM +0000, Bill Pye via Pdns-users wrote: > >> Hi all >> >> I'm a home user of your excellent software and by no means an expert in DNS. >> A >> while ago I was experimenting with setting-up rpz files on my DNS servers, >> that >> all worked OK. Recently I've been trying to configure the rpz via AXFR from >> ioc2rpz here: [ https://ioc2rpz.net/ | https://ioc2rpz.net/ ] >> >> After a bit of trial and error (normal for me!) I have this working quite >> well >> but I did hit a 'problem' and have a couple of questions. >> >> While reading the documentation of the feed it mentioned that the feeds were >> updated every thirty minutes, PDNS-recursor documentation states that the >> zones >> default is used if not specified in the config file: >> >> "refresh >> >> >> >> An integer describing the interval between checks for updates. By default, >> the >> RPZ zone’s default is used" >> >> >> >> >> That sounded reasonable so I left that alone and started with one feed which >> contained four records. Strangely that resulted in an IXFR being done every >> second, I left that running for a while (i.e. for about 12 hours) and it >> never >> stopped. Is this a bug and should I file one on github? >> >> >> >> >> >> Next a question, the documentation states the Refresh is an "integer" but it >> doesn't mention that it's a per-second "integer" - should that be added to >> the >> documentation? . Could the fact that if it's left empty be responsible for my >> once-per-second IXFR? As the feed said it was updated every thirty minutes >> override that once-per-second? >> >> The relevant SOA record from my feed is this: >> >> dns-bh.ioc2rpz. 604800 IN SOA ioc2rpz-srv1.ioc2rpz.net. ioc2rpz.ioc2rpz.com. >> 1591664280 43200 900 2592000 7200 >> >> Obviously that has a refresh of 15 minutes which is not the 30 mins the >> document >> says but should my once-per-second IXFR be happening with that SOA? Once I >> added a refresh to my rpzmaster entry it all worked as expected. :) >> >> I hope that all makes sense but if I've missed something or it isn't too >> clear >> then just let me know. >> >> Regards >> >> >> Bill > > Please always tell which version you are using. > > An issue that sounds very much lkike what you are seeing was fixed in > https://github.com/PowerDNS/pdns/pull/8778. This is also in 4.3.1 > > For older versions, you should set a refresh interval explicitly. > > As for the feed's data update interval vs their published refresh > interval in their SOA record, I think yo have to contact the feed source. > > -Otto Otto It seems to be one of those days, here's the version for the list: PDNS: 4.3.0 PDNS-recursor: 4.3.0 DNSDIST: 1.5.0 rc3 Regards Bill _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
