at 08:43:20AM +0100, Thomas Mieslinger via Pdns-users
wrote:
While analyzing a spam run, I found the following queries and responses
for the not delegated domain YALRDRK.net
For _dmarc.ja<> the queries and responses look as expected.
For default._bimi.jaqg<> a SERVFAIL is returne
While analyzing a spam run, I found the following queries and responses
for the not delegated domain YALRDRK.net
For _dmarc.ja<> the queries and responses look as expected.
For default._bimi.jaqg<> a SERVFAIL is returned by instead of the
expected NXDOMAIN.
For _bimi.jaqgs<> the gtld nameserver
Hi all,
I switched an Active Directory Zone to IXFR instead of AXFR.
When doing AXFR all records have "auth=1" in the MySQL Backend.
When doing IXFR the individually updated records get "auth=0" including
the SOA record. Consequently the zone is not served anymore by PowerDNS.
What can I chang
Hi all,
there were some Messages here that MariaDB 10.6.11 is not performing well.
I saw that now 10.6.12 is out.
Anyone already using it?
Cheers
Thomas
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman
Hi William,
DIM (https://github.com/1and1/dim) implements this "find most specific
zone" for forward and reverse zones. It automatically moves records when
you create a more specific zone.
Cheers Thomas
On 2/2/23 17:25, William Edwards via Pdns-users wrote:
Hi,
Is anyone aware of an existing
On 11/26/22 20:33, William Edwards wrote:
Thomas Mieslinger via Pdns-users schreef op 2022-11-26 16:21:
10.6.11 is even worse than 10.6.10.
I've not had any problems before 10.6.11.
Are you saying that you have?
Yes. Tracked here https://jira.mariadb.org/browse/MDEV-29843
We went ba
10.6.11 is even worse than 10.6.10.
We went back to 10.6.10 because System Load went to 120+... We've
automated restarting MariaDB after coredump.
If we could, we would go back to 10.5
Am 26.11.22 um 14:45 schrieb William Edwards via Pdns-users:
Hi,
Are people on this mailing list seeing incr
Am 24.10.22 um 01:46 schrieb Christoph via Pdns-users:
Hi,
we have the following setup running on debian 11 bare metal servers and
doing about 250 qps:
This is rather low.
> [..]
Is this unexpected or not unusual?
If unusual: what would be the usual ways to further track this issue down?
> I'm studying the deployement of new pdns recursor on ubuntu 22.
So you need pdns_recursor package, which is available.
dnsdist is not needed for a recursor setup. Maybe you layout your plans
a bit more so that we understand why you need dnsdist.
Thomas
On 9/21/22 10:15, Henri Nougayrede via
Am 08.02.22 um 13:34 schrieb Otto Moerbeek:
On Tue, Feb 08, 2022 at 01:24:03PM +0100, Thomas Mieslinger via Pdns-users
wrote:
In my experience pdns_recursor (okay, I tested only with older versions)
will not retry fast enough to have a 100% user experience.
It is worth the trouble to
In my experience pdns_recursor (okay, I tested only with older versions)
will not retry fast enough to have a 100% user experience.
I moved to bgp with my internal auth addresses. The auths check themself
and announce their service IP only if they are ready to answer.
If you don't have the chanc
I changed the systemd unit pdns@.service to
ExecStart=/usr/sbin/pdns_server --socket-dir=%t/pdns-%i
--config-dir=/etc/pdns/%i --config-name=%i --guardian=no --daemon=no
--disable-syslog --log-timestamp=no --write-pid=no
Then pdns@INTERNO would read the startup configuration from
/etc/pdns/INTERN
Please use the rec_control trace-regex command to see what the recursor
actually does.
I guess it is verifying the data from the delegation in the
authoritative zone.
I have not yet had the time to test the zoneToCache feature, I'm
currently using https://github.com/miesi/nsrrsetd to keep the ca
For reasons, I have been unable to debug, my recursive servers
frequently only do IPv4 although IPv6 connected and authoritatives are
also IPv6 connected.
Warming the recursors caches with dig ns-with-.example.com let
the recursor learn that the zones are also available over IPv6 with a
Internet -> auth (for serving the public zones)
does also work
VMs/VPN clients -> recursor (put internal zones in forward.zones) ->auth
Cheers Thomas
On 10/4/21 2:44 PM, Patrick Laimbock via Pdns-users wrote:
Hi,
New to the list & PowerDNS. Pleased to meet you. I have about 50
domains, 10 VM
Hi,
Am 22.09.21 um 08:50 schrieb Thomas Mieslinger via Pdns-users:
Hi Peter,
Am 21.09.21 um 18:20 schrieb Peter van Dijk via Pdns-users:
Hello Thomas,
On Tue, 2021-09-21 at 13:53 +0200, Thomas Mieslinger via Pdns-users
wrote:
[..]
Can you try aggressive-nsec-cache-size=0 (on 4.5.1) and/or
Hi Peter,
Am 21.09.21 um 18:20 schrieb Peter van Dijk via Pdns-users:
Hello Thomas,
On Tue, 2021-09-21 at 13:53 +0200, Thomas Mieslinger via Pdns-users
wrote:
dog.80 IN NSEC domains. NS DS RRSIG NSEC
This looks like aggressive NSEC reuse (
https://datatracker.ietf.org
Hi,
we're experiencing the problem that pdns_recursor (4.3.5 and 4.5.1)
answers with the information from the . zone instead of what we have
configured in forward.zone.
Some configuration details (please name the setting you additionally
need to diagnose the problem further)
forward.zones:
...
Suggestions from older threads (Klaus Darrilon):
- Put that zone in a more efficent Backend (he suggested lmdb)
- Put that zone in a more efficent Software (he suggested nsd) and use
dnsdist to route the traffic to the alternate Software
Very old suggestion:
- Use a firewall uint32 match to loc
Am 18.06.21 um 06:16 schrieb Daniel Miller via Pdns-users:
I've tried (and failed) to implement this previously - I'd like to try
again. I haven't found an explicit example for this in the pdns
documentation - possibly because this is a "straight" DNS question and
*shouldn't* be implementation
Am 16.06.21 um 12:27 schrieb Alessandro Dentella via Pdns-users:
Hi,
[..]
When clicked it notify:
"Added retrieval request for 'domain-name.' from master ip-addr"
Are there more log lines? Like "unable to find backend to host zone"?
"unable to transfer"?
Maybe your old provider does not s
If I'd have a list of domains/zones to copy,
I'd add them to the zones table in the db,
set master ip to the old servers ip,
run pdns_util transfer zone (see help),
update setting in domains table to type master,
update ns records of transfered zones to new names,
tell my registrar to update deleg
Indeed, which business need do you need to solve with this
active-passive HA?
I have sort of a active-passive HA for my HA customer slave DNS Servers.
One Server announces the service IP with local preference 900, the other
with 901. All traffic is sent by the network routers to the Server
announ
your other domains, so the blast
radius is greatly reduced.
Kind Regards,
Frank
On Jun 4, 2021, at 8:48 AM, Thomas Mieslinger via Pdns-users
wrote:
Hi,
as it seems to work for you, why change. Sounds like you are using all
modern technologies which are available.
I run a setup for million
Hi,
as it seems to work for you, why change. Sounds like you are using all
modern technologies which are available.
I run a setup for millions of zones which was designed when dnsdist was
not yet written.
Instead of separating dnsdist, pdns authoritative and mariadb on
separate vms, I run maria
Hi John,
On 5/12/21 12:50 AM, John Von Essen via Pdns-users wrote:
[ Lots of Background info deleted ]
My question is for a random server in Dublin, hitting pdns-recursor on
localhost with those 3 forwarders, how is the traffic distributed? Does it go
to the first one listed, and then only i
The content column is not indexed, so it might take a long time for the
database to figure out which records need to be changed.
At mysql/mariadb is mvcc (multi version concurrency control) so your
table stays readable (powerdns can create answers) during updates.
On 3/23/21 1:22 AM, Kevin P. Fl
Hi,
I wouldn't be able to sleep if I had to make sure to keep 5M zones
consistent with AXFR/IXFR.
Having a database with a tranaction-ids and where I can monitor "slave
seconds behind master" on the slaves makes my job doable.
I think I have not yet understood your concern about scaling horizon
Back in time we had a setup of chained pdns-auth Servers where one pdns
signed the zone and another did a full axfr which was replicated using
db replication to readonly pdnses with public ips.
This way we worked around the need for private keys in databases in colo
datacenters. With your opendns
The way to scale is to have a config management that allows easy setup
of many servers running the MySQL + PDNS Stack.
On 11/17/20 10:47 AM, Jianan Wang via Pdns-users wrote:
Hi there,
Recently I’m trying out PowerDNS, and I’m pretty enjoy the flexibility
and abundant API and Powedns admin UI c
. 09. 20 v 9:23 Thomas Mieslinger via Pdns-users napsal(a):
In my opinion this needs to be fixed at the authoritative end.
These repeated recursive queries tend to produce retry waves. So
recursors would need to implement a quadratic backoff or similar.
Just from my mind... I took over authoritative
In my opinion this needs to be fixed at the authoritative end.
These repeated recursive queries tend to produce retry waves. So
recursors would need to implement a quadratic backoff or similar.
Just from my mind... I took over authoritative DNS for a hoster. They
claimed to have ddos problems. I
On 9/10/20 3:40 PM, Christian Degenkolb wrote:
what is a reasonable low value for udp-truncation-threshold? I tried
with 900 and 600 (as low as half the default value) but found no
improvements.
I use 1220 because the always recommended 1232 does not work for me with
IPv6.
Some months ago the
Hi Christian,
Hetzner might filter ip fragments. Please try if your situation gets
better if you set udp-truncation-threshold to a reasonable low value.
By default pdns-recursor does dnssec. I would like to suggest to set
+dnssec on your dig queries.
A possible workaround for the vmware.com pro
Hi,
I have tried a long time to get it working with rsyslog etc.
But finally I have moved on to journald. Now I have readable, per pdns
instance logfiles.
so start pdns with --disable-syslog
add
log-timestamp=no
to pdns.conf
gives you readable logs per pdns instance you can easily read using
Hi Mike,
> Anyone want to (gently) shoot me down?
not really.
Of course, the correct fix would be to fix the authoritative setup.
You could do some research on your end to see how many requests your
servers are doing towards the service provider. Maybe you run in some
sort of rate lim
36 matches
Mail list logo
