Re: [Pdns-users] Request for Help with PowerDNS + Recursor Configuration for Final Year Project

On 07/05/2025 15:16, Nacho Oppo wrote: I believe I may not have explained the scenario clearly in my previous messages. Let me try to clarify it with a simplified example, which might better illustrate the situation: * I have a server *A* with IP address *dirip-A*. When this server

Re: [Pdns-users] Request for Help with PowerDNS + Recursor Configuration for Final Year Project

On 07/05/2025 09:04, Nacho Oppo via Pdns-users wrote: The goal is to configure PowerDNS so that it first checks an A record in a MySQL backend, and if the record is not found o if database does´not respond, it should forward the query to an external DNS server, such as Google’s (8.8.8.8). Fir

Re: [Pdns-users] Migration to a single 10.in-addr.arpa Reverse Zone

On 30/04/2025 09:19, Alessandro Lota via Pdns-users wrote: If a specific reverse zone like a /24 exists, it could have precedence over a /8 during resolution (NOT TESTED!!!). On the auth server: this will be fine. Many servers host a domain and its sub-domains: this is normal practice. On th

Re: [Pdns-users] successful installation of recursor 5.2 on non-systemd

On 11/04/2025 15:38, Curtis Maurand wrote: https://doc.powerdns.com/authoritative/running.html That documentation is for PDNS Authoritative. I believe you were talking about PDNS Recursor, which is a different piece of software. Source release tarballs for both can be found here: https://d

Re: [Pdns-users] successful installation of recursor 5.2 on non-systemd

On 10/04/2025 14:16, Curtis Maurand via Pdns-users wrote: I know that powerdns has dropped support for systems that don't run systemd Citation Needed™.  There is optional systemd integration, but AFAICS it is not required: https://doc.powerdns.com/recursor/appendices/compiling.html?highlight

Re: [Pdns-users] Problem with Linode NS Servers

On 13/03/2025 14:59, rob777 via Pdns-users wrote: # My Powerdns Recursor cant resolve stuff from the NS Servers ns1.linode.com  , ns2.linode.com , ns3.linode.com # You starting point should be to send test DNS queries

Re: [Pdns-users] failover on NXDOMAIN

On 07/02/2025 11:51, Pavel Prostin wrote: Should I maintain RPZ records on this auxiliary server for internal hosts manually? My understanding is that RPZ only overrides responses and does not forward queries for unknown records. RPZ overrides responses, but any RR which doesn't have an RPZ ma

Re: [Pdns-users] failover on NXDOMAIN

On 07/02/2025 10:54, Brian Candler via Pdns-users wrote: I've done this successfully with bind9. I've never tried it with pdns-recursor but it appears to be fully supported: https://doc.powerdns.com/recursor/lua-config/rpz.html Oh, and there's a blog about it: https://bl

Re: [Pdns-users] failover on NXDOMAIN

On 07/02/2025 10:31, Pavel Prostin via Pdns-users wrote: I’m trying to configure the PowerDNS recursor to failover on NXDOMAIN. Here is the scenario: There are two DNS zones: internal and external. The problem is that *.example.com can either be used for an internal or

Re: [Pdns-users] Letsencrypt integration

On 17/12/2024 11:41, Roberto Greiner via Pdns-users wrote: is there any documentation on using letsencry´t's certbot automated with PowerDNS for creating wildcard certificates? Do you definitely need to use certbot? If so, one option might be to use RFC2136 dynamic DNS updates with TSIG: htt

Re: [Pdns-users] txt record not returning a value

On 08/11/2024 15:18, Curtis Maurand via Pdns-users wrote: From the sql query “select * from records where domain_id=’47’ and type=’txt’” I get | 638 |       47 | circadianinfo.com._report._dmarc.xyonet.com | TXT  | v=DMARC1 Dig returns nothing. ; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> txt

Re: [Pdns-users] Authoritative PDNS gives back non-authoritative Answers for records

On 02/11/2024 09:13, sth...@nethelp.no wrote: Newer versions of BIND don't show this behavior, as far as I can see. That's true: below is using 9.11.3 which is the oldest I have around. # dig @127.0.0.1 powerdns.com. a ; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> @127.0.0.1 powerdns.com. a ; (1

Re: [Pdns-users] Authoritative PDNS gives back non-authoritative Answers for records

On 02/11/2024 08:12, rob777 via Pdns-users wrote: >Only answers directly coming from an authoritative server are supposed to set the aa bit I found some internet stuff where someone claims that the AA flag is even not set  if the answer comes from a cache in some constellations (bind cache)

Re: [Pdns-users] pdns-r, what upstream server is it conferring with?

On 30/10/2024 14:46, A G via Pdns-users wrote: I'm struggling to see where or how the upstream DNS server pDNS-Recursor is looking up requests on It doesn't use an upstream DNS recursor (unless you explicitly configure it to). It finds and queries authoritative servers on the Internet,

Re: [Pdns-users] Preferred filename of recursor settings

On 10/09/2024 11:56, Otto Moerbeek wrote: Whether to read .yml or .conf include files is determined by the format of mai settings file, not the name. I understand that. Let me rephrase: is a brand new installation going to install the (yaml) configuration as "recursor.conf" or "recursor.yml"?

[Pdns-users] Preferred filename of recursor settings

At https://doc.powerdns.com/recursor/yamlsettings.html it says: /Starting with version 5.1.0, in the absence of a recursor.yml file, an existing recursor.conf will be processed as YAML, if that fails, it will be processed as old-style configuration. Packages will stop installing a old-style re

Re: [Pdns-users] Question about recurring log SQL error upon upgrading to 4.7.3 due to Debian upgrade from 11.x to 12.6

On 09/08/2024 07:34, Chris Moody via Pdns-users wrote: Just to add a bit more, I found this exact issue listed on github but have applied the proposed fix and am still experiencing the daemon failure. https://github.com/PowerDNS/pdns/issues/11892 Is there any possibility that the database in

Re: [Pdns-users] Question about behavior when settings invalid IP in domain A record

On 27/07/2024 10:07, Jan-Piet Mens via Pdns-users wrote: DOMANIN.TLD IN A 185.99.65. interesting IP address. Indeed.  The OP emphasised that this is literally the invalid IP address they put in. If the first three octets are correct then the prefix belongs to a Czech internet exchange.

Re: [Pdns-users] Question about behavior when settings invalid IP in domain A record

On 26/07/2024 21:27, Jorge Bastos via Pdns-users wrote: DOMANIN.TLD IN A 185.99.65. I inserted that exact invalid IP. It is by design by RFC? If you gave the true domain, we could answer you within a few seconds. But without seeing the true domain and hence the actual problem, we're play

Re: [Pdns-users] Signing one entry with pdnsutil

On 12/07/2024 15:38, Brian Candler via Pdns-users wrote: Just to clarify: there is no "public key" involved in Letsencrypt. It's just a random challenge, and it's just a TXT record. So all you need to learn is how to add a TXT record to your zone - and then remove it aft

Re: [Pdns-users] Signing one entry with pdnsutil

On 12/07/2024 15:15, Roberto Greiner via Pdns-users wrote: In the procedure documented in https://pdnsmanager.org/documentation/letsencrypt/, it says to add the public key to the record using PDNS manager. Just to clarify: there is no "public key" involved in Letsencrypt. It's just a random c

Re: [Pdns-users] pdns-recursor zone-forward block and allow lists

On 30/04/2024 08:23, Jan Gardian via Pdns-users wrote: tcpdump: " 17:31:22.071802 IP 192.168.0.101.41941 > pdns-recursor.domain: 65094+ [1au] A? liveaqest.live. (55) 17:31:22.072588 IP pdns-recursor.55092 > dns.google.domain: 5457+% [1au] A? liveaqest.live. (43) 17:31:22.090703 IP dns.google.do

Re: [Pdns-users] How to config pdns to send notification to addres not in "IN NS" record.

On 12/03/2024 13:11, Bino Oetomo wrote: The zone record editing is done via CPanel webUI. There is "zone editor" in that UI and thats the one I use itu. Via that UI, I just change single IN A record of one record. Then it becomes a question of how CPanel integrates with pdns, and since I beli

Re: [Pdns-users] How to config pdns to send notification to addres not in "IN NS" record.

On 12/03/2024 11:40, Bino Oetomo wrote: I run --> tcpdump -vv --interface eth1 port 53 at powerdns box , got no traffic indicating notification sent. But when I restart the bind9 service at the slave, tcpdump shows some traffic to and from slave. So still IMHO my pdns box did not send any noti

Re: [Pdns-users] How to config pdns to send notification to addres not in "IN NS" record.

On 12/03/2024 10:41, Bino Oetomo via Pdns-users wrote: dear all I have a cpanel box with powerdns as it's DNS server. it's IP address is 192.168.1.101 ... zone "domain0.bino" { type secondary; file "/var/named/domain0.bino.db"; primaries {103.30.144.60;}; }; 103.30.144.60 != 192.168.1.10

Re: [Pdns-users] [EXT] Re: remote backend

That code is incomplete and not runnable. What is "[0:netip]" for example? More importantly, what is "c" when you do c.Write(data) ? However, there is also an unstated question here, which is "how are the requests and responses delimited when PowerDNS using the unixsock remote backend?"  You'r

Re: [Pdns-users] Short Name Resolution

On 29/11/2023 21:32, t...@garayfam.com wrote: So, create my local domain (something.lan) and put all my entries in that then configure the clients to use something.lan as the default search domain? Yes, that's the way. However it would be better to use a subdomain of a real domain that you

Re: [Pdns-users] Short Name Resolution

On 29/11/2023 20:27, Tim Garay via Pdns-users wrote: How can I setup PDNS to resolve short names? I would like to be able to resolve something like “testserver” to 192.168.1.1.  No domain. Generally this is the job of the stub resolver on the client, to expand "testserver" to "testserver.so

Re: [Pdns-users] remote backend

On 29/11/2023 14:04, Alexis Fidalgo wrote: So, by now, i dont know what is making for a query to be answered and another not (timeout) and in a retry is answered ok. (this is why i thought on speed and considered the unix socket but now i know it’s not that) Put logging in your remote backend

Re: [Pdns-users] remote backend

On 29/11/2023 10:19, Alexis Fidalgo wrote: by the responder, what im not understanding is, why in 2 different languages (golang and python) i get the same behavior. Well, you haven't shown the code from either. It would be extremely inefficient for PowerDNS to open a new connection for eve

Re: [Pdns-users] remote backend

On 29/11/2023 00:07, Alexis Fidalgo via Pdns-users wrote: I think i found why this is not working, as you can see below, socket is connected and first message is sent (the initialize message), which is answered and the response is read ({“result”: true}). Problem is (and i’ve testing with gola

Re: [Pdns-users] remote backend

On 28/11/2023 18:10, Walter Parker via Pdns-users wrote: Unclear as to what you mean by “remote backend connected using Unix sockets” See: https://doc.powerdns.com/authoritative/backends/remote.html "Remote backend" in this case means "out-of-process", not necessarily on a different server.

Re: [Pdns-users] Share DNS-Records between two zones/views (internal & external)

On 15/11/2023 17:11, Sebastian Neumann via Pdns-users wrote: 3. Install a Response Policy Zone (RPZ) in the recursor to *override* the results provided by the auth for queries from internal clients Thanks a lot for that hint, I will look into that. I guess you are talking about this bit here? h

Re: [Pdns-users] Share DNS-Records between two zones/views (internal & external)

On 15/11/2023 14:53, sebastian-n-95--- via Pdns-users wrote: Hey, I am considering migrating my current BIND-Based setup to PowerDNS. For multiple zones, I currently have split-view in bind, so that I can define DNS-Records available only for internal clients. To achieve this, I have the fol

Re: [Pdns-users] LUA for "filter-aaaa-on-v4"

On 30/10/2023 09:10, Djerk Geurts via Pdns-users wrote: Your right that once dual stack is enabled on parts of the network and in clients, then we'll need to be mindful of this. But, I would expect most dual stack clients to default to querying DNS using IPv6. In fact as we control the client

Re: [Pdns-users] Logging to /var/log/messages

On 14/09/2023 15:32, Ian Goldstein (BLOOMBERG/ 120 PARK) wrote: The log entry that appears in my pdns.log is: Sep 14 09:07:52 xx-232 pdns[1380]: AXFR of domain 'foo.bar.com' to 1.2.3.4 finished The entry that appears in /var/log/messages: Sep 14 09:26:30 xx-209 pdns_server: AXFR of dom

Re: [Pdns-users] Logging to /var/log/messages

On 13/09/2023 22:48, Ian Goldstein (BLOOMBERG/ 120 PARK) via Pdns-users wrote: While I am successfully logging to /var/log/pdns.log, I am also logging to /var/log/messages which I do not want. That question is entirely about rsyslog and not powerdns, but in short you'll need something like thi

Re: [Pdns-users] Recursor forwarder DoT configuration

On 08/09/2023 15:50, Christoph via Pdns-users wrote: - does it validate the server certificate? how do I configure the name when performing certificate verification? Not answering your questions about PDNS recursor specifically, but I'll just point out that 1.1.1.1:853 and 1.0.0.1:853 both ha

Re: [Pdns-users] DNSSEC error

On 18/08/2023 10:12, Huber, Peter via Pdns-users wrote: Thank you, I understand, that our server is not authoritative for .de. bur it seems our zone is no longer signed, but it was signed in the past. There's a DS record in the parent zone: $ dig @a.nic.de. uni-wh.de. ds uni-wh.de.        8640

Re: [Pdns-users] DNSSEC error

On 18/08/2023 08:53, Huber, Peter via Pdns-users wrote: i have strange thing using the pdns resolver. My domain uni-wh.de was ok for a long time, now there seems to be a DNSSEC problem and I don’t know where this comes from, nor how to fix this. What I am testing: delv @193.175.243.110 uni-

Re: [Pdns-users] listen on net iface

On 28/07/2023 10:07, Klaus Darilion via Pdns-users wrote: PS: This sound like you want to run PDNS in an active-standby HA-setup with a "hot" standby If it were me, I'd have a pair of dnsdist instances (with the floating IP moving between those), which in turn point to the real servers behind

Re: [Pdns-users] Cannot update server-id

On 26/05/2023 12:01, Kevin P. Fleming via Pdns-users wrote: I'm pretty sure those are unrelated IDs, and the 'localhost' in the API URLs cannot be changed. Confirmed at https://doc.powerdns.com/authoritative/http-api/server.html In the PowerDNS Authoritative Server, the|server_id|is always|lo

Re: [Pdns-users] SSL Proxy with PowerDNS

On 04/05/2023 18:21, Tom Barrett via Pdns-users wrote: I'm looking for a solution for running an SSL proxy with PowerDNS. This is a service that will auto-generate SSL certs (such as letsencrypt) for each zone. I think you might be confusing several concepts here, most of which are nothing to

Re: [Pdns-users] Strange behaviour with ALIAS/CNAME records

On 17/04/2023 14:56, Andrea Biancalani wrote: Using the PowerDNS-admin GUI from github https://github.com/PowerDNS-Admin/PowerDNS-Admin In that case, I'd suggest your best starting point is to raise your problem as an issue with that project, since that's what you're actually interacting wit

Re: [Pdns-users] Strange behaviour with ALIAS/CNAME records

On 17/04/2023 14:05, Andrea Biancalani wrote: after I've applied with success above example.com zone (as you notice in attached image) You appear to be using some sort of (unspecified) front-end web application.  It could be editing zone files directly, or it could be making direct SQL update

Re: [Pdns-users] Strange behaviour with ALIAS/CNAME records

I suggest you specify the version of pdns authoritative you're running, otherwise this isn't reproducible by anyone.  Also what backend you're using and how you're adding/removing records, although I'm guessing it's probably the bind backend. On 17/04/2023 12:50, Andrea Biancalani via Pdns-us

Re: [Pdns-users] (no subject)

On 14/03/2023 06:45, Raghvendra Choudhary via Pdns-users wrote: I want to put the DNS of google in the *forwarder* in the recursor.conf but i am unable to resolve the DNS form the *forwarder. *Please help me to get this configuration in the right way. The setting you need is forward-zones-recu

Re: [Pdns-users] reverse zone ipv4 and ipv6

On 01/02/2023 20:05, Vinícius Dalcin wrote: where am i going wrong? (Aside: it's hard to read screenshots rather than text, and I can't copy paste from them) I can't explain why it's not working, but I do see a few odd things. 1. Where does /etc/resolv.conf point on your host? I note that

Re: [Pdns-users] reverse zone ipv4 and ipv6

On 01/02/2023 18:13, Vinícius Dalcin via Pdns-users wrote: good I made some adjustments and as for the ipv4 this functional. When to ipv6 I get REFUSED query response. Can you show what configuration you made, the exact query you made, and the exact response you got back? Please make sure y

Re: [Pdns-users] Creating a www CNAME in powerDNS Admin (mysql backend) automatically pointing to @

On 23/01/2023 12:10, Andrea Biancalani wrote: my default template for new hosting is similar to this @ SOA ... @ NS ... @ MX ... @ A 192.0.2.1 @ 2001:db8::1 www A 192.0.2.1 www 2001:db8::1 but if I try to use this template @ SOA ... @ NS ... @ MX ... @ ALIAS www. /*(added final d

Re: [Pdns-users] Creating a www CNAME in powerDNS Admin (mysql backend) automatically pointing to @

On 23/01/2023 08:39, Andrea Biancalani via Pdns-users wrote: Hello there, do you know if it is possible with pdns Admin GUI (using mysql backend) Questions about a particular third-party project which integrates with PDNS would be better raised with that third-party project. There are doze

Re: [Pdns-users] Glue records in PowerDNS and MySQL backend

On 11/01/2023 15:13, Carsten Schmitz via Pdns-users wrote: Hello, My case is a bit complicated: I run a PowerDNS  server with a zone "firstdomain.org" which is using a name server name ns1.seconddomain.org . Please read: https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-

Re: [Pdns-users] stupid recursor question [SOLVED]

On 07/12/2022 18:47, Curtis Maurand via Pdns-users wrote: dig doesn't return an error ... root@sirius:~# dig sirius.xyonet.com ; <<>> DiG 9.16.33-Debian <<>> sirius.xyonet.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10323 To be clear: SERVF

Re: [Pdns-users] stupid recursor question

On 06/12/2022 17:41, Curtis Maurand via Pdns-users wrote: You can use either xyonet.com or cybernexus.net And the pdns-auth server which you are referring to is ns1.xyonet.com or ns2.xyonet.com?  Or is it neither of these, and is a hidden primary? FYI, ns2.xyonet.com is not responding at th

Re: [Pdns-users] stupid recursor question

On 06/12/2022 17:06, Curtis Maurand via Pdns-users wrote: On the authoritative server I host a domain that I'll call domain.tld as the example. It really helps if you give the real domain, since many problems can be diagnosed easily by querying the auth nameserver. See https://blog.powerdns.

Re: [Pdns-users] CNAME Resoluion

On 05/12/2022 17:58, Tony Annese via Pdns-users wrote: [Error] Record 'enterpriseenrollment.icdf3.org IN CNAME enterpriseenrollment.manage.microsoft.com' in zone 'icfd3.org' is out-of-zone. Read the error carefully. Hint: icdf3.org != icfd3.org :-) ___

Re: [Pdns-users] CNAME Resoluion

On 05/12/2022 05:03, Tony Annese via Pdns-users wrote: Here is the unobfuscated data. Thank you, because that now makes it possible to help you: $ dig +norec @ns.whidbey.net. sip.icfd3.org. any ... ;; ANSWER SECTION: sip.icfd3.org.        3600    IN    TXT    "v=spf1 mx include:ess.barracuda

Re: [Pdns-users] Remove zombie/dead zones on superslave server

On 30/11/2022 10:35, Andrea Biancalani via Pdns-users wrote: is there a way to be noticed on master's GUI (or slave) of zombie/dead zones in superslave server? Which GUI? Don't you know about PowerDNS-Admin GUI? https://github.com/PowerDNS-Admin/PowerDNS-Admin "Which GUI" is a fair questi

Re: [Pdns-users] What are the differences between PowerDNS Authoritative Server and Recursor?

On 25/11/2022 22:10, Michael Hallager (personal) via Pdns-users wrote: This mailing list, like all the other industry ones, is a place for people with some background experience to come and ask a specific and clearly stated question. The context and terms of this list are clearly stated here -

Re: [Pdns-users] Configure Powerdns and check if the domain which is not present in Powerdns is tranferring the traffic to 8.8.8.8 .

On 18/11/2022 09:42, Raghvendra Choudhary via Pdns-users wrote: share me some sample entries  which is insert to the databases.  so it wll easy for me I want to copy all the domain entries which is present in the my hosts file. I'd suggest that you start by reading the PowerDNS documentation,

Re: [Pdns-users] SNAT and notify messages

On 17/11/2022 22:48, Michael Hallager via Pdns-users wrote: I recommend you fix your underlying issues now by getting all your servers onto the same net block or net blocks which can route between each other without NAT. Also I'd suggest fixing the other underlying issue, which is that a sin

Re: [Pdns-users] pdns-recursor ecs support config designs

On 08/11/2022 09:20, Robby Pedrica via Pdns-users wrote: The CDN services work correctly when a branch uses the ISP-assigned DNS for that specific branch/link. But as mentioned, it's difficult to manage these DNS entries when you have many branches across the world (180 sites with 2 different

Re: [Pdns-users] About "null MX"

On 31/10/2022 11:37, De Gubellini via Pdns-users wrote: Do you know from which version of the authoritative server "Null MX" was supported? This should be the RFC https://www.rfc-editor.org/rfc/rfc7505 I am asking this because I have an old version of powerdns that I can't upgrade in a short t

Re: [Pdns-users] IPv6 PTR with gmysql backend

On 20/10/2022 14:17, qutic development via Pdns-users wrote: Thank you Brian for taking note! That was my bad in the email cause I changed the real ipv6-address into a sample one. https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/ ___

Re: [Pdns-users] IPv6 PTR with gmysql backend

On 20/10/2022 12:55, qutic development via Pdns-users wrote: In the domains-table there is a record with name "0.0.0.0.0.8.b.d.1.0.0.2.ip6.arpa." That's wrong. It should be 0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa - that is, the original address is really 2001:0db8::/48 (when you write out all 4 hex

Re: [Pdns-users] Protobuf - Telegraf

On 01/10/2022 07:28, Otto Moerbeek via Pdns-users wrote: The protobuf streams add a framing header of two bytes of length per protobuf message. The receiving side has to take that into account. Perhaps this issue (still open) is relevant: https://github.com/influxdata/telegraf/issues/6025 _

Re: [Pdns-users] Is there any option to change the custom RRSIG signature validity in DNSSEC?

On 31/08/2022 20:28, Mohammad Ishtiaq Ashiq Khan via Pdns-users wrote: Right now, it is set to 3 weeks and after looking at the code, it seems like this is fixed at PowerDNS. Please correct me if I am wrong. No, you're correct. See: https://doc.powerdns.com/authoritative/dnssec/modes-of-opera

Re: [Pdns-users] (pdns 4.3.0 version) support for RFC2317

On 17/08/2022 00:27, Xandro Gavino via Pdns-users wrote: I just would like to confirm if the PowerDNS Authoritative Server (pdns 4.3.0 version) support the RFC2317. pdns 4.3.0 doesn't support anything, because it's end-of-life and unsupported: https://doc.powerdns.com/authoritative/appendic

Re: [Pdns-users] How to hide pdns authoritative server banner

On 11/07/2022 16:22, Wafa BEN KHOUD via Pdns-users wrote: Can you please explain how to hide pdns authoritative server banner? Do you mean the version.bind CHAOS TXT record?  If I google "powerdns version.bind chaos txt" then I get this as the first hit: https://doc.powerdns.com/authoritativ

Re: [Pdns-users] LUA script for primary server

On 06/06/2022 11:34, Djerk Geurts wrote: Maybe if I add some examples: 1.2.3.4.5.6.e164.arpa. NAPTR “some text with sip call routing info: AAA” *.4.5.6.e164.arpa. NAPTR “some different sip call routing info: BBB” A query for 9.9.9.4.5.6.e164.arpa. will result in BBB A query for 1.2.3.4.5.6.e164

Re: [Pdns-users] LUA script for primary server

On 06/06/2022 10:52, Djerk Geurts via Pdns-users wrote: Jun 06 11:28:29 host.example.com pdns_server[3559402]: Fatal error: Trying to set unknown setting 'lua-dns-script’ "lua-dns-script" is not a valid setting for pdns authoritative server. See: https://doc.powerdns

Re: [Pdns-users] Pdns Authoritative

On 30/05/2022 16:45, Wafa BEN KHOUD via Pdns-users wrote: s it possible to configure pdns slave with fixed content records? And how to do it? As example: master records for zone "test.com " are NS "ns.test.com " and MX "mx.test.com " an

Re: [Pdns-users] SOA request MariaDB backend

On 10/05/2022 09:17, Jan-Piet Mens via Pdns-users wrote: dig @127.0.0.1 zone-name.bo soa +norec zone-name.bo is NXDOMAIN. The longer version of that answer is here: https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/ ___ Pdn

Re: [Pdns-users] Questions about PowerDNS - CNAME@APEX, Capacity, management, etc...

On 06/05/2022 18:02, Jan-Piet Mens via Pdns-users wrote: CNAME @ APEX questions: There is no such thing. "No CNAME and other data" is the rule. Fired off too quickly. RFC 1912 2.4 clarifies this [1] And don't forget that there is the ALIAS pseudo resource record for this purpose. https:

Re: [Pdns-users] DNAME randomly failing on Linux clients

On 06/04/2022 10:44, Adam Cecile wrote: If at all possible, I'd suggest you simply run auth and recursor bound to separate IP addresses - whether that be on the same host, or in VMs or containers.  Then you point your clients at your recursor IP(s), your NS records at your auth server hostname(

Re: [Pdns-users] DNAME randomly failing on Linux clients

On 06/04/2022 10:25, Adam Cecile via Pdns-users wrote: I need some recursion / logging facilities so I added on top of them (same machine) pdns-recursor or dnsdist. I first went for recursor but ended up thinking dnsdist was more flexible (especially on filtering updates / axfr, you're right).

Re: [Pdns-users] DNAME randomly failing on Linux clients

If I understand that right: you have dnsdist and auth running on the local server, and recursor is on a remote server? If your requirements are simple, for basic DNS querying you may not need dnsdist at all.  Just run the recursor on port 53, and use forward-zones / forward-zones-recurse as yo

Re: [Pdns-users] DNAME randomly failing on Linux clients

On 06/04/2022 09:36, Adam Cecile via Pdns-users wrote: Any idea what's going on here, I'm completely lost. I guess my DNAME usage is somehow incorrect but I don't understand why it's working intermittently (and always with pure DNS call using dig...) Just a thought, but does your system use sy

Re: [Pdns-users] zone forwarding in 4.0.6

On 04/04/2022 23:57, Brian Lehnhardt via Pdns-users wrote: It seems like this should just work, but perhaps I am missing something. I'm using an older version of pdns as you can see from my config, and I can't seem to find any documentation on this older version. Any idea what I'm doing wrong

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On 17/03/2022 15:50, Pepe Charli wrote: But the idea is to have in the future a file forward-zones-file of the type test1.com =192.168.1.1 test2.com =192.168.1.2 .=192.168.68.63, 192.168.68.64 I think dnsdist is better for that application - it's what it's d

Re: [Pdns-users] ddns: no A records created, only PTR

On 17/03/2022 15:37, Patrick Bervoets via Pdns-users wrote: ddns-domainname "psc-elsene.be"; ddns-rev-domainname "in-addr.arpa."; zone psc-elsene.be { primary 127.0.0.53; key dhcpdupdate; } zone 103.103.10.in-addr.arpa. { primary 127.0.0.53; key dhcpdupdate; } ...   set ddns-client-fqdn = "vpc2

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On 17/03/2022 15:26, Pepe Charli wrote:      In the traces only the domain has been changed to test.com      192.168.68.63 and 192.168.68.64 are autoritatives for this domain.      Both resolver and authoritative are only used internally with private IPs Are 192.168.68.63/64

Re: [Pdns-users] PDNS Recursor and forward-zones-file

Hmm, see also: https://github.com/PowerDNS/pdns/issues/10638 https://github.com/PowerDNS/pdns/pull/10643 But this was backported to the 4.4 branch, and should be present in recursor 4.4.7: https://github.com/PowerDNS/pdns/pull/10654 ___ Pdns-users

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On 17/03/2022 12:04, Pepe Charli via Pdns-users wrote: The recursor is configured to forward all zones to other DNS servers forward-zones-file=/path/to/file and the file itself contains .=192.168.68.63, 192.168.68.64 If you're forwarding the whole world then you need a plus sign for the reque

Re: [Pdns-users] Immediate update visibility

Thanks to Otto for explaining about the recursor notify feature in 4.6.0 - this is very cool and I wasn't aware of it. I think the OP is observing two different problems, and that would solve one of them. ___ Pdns-users mailing list Pdns-users@mailm

Re: [Pdns-users] Immediate update visibility

On 09/03/2022 07:08, Daniel Miller via Pdns-users wrote: Anyway, after all that - when I make a change to a domain record using pdnsutil or an external tool using the API - the changes are immediately applied to the zone but are not immediately visible through the recursor. To make that happen

Re: [Pdns-users] Low ttl with combination of forward zones makes queries fail

On 08/02/2022 12:24, Thomas Mieslinger via Pdns-users wrote: But remember, pdns_recursor does not do background checking whether a Nameserver is alive. Background checking is only done by dnsdist afaik. That's a good point.  dnsdist continuously sends one query per second to each backend to c

Re: [Pdns-users] Low ttl with combination of forward zones makes queries fail

On 08/02/2022 12:08, Prochazka via Pdns-users wrote: Pdns recursor config: ... forward-zones= forward-zones+=some.domain.tld=AUTH1_ipv6 forward-zones+=some.domain.tld=AUTH1_ipv4 forward-zones+=some.domain.tld=AUTH2_ipv6 forward-zones+=some.domain.tld=AUTH2_ipv4 forward-zones+=some.domain.tld=AU

Re: [Pdns-users] PowerDNS Recursor Performance and Tuning

On 19/01/2022 09:54, Hamed Haghshenas via Pdns-users wrote: How can I secure my dns Recursor? I try read document about dnssec in powerdns wiki but can’t understand what should I do ? https://doc.powerdns.com/recursor/dnssec.html In short: dnssec=validate _

Re: [Pdns-users] How to make Authoritative work?

On 18/01/2022 15:03, jrd-p...@jrd.org wrote: Let's get back to my original question: How do I get pdns, with no recursor in the picture, to believe that it's authoritative for a zone? (Presumably by "pdns" you mean "pdns authoritative server") When I it hit with a query, I get root@f3-kong

Re: [Pdns-users] How to make Authoritative work?

On 18/01/2022 14:38, jrd-p...@jrd.org wrote: . . . but when I query direct to the pdns, it also doesn't say it's authoritative. See previous mail. Sorry, I missed that mail.  Did you send a dig directly to port 5300?  I didn't catch that. I probably need to go back and re-read the DNS spec

Re: [Pdns-users] How to make Authoritative work?

On 18/01/2022 13:55, jrd-p...@jrd.org wrote: Oops. Yes. Port 53 has a pdns-recursor listening on it, which is feeding requests to pdns. Want the recursor config too? No need.  You asked why the response didn't have the AA flag set, and the answer is because the response came from a recursor

Re: [Pdns-users] How to make Authoritative work?

On 18/01/2022 12:19, jrd via Pdns-users wrote: root@f3-kong-dyndns /etc/powerdns # dig jrd.org soa @localhost ; <<>> DiG 9.16.22 <<>> jrd.org soa @localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58908 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, A

Re: [Pdns-users] PowerDNS Recursor Performance and Tuning

On 16/01/2022 09:41, Hamed Haghshenas via Pdns-users wrote: quiet=no I need the logs and should export domains to my analyzer platform . There are more scalable ways of doing this.  The "standards-compliant" way is dnstap: https://dnstap.info/ https://docs.powerdns.com/recursor/lua-config/p

Re: [Pdns-users] PowerDNS with LDAP backend / TFTP-Server for PXE boot

On 13/01/2022 19:00, Stefan Harbich via Pdns-users wrote: I have set up a PowerDNS server with an LDAP backend. I would like to install a TFTP server and wanted to ask if I can set up the following in the PowerDNS LDAP backend? ... When configuring your DHCP server you will need to add the ‘next-

Re: [Pdns-users] PDNS Recursor - force IPv6

On 16/11/2021 08:57, Otto Moerbeek wrote: I set "query-local-address=0.0.0.0,::" to allow the recursor to use both. I think since 4.5 we do the right thing and*only* use v6 if you set query-local-address=:: But that has the consequence that a lot of (v4 only) nameservers become unreachable.

Re: [Pdns-users] PDNS Recursor - force IPv6

On 16/11/2021 08:29, Otto Moerbeek via Pdns-users wrote: Is there possible to get similar to unbound command to force usage of IPv6 in PDNS Recursor? prefer-ip6: If enabled, prefer IPv6 transport for sending DNS queries to internet nameservers. Default is no. Thanks, No, we do not hav

Re: [Pdns-users] Best practice for serving a few public domains + auth/recursion for VMs & VPN clients

On 04/10/2021 13:44, Patrick Laimbock via Pdns-users wrote: New to the list & PowerDNS. Pleased to meet you. I have about 50 domains, 10 VMs and 10 VPN clients I would like to setup DNS for. I went through DuckDuckGo and a bunch of ML archives but did not find any hints of a best practice archi

Re: [Pdns-users] error which prevented lookup Out of range exception

On 30/09/2021 17:39, Oliver Dzombic via Pdns-users wrote: In 4.3 Versions this SOA record worked: ns3.isp4p.net hostmas...@isp4p.net 2006040100 Now with a new server ns3.cloud-interactive.de i...@cloud-interactive.de 2021093000 or ns3.cloud-interactive.de 2021093000 or ns3.cloud-interactiv

Re: [Pdns-users] Prevent external lookup of (private) subdomains

On 23/09/2021 14:31, inform...@trinaxab.se wrote: I don't necessarily need to use PowerDNS for the ACME DNS server, so I might employ bind with the former plugin instead, since it's only going to be a minimal DNS configuration. Exactly.  You can stand up a separate nameserver purely for respo

  1   2   3   4   >