[Pdns-users] Record delegation to 3rd party NS
Hi All, Using PowerDNS 64-bit debian package, version 3.2-1 from http://www.powerdns.com/content/downloads.html with gMySQL backend and NO DNSSEC. Operating system: Ubuntu Server 12.04 LTS 64-bit. Trying to set up DNS record delegation to 3rd party NS. I have domain mydoman.com, which is served by my PowerDNS authoritative name server. I have record e.g. jabber.mydomain.com, which resolution I would like to delegate to DynECT name servers. In ISC BIND9 I just put something like "jabber IN NS ns1.p27.dynect.net." in zone file, and jabber.mydomain.com starts to be resolved from DynECT name servers, while other records from domain mydomain.com are still resolved from my name servers. But when I add "jabber.mydomain.com NS ns1.p27.dynect.net" into PowerDNS it does not work, while reporting record "jabber.mydomain.com" does not exist. BTW I've tried to add "glue record" for ns1.p27.dynect.net, but it does not help. Dear community, could you please point me to some kind of solution? Thanks! ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Record delegation to 3rd party NS
Hi, Of course! Output of "SELECT * FROM records WHERE name='jabber.mydomain.com'": +-+---+-+--++--+--+--+-+ | id | domain_id | name| type | content| ttl | prio | auth | change_date | +-+---+-+--++--+--+--+-+ | 251 |31 | jabber.mydomain.com | NS | ns1.p27.dynect.net | 300 | 0 |1 | 1358585654 | | 261 |31 | jabber.mydomain.com | NS | ns2.p27.dynect.net | 300 | 0 |1 | 1358585654 | | 271 |31 | jabber.mydomain.com | NS | ns3.p27.dynect.net | 300 | 0 |1 | 1358585654 | | 281 |31 | jabber.mydomain.com | NS | ns4.p27.dynect.net | 300 | 0 |1 | 1358585654 | +-+---+-+--++--+--+--+-+ Thanks in advance! On 29.01.2013 16:48, Aki Tuomi wrote: On Tue, Jan 29, 2013 at 04:40:41PM +0400, iva...@vvpgroup.com wrote: Hi All, Using PowerDNS 64-bit debian package, version 3.2-1 from http://www.powerdns.com/content/downloads.html with gMySQL backend and NO DNSSEC. Operating system: Ubuntu Server 12.04 LTS 64-bit. Trying to set up DNS record delegation to 3rd party NS. I have domain mydoman.com, which is served by my PowerDNS authoritative name server. I have record e.g. jabber.mydomain.com, which resolution I would like to delegate to DynECT name servers. In ISC BIND9 I just put something like "jabber IN NS ns1.p27.dynect.net." in zone file, and jabber.mydomain.com starts to be resolved from DynECT name servers, while other records from domain mydomain.com are still resolved from my name servers. But when I add "jabber.mydomain.com NS ns1.p27.dynect.net" into PowerDNS it does not work, while reporting record "jabber.mydomain.com" does not exist. BTW I've tried to add "glue record" for ns1.p27.dynect.net, but it does not help. Dear community, could you please point me to some kind of solution? Thanks! Can you please send us the records in your database as they are there, it might help to spot the problem. Aki -- Best Regards Ivan Ilves Systems Architect VVP Group Phone: +7495 660 5795 GSM: +7925 545 7440 Fax: +7495 223 3400 iva...@vvpgroup.com www.vvpgroup.com ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Record delegation to 3rd party NS
Hi, SELECT * FROM domains WHERE id = 31; ++--++++-+-+ | id | name | master | last_check | type | notified_serial | account | ++--++++-+-+ | 31 | mydomain.com | NULL | NULL | NATIVE |NULL | NULL| ++--++++-+-+ dig @yourpdns jabber.mydomain.com any ; <<>> DiG 9.8.1-P1 <<>> @10.X.X.X jabber.mydomain.com any ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25446 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;jabber.mydomain.com. IN ANY ;; AUTHORITY SECTION: jabber.mydomain.com.300 IN NS ns1.p27.dynect.net. jabber.mydomain.com.300 IN NS ns2.p27.dynect.net. jabber.mydomain.com.300 IN NS ns3.p27.dynect.net. jabber.mydomain.com.300 IN NS ns4.p27.dynect.net. ;; Query time: 3 msec ;; SERVER: 10.X.X.X#53(10.X.X.X) ;; WHEN: Tue Jan 29 17:20:59 2013 ;; MSG SIZE rcvd: 121 On 29.01.2013 18:13, Jan-Piet Mens wrote: And how about SELECT * FROM domains WHERE name='jabber.mydomain.com' Sorry, I meant SELECT * FROM domains WHERE id = 31; Also, a dig @yourpdns jabber.mydomain.com any might help. -JP ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users -- Best Regards Ivan Ilves Systems Architect VVP Group Phone: +7495 660 5795 GSM: +7925 545 7440 Fax: +7495 223 3400 iva...@vvpgroup.com www.vvpgroup.com ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Record delegation to 3rd party NS
Dear friends, I do not use DNSSEC. I've checked my database - it's consistent. My real DNS name is jabber.vvpgroup.com I've switched my zone from NATIVE to MASTER and back with not effect. Does anybody use PowerDNS for record delegation to external NS at all? I've found some topics about NS delegations in PowerDNS, all unanswered. Looks sad :( On 29.01.2013 20:52, James Cloos wrote: "iic" == ivan i@vvpgroup com writes: iic> | 31 | mydomain.com | NULL | NULL | NATIVE |NULL | NULL| Change that NATIVE to MASTER to permit AXFR mirroring to your secondaries. -JimC -- Best Regards Ivan Ilves Systems Architect VVP Group Phone: +7495 660 5795 GSM: +7925 545 7440 Fax: +7495 223 3400 iva...@vvpgroup.com www.vvpgroup.com ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Record delegation to 3rd party NS
Hi Aki and James, Yes, now jabber.vvpgroup.com works, but that's because I've rolled back to old BIND9 installation. If you do "dig @212.47.212.211jabber.vvpgroup.com" you will see the real sad picture. It looks like gMySQL backend does not support record delegation to 3rd-party NS at all. I mean gMySQL backend can resolve only its own records, if record is outside MySQL, it will not be resolved by gMySQL backend. Currently I see only one way to deal with delegated records: create a pipe backend based "resolver" that will resolve delegated records by directly querying DynECT servers. And James, yes, I've read documentation, my monkey-actions around zone types were caused more by despair than by ignorance. Really :) Thanks for a great discussion, folks! On 30.01.2013 20:19, Aki Tuomi wrote: I checked with dig. ~$ dig jabber.vvpgroup.com jabber.vvpgroup.com.54 IN A 89.219.152.4 and dig ns jabber.vvpgroup.com ;; ANSWER SECTION: jabber.vvpgroup.com.205 IN NS ns3.p27.dynect.net. jabber.vvpgroup.com.205 IN NS ns1.p27.dynect.net. jabber.vvpgroup.com.205 IN NS ns4.p27.dynect.net. jabber.vvpgroup.com.205 IN NS ns2.p27.dynect.net. To me, this looks like everything works as expected. Except for this: ~$ dig soa jabber.vvpgroup.com vvpgroup.com. 60 IN SOA ns1.p27.dynect.net. admin.tzolkin.com. 1359347191 3600 600 604800 60 Aki Tuomi On Wed, Jan 30, 2013 at 08:00:02PM +0400, iva...@vvpgroup.com wrote: Dear friends, I do not use DNSSEC. I've checked my database - it's consistent. My real DNS name is jabber.vvpgroup.com I've switched my zone from NATIVE to MASTER and back with not effect. Does anybody use PowerDNS for record delegation to external NS at all? I've found some topics about NS delegations in PowerDNS, all unanswered. Looks sad :( On 29.01.2013 20:52, James Cloos wrote: "iic" == ivan i@vvpgroup com writes: iic> | 31 | mydomain.com | NULL | NULL | NATIVE |NULL | NULL| Change that NATIVE to MASTER to permit AXFR mirroring to your secondaries. -JimC -- Best Regards Ivan Ilves Systems Architect VVP Group Phone: +7495 660 5795 GSM: +7925 545 7440 Fax: +7495 223 3400 iva...@vvpgroup.com www.vvpgroup.com ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users -- Best Regards Ivan Ilves Systems Architect VVP Group Phone: +7495 660 5795 GSM: +7925 545 7440 Fax: +7495 223 3400 iva...@vvpgroup.com www.vvpgroup.com ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Record delegation to 3rd party NS
Hi Aki, dig @212.47.212.211 jabber.vvpgroup.com A will NOT give you any answer about A record. So you may get Info about NS serving jabber.vvpgroup.com, but you will not get info about A-record. On 31.01.2013 13:29, Aki Tuomi wrote: Um. % dig @212.47.212.211 jabber.vvpgroup.com ;; AUTHORITY SECTION: jabber.vvpgroup.com.300 IN NS ns3.p27.dynect.net. jabber.vvpgroup.com.300 IN NS ns4.p27.dynect.net. jabber.vvpgroup.com.300 IN NS ns1.p27.dynect.net. jabber.vvpgroup.com.300 IN NS ns2.p27.dynect.net. This looks just fine to me. Aki On Thu, Jan 31, 2013 at 01:21:19PM +0400, iva...@vvpgroup.com wrote: Hi Aki and James, Yes, now jabber.vvpgroup.com works, but that's because I've rolled back to old BIND9 installation. If you do "dig @212.47.212.211jabber.vvpgroup.com" you will see the real sad picture. It looks like gMySQL backend does not support record delegation to 3rd-party NS at all. I mean gMySQL backend can resolve only its own records, if record is outside MySQL, it will not be resolved by gMySQL backend. Currently I see only one way to deal with delegated records: create a pipe backend based "resolver" that will resolve delegated records by directly querying DynECT servers. And James, yes, I've read documentation, my monkey-actions around zone types were caused more by despair than by ignorance. Really :) Thanks for a great discussion, folks! On 30.01.2013 20:19, Aki Tuomi wrote: I checked with dig. ~$ dig jabber.vvpgroup.com jabber.vvpgroup.com.54 IN A 89.219.152.4 and dig ns jabber.vvpgroup.com ;; ANSWER SECTION: jabber.vvpgroup.com.205 IN NS ns3.p27.dynect.net. jabber.vvpgroup.com.205 IN NS ns1.p27.dynect.net. jabber.vvpgroup.com.205 IN NS ns4.p27.dynect.net. jabber.vvpgroup.com.205 IN NS ns2.p27.dynect.net. To me, this looks like everything works as expected. Except for this: ~$ dig soa jabber.vvpgroup.com vvpgroup.com. 60 IN SOA ns1.p27.dynect.net. admin.tzolkin.com. 1359347191 3600 600 604800 60 Aki Tuomi On Wed, Jan 30, 2013 at 08:00:02PM +0400, iva...@vvpgroup.com wrote: Dear friends, I do not use DNSSEC. I've checked my database - it's consistent. My real DNS name is jabber.vvpgroup.com I've switched my zone from NATIVE to MASTER and back with not effect. Does anybody use PowerDNS for record delegation to external NS at all? I've found some topics about NS delegations in PowerDNS, all unanswered. Looks sad :( On 29.01.2013 20:52, James Cloos wrote: "iic" == ivan i@vvpgroup comwrites: iic>| 31 | mydomain.com | NULL | NULL | NATIVE |NULL | NULL| Change that NATIVE to MASTER to permit AXFR mirroring to your secondaries. -JimC -- Best Regards Ivan Ilves Systems Architect VVP Group Phone: +7495 660 5795 GSM: +7925 545 7440 Fax: +7495 223 3400 iva...@vvpgroup.com www.vvpgroup.com ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users -- Best Regards Ivan Ilves Systems Architect VVP Group Phone: +7495 660 5795 GSM: +7925 545 7440 Fax: +7495 223 3400 iva...@vvpgroup.com www.vvpgroup.com -- Best Regards Ivan Ilves Systems Architect VVP Group Phone: +7495 660 5795 GSM: +7925 545 7440 Fax: +7495 223 3400 iva...@vvpgroup.com www.vvpgroup.com ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
