Re: [Pdns-users] What signal to tell PDNS to shut down?

Ah! Thanks, everyone! Using `--init` did, indeed, solve all my problems. Super helpful! Learn something new every day I suppose. :-) Nick > On Jan 13, 2019, at 5:05 PM, frank+pdns--- via Pdns-users > wrote: > > Hi Bert and Nick, > > Docker will issue a SIGTERM, and assumes an app responds t

[Pdns-users] What signal to tell PDNS to shut down?

I’m working on a Docker container to run my PDNS Authoritative servers. I’m installing PDNS from repo.powerdns.com . The Docker command that is run in `pdns_server`. The `docker stop` command sends a `SIGTERM` to PID 1, waits some amount of time, and then sends SIGKILL

[Pdns-users] Confused about PDNS versions in distro package repos

I hate how confusing package versions are in distro package repos… (and that’s a systemic issue with repos, not a problem made by the fine folks here). I’m using Ubuntu 18.04 (bionic). I’m trying to decide if I can/should just use the PDNS package in its distro package repo, or if I should use

Re: [Pdns-users] pdns_recursor suddenly decided ALL dnssec queries were bogus

*facepalm* Thank you. Indeed, Ubuntu had an upgrade from 4.0.4-something to 4.0.4-something_else that included the new KSK. All fixed now. *facepalm* I feel dumb for missing that. Nick > On Oct 11, 2018, at 9:40 PM, Tom Ivar Helbekkmo wrote: > > Nick Williams writes: > >&g

[Pdns-users] pdns_recursor suddenly decided ALL dnssec queries were bogus

I’ve been running a pdns_recursor install for a little over 11 months now, and I had about 9 months’ uptime on the machine running it. Tonight, suddenly, without my making any changes, ALL DNS queries through the recursor started returning SERVFAIL. I spent the better part of an hour diagnosing

Re: [Pdns-users] Alternative way to log in pdns_recursor when OS holds Syslog hostage

So, I made some progress with disabling the Busybox syslog server (can’t remove it completely without removing Busybox, but I can disable it) and replacing it with syslog-ng (which I really like, BTW), but I’m experiencing some odd behavior with PDNS (only) writing to syslog: If I start `/usr/s

[Pdns-users] Dynamic DNS update not supported in 3.4.6?

According to this page: https://doc.powerdns.com/md/authoritative/dnsupdate/ "Starting with the PowerDNS Authoritative Server 3.4.0, DNS update support is available.” But: # pdns_server --version Jan 24 13:34:40 PowerDNS Authoritative Ser

Re: [Pdns-users] Setting up intentionally invalid DNSSEC record in auto-secure environment

> On Jan 9, 2016, at 3:28 PM, Pieter Lexis wrote: > > Hi Nick, > > On Sat, 9 Jan 2016 14:48:12 -0600 > Nicholas Williams wrote: > >> But the documentation says the opposite. It says NOT to create >> NSEC(3) records (in fact, zone2sql intentionally ignores them, even >> for presigned zones), b

Re: [Pdns-users] Setting up intentionally invalid DNSSEC record in auto-secure environment

So, I think I’ve almost got this, but I’m having a problem with the pre-signed zone’s NSEC3 RRSIGs. Here’s what I did: I already have a live-signed zone (my-zone.com) that works perfectly. A-records come with automatic RRSIGs, SOA record comes with an RRSIG, NS records come with an RRSIG, etc.

Re: [Pdns-users] Virtual servers in pdns-recursor

On Jan 8, 2016, at 9:46 AM, Pieter Lexis wrote: > > Hi Miguel, > > On Fri, 8 Jan 2016 09:16:32 -0600 > Miguel Miranda wrote: > >> Hi, i want to run several instances of pdns-recursor, is there any support >> similar to pdns virtual hosting? >> I have tried copying /etc/init.d/pdns-recursor to

[Pdns-users] Setting up intentionally invalid DNSSEC record in auto-secure environment

matic signing enabled? Thanks! Nick Williams smime.p7s Description: S/MIME cryptographic signature ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Standardized DNS Record Types Not Supported by PowerDNS

On Mar 9, 2015, at 2:42 AM, bert hubert wrote: > >> Sounds like the "Supported Record Types" page needs updating to add KX and >> IPSECKEY. > > Patches are welcome. It is very easy to update our Markdown documentation > these days. > https://github.com/PowerDNS/pdns/blob/master/docs/markdown

[Pdns-users] SOA and trailing/terminating dots (.)

PowerDNS's "Supported Record Types" page[1] says the following: > Warning: Host names and the MNAME of a SOA records are NEVER terminated with > a '.' in PowerDNS storage! If a trailing '.' is present it will inevitably > cause problems, problems that may be hard to debug. Here I'm particularly

Re: [Pdns-users] Standardized DNS Record Types Not Supported by PowerDNS

On Mar 8, 2015, at 2:51 PM, Aki Tuomi wrote: > On Sun, Mar 08, 2015 at 11:34:00AM -0500, Nick Williams wrote: >> The following are standardized DNS record types[1] that aren't supported by >> PowerDNS[2]. I was hoping someone could enlighten me as to whether there are >

[Pdns-users] Standardized DNS Record Types Not Supported by PowerDNS

The following are standardized DNS record types[1] that aren't supported by PowerDNS[2]. I was hoping someone could enlighten me as to whether there are specific reasons for not supporting them (as opposed to "nobody has gotten around to doing the work yet," which is of course understandable) an

[Pdns-users] DNSSEC - What to send to registrar?

I learned the other day that my registrar (Dotster) has no support for DNSSEC in their user interface. At first they told me that they didn't support it at all—but when I pointed out that not supporting DNSSEC is a violation of ICANN's Registrar Accreditation Agreement (RAA) effective January 1,

[Pdns-users] Do I need to run pdnssec when removing a zone?

I've recently enabled DNSSEC with the MySQL backend. I'm using the MySQL Backend for everything (including storage of zones/records). If I remove a zone completely from the MySQL domains/records tables (all data deleted), do I need to also A) Run pdnssec , B) delete anything else from MySQL, or

Re: [Pdns-users] Error Running pdnssec from PHP

Nevermind, my bad. It's not enough for the user to have read permissions on the /etc/pdns directory and /etc/pdns/pdns.conf file. The user also must have execute permissions on the /etc/pdns directory. When I added that, it worked. Thanks! Nick On Feb 27, 2015, at 12:19 PM, Nick Wil

[Pdns-users] Error Running pdnssec from PHP

I have a (secured) PHP browser GUI (that I can only access while connected to the VPN) that I use to manage my domains. I'm enabling DNSSEC, so I decided to update my PHP GUI to run the necessary pdnssec commands (secure-zone, set-nsec3, rectify-zone) when applicable. However, when I use PHP's e

[Pdns-users] pdnssec set-nsec3 for all zones

Is there not a way to set NSEC3 parameters (pdnssec set-nsec3) for all zones? There's secure-all-zones and rectify-all-zones, but nothing about set-nsec3 for all zones. That could certainly get cumbersome on very large installations. :-/ Thanks, Nick

Re: [Pdns-users] When was ordername column added to records table?

On Feb 19, 2015, at 3:05 PM, Christian Hofstaedtler wrote: > >> On 19 Feb 2015, at 22:37, k...@rice.edu wrote: >> On Thu, Feb 19, 2015 at 03:34:06PM -0600, Nick Williams wrote: >>> The schema for PDNS 3.0 shows no "ordername" column or "orderindex"

Re: [Pdns-users] When was ordername column added to records table?

On Feb 19, 2015, at 3:37 PM, k...@rice.edu wrote: > On Thu, Feb 19, 2015 at 03:34:06PM -0600, Nick Williams wrote: >> I'm a bit curious because, looking through the code history, I can't find >> any evidence of it. >> >> The schema for PDNS 3.0 shows no &qu

[Pdns-users] When was ordername column added to records table?

I'm a bit curious because, looking through the code history, I can't find any evidence of it. The schema for PDNS 3.0 shows no "ordername" column or "orderindex" index on the records table: https://github.com/PowerDNS/pdns/blob/auth-3.0/pdns/no-dnssec.schema.pgsql.sql And the upgrade instructi

[Pdns-users] Why was content length increased?

I'm upgrading to authoritative 3.4 and noticed that the records.content column has been increased from 255 characters to 64000 characters. Because my table is UTF-8, I get the following error: mysql> ALTER TABLE records MODIFY content VARCHAR(64000); ERROR 1074 (42000): Column length too big for

[Pdns-users] Currently using distro packages, want to update

I try to always use software packages from my distro package managers (OpenSUSE zypper and CentOS yum) when I can, because it's easier and it resolves all my dependencies for me. I pretty much never manually deal with RPMs (so please forgive some of my ignorance). But my distro is currently on

Re: [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS

Do you think it's possible that release candidates for 3.5 could be coming soon? =D N On Jan 12, 2015, at 6:35 AM, Peter van Dijk wrote: > Hello Nick, > > this code would be in release 3.5.0, for which no date has been set yet. > However, as said below, the autotest website has development sn

[Pdns-users] Cannot load plugin … /usr//usr/...

I just installed PowerDNS 3.1.0.6 (using package management on OpenSUSE 12.3) on a new machine and copied my MySQL database over to it. As usual, on the first time starting it I tried /etc/init.d/pdns monitor` to see the output. gmysql can't load plugins because it's doubling the first part of t

Re: [Pdns-users] Status of the LDAP backend in 3.0 release

I wanted to quickly chime in on this. I agree with the decision to move the LDAP backend into "unmaintained" status and not fix these bugs right now. If there isn't a big enough community demand to supply the resources needed to maintain it, then there likely isn't a big enough demand to make it

Re: [Pdns-users] master-slave serial problem

Just for the record, there IS a pdns package (and pdns-*-backend packages) in CentOS 5. I have several CentOS 5 machines, none of which have extra repositories like EPEL, and all of them have a pdns package either installed or installable from yum. My openSUSE 10.4 and 11.4 machines also had pdn

Re: [Pdns-users] Multi server deployment

ter backend just for this purpose. > Multiple slaves would require either master-master replication (not something > we want to pursue) or multiple instances of pdns talking to the same master > backend. Thanks for your help. > > Cheers, > Atha > > On Nov 10, 2010, at 1

Re: [Pdns-users] Multi server deployment

Atha, Let me share with you what we did at the company I used to work for (and this is an identical configuration to what I have setup for myself). We don't have master and slave PDNS servers. We have "workers" of sorts. Our master and slaves are the MySQL backends. We have a master MySQL serv

Re: [Pdns-users] Reply from unexpected source: ip#267, expected ip#53

my-ip-address refers to the IP address of the client running the host command, e.g. my notebook computer. Thanks, Nick On Oct 4, 2010, at 9:18 AM, Hugo van der Kooij wrote: > On Sat, 2 Oct 2010 11:25:53 -0500, Nick Williams > wrote: > > I have three identically-configured Powe

[Pdns-users] Reply from unexpected source: ip#267, expected ip#53

I have three identically-configured Power DNS 2.9.21 servers. Server 1 and 2 are on Centos5 "Linux version 2.6.18-028stab064.7 (r...@rhel5-64-build) (gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)) #1 SMP Wed Aug 26 13:11:07 MSD 2009" and "Linux version 2.6.18-028stab070.5 (r...@rhel5-build-x64)