Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

Hi, Sounds like a strange problem. Just to make sure it's set up correctly. Could you check that Postfix is talking to PowerDNS Recursor ? Because Postifx has a seperate resolv.conf (which gets updated when starting Postfix): /var/spool/postfix/etc/resolv.conf On Thu, Aug 18, 2016 at 02:20:25

Re: [Pdns-users] pdns-recursor 4.0.0~alpha3-1 - no DNSSEC answer?

On Fri, May 20, 2016 at 08:10:23AM +0200, Bit World Computing - Michael Mertel wrote: > Hi Leen, > > thanks for clearing this up. My approach was a bit to naive but my recursor > is now returning whats expected. > > The +dnssec Parameter is the essential trick, and dependin

Re: [Pdns-users] pdns-recursor 4.0.0~alpha3-1 - no DNSSEC answer?

On Thu, May 19, 2016 at 03:00:12PM +0200, Bit World Computing - Michael Mertel wrote: > Hi, > Hi, > I’am currently trying to get a better unterstanding of DNSSEC. But even if I > enable dnssec=process in my recursor.conf, I cannot get any DNSSEC related > answer from it. What do I’am doing wr

Re: [Pdns-users] Open mDNS Servers Report

On 2016-02-21 14:41, Steffan Noord wrote: [root@ns3 /]# netstat -nap | grep :5353 Strange that you get the report, but nothing is listening. [root@ns3 /]# I See avahi on this server. But I didn’t install it ( I think) Do I need it ? If it's a server, normally no. It's used to find hosts o

Re: [Pdns-users] Open mDNS Servers Report

On 2016-02-21 14:11, Steffan Noord wrote: That is the strange thing I cant make a telnet connection to 5353 Lsof and netstat reports nothing on that port Steffan If it's the Multicast DNS I mentioned in the other e-mail it is UDP, not TCP. So telnet won't work. __

Re: [Pdns-users] Open mDNS Servers Report

On 2016-02-21 14:00, Peter van Dijk wrote: Steffan, can you see (via ss or netstat or sockstat etc.) what process is listening on port 5353? The command you are looking for is probably: netstat -nap | grep :5353 With the process name and process ID in the last column. My guess is it's the A

Re: [Pdns-users] Setting up intentionally invalid DNSSEC record in auto-secure environment

like this idea in combination. That documentation that Pieter sent me should help me get set up with presigning. But, Leen, how would I set up a subzone delegated to the same authoritative server (or can I, even?)? Can you point me to that documentation? It's just a domain & delegation

Re: [Pdns-users] Setting up intentionally invalid DNSSEC record in auto-secure environment

On 2016-01-06 20:26, Nicholas Williams wrote: Yea, but that's the rub. I want to do this WITHOUT 'presigned zones.' I want everything else to be live-signed (because it's SO much easier than presigning), and only munge this one subdomain's RRSIGs. How about a creating a separate sub-zone with

Re: [Pdns-users] Fwd: Power DNS recursor entered failed state

On Mon, Dec 07, 2015 at 11:23:31AM +, Federico Olivieri wrote: > Hi Guys, > > Not 100% sure if is a PDNS problem but yesterday I have upgraded it (for > mistake!) via apt-get command and now I'm running the > version 0.0.410g1cfe8b4 > > Since the Upgrade the memory allocation seems not unifo

Re: [Pdns-users] Multiple A records cause AXFR failure

On 2015-11-22 12:19, a b wrote: Good idea! pdnssec check-zone dmz Error: Received NULL where a value was expected SQL> delete from records where (id = 16 or id = 66); 2 rows deleted. SQL> update zones set serial = 2015112209 where name = 'dmz'; 1 row updated. SQL> commit; Commit complete.

Re: [Pdns-users] Multiple A records cause AXFR failure

, Leen. On 2015-11-22 11:26, a b wrote: I added two A records, as follows: SQL> insert into records(id, zone_id, fqdn, content, type) values(16, (select id from zones where name = 'dmz'), 'ntp.dmz', '172.16.2.2', 'A'); 1 row created. SQL> insert

Re: [Pdns-users] Recent dnsdist updates explained in video & presentation

On Fri, Nov 20, 2015 at 01:22:55PM -0600, Steven Spencer wrote: > On 11/20/2015 09:47 AM, bert hubert wrote: > > Hi everybody, > > > > dnsdist is taking off, with more and more deployments where it is proving > > useful. If you use dnsdist and haven't told us, please feel free to let us > > know (p

Re: [Pdns-users] Problems with PowerDNS

rsor. If you have 40 Mbps as you mentioned maybe most of those queries are for other domains not stored in the database. Could it be the cache is to small to keep all those queries/domains in cache ? (note: I'm not a PowerDNS developer, they can answer such things) Hope that helps,

Re: [Pdns-users] weird trouble

On 2015-09-30 09:54, Aki Tuomi wrote: Can you run pdnssec check-zone cybernexus.net Aki Let me quess, PowerDNS is configured with DNSSEC support and the cybernexus.net zone that doesn't work because it doesn't have the auth column set: "Even if a zone is not DNSSEC secured, as long as the

Re: [Pdns-users] PDNS 3.x with PDNS 2.9.x Database Schema

On Wed, Jul 22, 2015 at 02:10:34PM +0200, Jan-Piet Mens wrote: > (no need to take this off-list) > > > the only problem is that I am doing MySQL master/slave database > > replication. upgrading the schema on the slave(s) will break the > > replication process unfortunately. > > You spoke of Power

Re: [Pdns-users] DNSSEC trouble

On Wed, May 20, 2015 at 01:34:59PM +0200, Peter Thomassen wrote: > Hi Leen, > > On 05/20/2015 12:32 PM, Leen Besselink wrote: > >> # these failed: > >> dig @ns1.desec.io +dnssec +norec desec.io DNSKEY > >> dig @ns1.desec.io +dnssec +norec desec.io A > &g

Re: [Pdns-users] DNSSEC trouble

This goes for PowerDNS 2.9.x" http://wiki.powerdns.com/trac/wiki/LargeScaleDNSSECBCP Have a good day, Leen. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] DNSSEC trouble

On Wed, May 20, 2015 at 12:26:50PM +0200, Leen Besselink wrote: > On Wed, May 20, 2015 at 12:16:02PM +0200, Peter Thomassen wrote: > > Dear experts, > > > > I'm sorry to bug you again, but I am still stuck with deploying DNSSEC > > for desec.io, and I'

Re: [Pdns-users] DNSSEC trouble

On Wed, May 20, 2015 at 12:16:02PM +0200, Peter Thomassen wrote: > Dear experts, > > I'm sorry to bug you again, but I am still stuck with deploying DNSSEC > for desec.io, and I'd like to ask for your help once more. > > I have a hidden primary which does the signing in live mode (MySQL > backend

Re: [Pdns-users] DNSSEC, pdns-recursor and libunbound

ursor to return the DNSSEC-information is more work. So now you know. Have a good weekend, Leen. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Security of DNSSEC signing (was: New to PowerDNS)

SP. Pobably they only use that for their sub-CAs (that is the certificate of the intermediate you need when you deploy for HTTPS, etc.). Does that now make you less or more concerned ? Have a good weekend, Leen. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Recursor

On Wed, Apr 23, 2014 at 01:49:17PM +0200, Johan Kooijman wrote: > Hi all, > > I'm seeing something I cannot explain. I've setup my pdns daemon to send > requests for recursions to Google DNS for now. But when I execute a host > lookup, I'm seeing this: > > *[13:35:42 jkooijman /home/jkooijman]$

Re: [Pdns-users] Insert foreign DNSKEY?

3.1. That version has an option called direct-dnskey. Which might have been available in an earlier version, but that code was still experimental. It is mentioned in the documentation here: http://doc.powerdns.com/html/dnssec-transfers.html Hope that helps. > best, > Gilles >

Re: [Pdns-users] PDNS on ispconfig 3

On Wed, Feb 26, 2014 at 09:27:42AM +0100, Steffan Noord wrote: > Im not sure if this was sent to the list i didnt recieve the e-mail myself > It did reach the list, no worries. > -Oorspronkelijk bericht- > Van: Steffan Noord [mailto:steffanno...@gmail.com] > Verzonden: dinsdag 25 februa

Re: [Pdns-users] Installation PDNS Server auf Raspberry Pi (weezy)

On Fri, Aug 16, 2013 at 02:31:56PM +0200, abang wrote: > Hi Gerald, > > it works on my Pi. So there must be a config failure on your side. > Please try > > /usr/sbin/pdns_recursor --daemon=no --trace=yes > > on commandline and try again with dig and post us the error messages > if present. > I

Re: [Pdns-users] [Pdns-dev] PowerDNS Authoritative Server 3.3 Release Candidate 1 available

ing smaller DNSKEY RRset improves interoperability > with certain validators. Closes ticket 824. > Peter, I assume this means it's still in the database and in the pdnssec output, but PowerDNS won't send it to DNS-clients ? Have a great day, Leen. __

Re: [Pdns-users] publish SPF and TXT records?

On Thu, Sep 06, 2012 at 04:54:51PM +0200, Leen Besselink wrote: > On Thu, Sep 06, 2012 at 02:35:13PM +, Marc van de Geijn wrote: > > Thanks, Arsen, for this information. > > > > Are there any statistics on the number of mailservers/... requesting SPF > > rec

Re: [Pdns-users] publish SPF and TXT records?

On Thu, Sep 06, 2012 at 02:35:13PM +, Marc van de Geijn wrote: > Thanks, Arsen, for this information. > > Are there any statistics on the number of mailservers/... requesting SPF > records instead of TXT records? > I know some of the software on our mailservers doesn't even try SPF. isc.or

Re: [Pdns-users] suspend domains

On Fri, Aug 03, 2012 at 04:44:00PM -0300, Mitsue Acosta Murakami wrote: > Hello, > > > I am using powerdns 2.9.22-8 with MySQL backend on Debian Squeeze and I > need to disable domains from pdns without deleting them. I followed > these instructions: > > http://osdir.com/ml/network.dns.powerdn

Re: [Pdns-users] DDNS support or workaround?

On 09/11/2011 11:20 AM, Jan-Piet Mens wrote: > Thomas, > >> These dhcp client >> implementation are unstable and if I had Mac addresses, dhcp client >> options and so in a database along with a history that would make >> debugging and finding devices with a bad firmware a lot easier. > I'm not sure

Re: [Pdns-users] configuring ALSO-NOTIFY support using the domain metadata table

On 08/18/2011 05:22 PM, Bauer, Steven J. wrote: >> -Original Message- >> From: bert hubert [mailto:bert.hub...@netherlabs.nl] >> Sent: Thursday, August 18, 2011 9:11 AM >> To: Bauer, Steven J. >> Cc: pdns-users@mailman.powerdns.com >> Subject: Re: [Pdns-users] configuring ALSO-NOTIFY suppor

Re: [Pdns-users] DNSSEC rectify-zone setuid and setgid

On 08/05/2011 06:31 AM, kim Doff wrote: > Hello, > Hi, > Could you help me? > Well, I can try and give you some information and pointers. > 1. > > DNSSEC Master/Slave are working faultlessly. > > I have PowerDNS v3, PowerAdmin 2.1.5 and MySQL Database Replication > With SSL Encryption. > > Here

Re: [Pdns-users] PowerDNS in an ISP environment

wn redirect than to convince an other provider to do the redirect. It keeps our DNS clean. PowerDNS doesn't mind if there is an extra table (I think it doesn't mind extra columns as you mentioned above either). Hope that helps, Leen. * Or actually the management software works

Re: [Pdns-users] Pipe-backend: ABI-v3, TXT, and DNSSEC

On 08/08/2011 11:34 PM, Leen Besselink wrote: > On 08/08/2011 06:57 PM, Jan-Piet Mens wrote: >> Hello, >> >> I was curious as to wether PowerDNS would sign records produced by the >> PIPE back-end, particularly since the release notes indicate it may be >> possibl

Re: [Pdns-users] Pipe-backend: ABI-v3, TXT, and DNSSEC

On 08/08/2011 06:57 PM, Jan-Piet Mens wrote: > Hello, > > I was curious as to wether PowerDNS would sign records produced by the > PIPE back-end, particularly since the release notes indicate it may be > possible ([3] also says "partial support"). > > I set up a small test with PowerDNS 3.0.1 [1] a

Re: [Pdns-users] powerdns recursor and dns prefix

hink you must and what to fix it then I would change the lua script to understand that domain.com should not be redirected. I would probably also keep the ttl as low as I possible to make problems you create go away as fast as possible, as low as I think the recursors can han

Re: [Pdns-users] Updating Wiki/Posting Bugs

> I tried no space a number of times and it didn't work but just tried again > and... It works.. Arghhh. Thanks > My guess is, this works really well against spammers too. ;-) ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.p

Re: [Pdns-users] Updating Wiki/Posting Bugs

On 06/17/2011 02:28 AM, Craig Whitmore wrote: > The username/password given (anon/No Spam) doesn't seem to work > on http://wiki.powerdns.com/trac > It says: no space in between > Thanks > > > > ___ > Pdns-users mailing list > Pdns-users@mailman.powerdn

Re: [Pdns-users] svn access to pdns backends

ly interested in LDAP and mongodb backends. > I see the directories and files in pdns/modules/ (not pdns/pdns/backends !!) > (Trying to probably become a hacker, now in my late days. ;-) ) > > Thanks, > Nick Hope that helps. Have a nice day, Leen. __

Re: [Pdns-users] Small site backend recommendations

On 05/21/2011 06:27 AM, Charles Sprickman wrote: > On Thu, 12 May 2011, k...@rice.edu wrote: > >> On Thu, May 12, 2011 at 03:37:24AM -0400, Charles Sprickman wrote: >>> Hello, >>> >>> We've been using the PDNS recursor for some time now and have been >>> quite >>> happy with it. It replaced dnscac

Re: [Pdns-users] CNAME pointing to URL forwarding record

On 03/31/2011 11:42 AM, Anthony Eden wrote: > > > On Thu, Mar 31, 2011 at 11:32 AM, Leen Besselink > mailto:l...@consolejunkie.net>> wrote: > > On 03/31/2011 09:18 AM, Anthony Eden wrote: > > > > > > On Wed, Mar 30, 2011 at 2:28 PM, Stefa

Re: [Pdns-users] CNAME pointing to URL forwarding record

On 03/31/2011 09:18 AM, Anthony Eden wrote: > > > On Wed, Mar 30, 2011 at 2:28 PM, Stefan Schmidt > wrote: > > Hi Anthony, > > On Wed, Mar 30, 2011 at 10:22 AM, Anthony Eden > mailto:anthonye...@gmail.com>> wrote: > > When I point a CNAME record to a

Re: [Pdns-users] pdns error sendto

On 02/25/2011 07:46 AM, Liong Kok Foo wrote: > Hi, > > I have double checked and I did configured the firewall port 53 > tcp/udp. Could it possible there are other port that need to be opened.? > > I am using APF firewall. If anyone is also using that, please share > your configuration. > > If it's

Re: [Pdns-users] Zone2sql Question

On 02/01/2011 06:40 PM, Josh Barron wrote: > Thank you Juergen, > I will give it a shot. > > Josh Barron > System Administrator | Zayo Bandwidth > Hi Juergen/Josh, I think if the filename does not match the zone but you have the domainname in the zonefile you could also try: for zonefile in `e

Re: [Pdns-users] New PowerDNS Authoritative Server snapshot with DNSSEC + Release Notes

On 01/29/2011 01:35 PM, bert hubert wrote: > On Sat, Jan 29, 2011 at 01:33:52AM +0100, Leen Besselink wrote: >> I did notice one mistake in my sqlite3-dump, the domain-id did not >> match, but adding the right id to the table didn't work either: > Leen, > > It turns ou

Re: [Pdns-users] New PowerDNS Authoritative Server snapshot with DNSSEC + Release Notes

I did notice one mistake in my sqlite3-dump, the domain-id did not match, but adding the right id to the table didn't work either: PRAGMA foreign_keys=OFF; BEGIN TRANSACTION; CREATE TABLE domains ( idINTEGER PRIMARY KEY, name VARCHAR(255) NO

Re: [Pdns-users] New PowerDNS Authoritative Server snapshot with DNSSEC + Release Notes

On 01/28/2011 09:42 PM, bert hubert wrote: > Hi Leen, > > Thanks for testing the prerelease! > No problem, I've been wanting to try out DNSSEC for a while now. >> Now it worked: >> ;; ANSWER SECTION: >> www.test.net. 3600IN CNAME web.test.n

Re: [Pdns-users] New PowerDNS Authoritative Server snapshot with DNSSEC + Release Notes

('powerdnssec.org', 'NATIVE')" | sqlite3 ./powerdns.sqlite3 So I retested, but the problem with the CNAME and sqlite3 remained when running without a DNSSEC-schema and gsqlite3-dnssec-setting. After ordering and singing and ordering the DNSSEC the CNAME problems all

Re: [Pdns-users] PowerDNSSEC Progress: ready for a first look

On Fri, Jan 07, 2011 at 11:39:59AM +0100, bert hubert wrote: > On Fri, Jan 07, 2011 at 11:24:12AM +0100, Leen Besselink wrote: > > > But their is one part I'm missing a way to hook up an EPP-client for > > sending the DS-record to the parent-zone. > > This could be

Re: [Pdns-users] PowerDNSSEC Progress: ready for a first look

ween. And some currently have EPP, but probably not many have DNSSEC yet. Anyway, when is the new DS known to PowerDNSSEC (and in the database) so communication with all parties that are involved can be initiated and how can it be recognised. Would it be enough to run some script every day fo

Re: [Pdns-users] Recursor / pdns installation help

Hello Patrick, > Each of my dns servers runs pdns and each has a slave copy of the > master pdns mysql database and in turn each server looks up the dns > locally via mysql. This has been working great for 2 years. > > The problem each server is running pdns which has a DOS vulnerability. > which

Re: [Pdns-users] Recursor / pdns installation help

On 12/21/2010 09:09 PM, Patrick Coffin wrote: > Leen, > > Thanks for the reply. We are hosting 1000's of dns records so > entering them in the forwards is not at option. > > I will take your advise to split the pdns and recursor to separate > servers. > > Should

Re: [Pdns-users] Recursor / pdns installation help

on port 5300) and use these setting: recursor= allow-recursion= http://doc.powerdns.com/all-settings.html Hope that helps. Have a nice day, Leen. > local-port=53 > > pdns.conf entries > local-address=x.x.x.x > local-port=5300 > > If I query on a domain using dig I get the following

Re: [Pdns-users] forward-zones, SSHFP and non-FQDN

On 12/08/2010 05:06 PM, Willem wrote: > Hi there, > > Happy longtime PDNS user here. I'm setting up SSHFP to be able to > utilize the openssh VerifyHostKeyDNS feature. My internal network uses > a local pdns_recursor resolver with this setting: > > forward-zones=internal=IP_OF_PDNS_AUTH_SERVER > >

Re: [Pdns-users] pdns and Windows DNS integration

On 09/03/2010 07:38 PM, Mathew Hennessy wrote: > On Aug 22, 2010, at 9:22, Leen Besselink wrote: > > >> On 08/22/2010 07:01 AM, vishal.ud wrote: >> >>> On Sunday 22 August 2010 01:35 AM, Leen Besselink wrote: >>> >>&g

Re: [Pdns-users] pdns and Windows DNS integration

On 08/22/2010 07:01 AM, vishal.ud wrote: On Sunday 22 August 2010 01:35 AM, Leen Besselink wrote: On 08/21/2010 08:30 PM, Vishal Uderani wrote: Hey , Hi Vishal, Ive managed to get a standalone installation of pdns Authoritative server up and running with a mysql backend and poweradmin

Re: [Pdns-users] pdns and Windows DNS integration

On 08/21/2010 08:30 PM, Vishal Uderani wrote: Hey , Hi Vishal, Ive managed to get a standalone installation of pdns Authoritative server up and running with a mysql backend and poweradmin interface . However , i havent found a single mention of a pdns installation integrating with a Wi

Re: [Pdns-users] PTRs and SQL queries,, autoserial?

for: 32.103.168.92.in-addr.arpa which should result in a database-query for: select content,ttl,prio,type,domain_id,name from records where name='32.103.168.92.in-addr.arpa' Hope that helps. Have a good day, Leen. What’s going sideways here? Thanks, Jared _

Re: [Pdns-users] PowerDNSSEC

On 06/24/2010 03:08 PM, Michael Braunoeder wrote: Hi, Hi, I'm currently evaluating the PowerDNSSEC implementation and found 2 issues: As no person which is more knowledgable answered your question, I thought I would answer with what I know. -) Is it possible to disable the signing-on-d

Re: [Pdns-users] PDNS Recursor and reverse lookup

swer at all. Maybe you could send us the output of the following command: grep -v '^#' recursor.conf | grep -v '^$' that way we can see what settings you've used. One thing I didn't quite understand is that bind have root.hint file but powerdns does not. Could th

Re: [Pdns-users] Recursive lookups over IPv6 failing

On 04/02/2010 09:09 PM, Brielle Bruns wrote: Hello all, Hello, I've got a weird issue, don't know if its come up before, and i'm not exactly sure where to file a bug report about it either. Server: 2.9.22 (Debian 2.9.22-3 package from sid, recompiled for lenny) Recursor: 3.2 (Debian 3.2-1

Re: [Pdns-users] Possible tcp listener issue

nd so on. Some information would be better then no information. :-) Just so you know. Have a nice day, Leen. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] lazy-recursion

(First of all: I'm not a PowerDNS-developer, so I might be wrong) On 03/04/2010 10:01 AM, Liong Kok Foo wrote: Hmm...I read the docs on recursion again (which I already read a few times) and someone this time I got it. I added google's dns server 8.8.8.8 into the recursor and now external rec

Re: [Pdns-users] Multipart TXT records

On 03/01/2010 04:53 PM, Chris Sarginson wrote: Thanks bert - there's a mention in one of the changelogs for pdns-backend-mysql rpms that this is supported (http://www.rpmfind.net/linux/RPM/opensuse/updates/11.0/x86_64/pdns-backend-mysql-2.9.21-143.5.x86_64.html and search for multi-part) Look

Re: [Pdns-users] Using root-referral

On 01/29/2010 03:30 PM, Joyce LAMBERT wrote: I'am using the option send-root-referral=lean (or yes) in my powerdns authoritative server. First the import question, why do you want to send a root-referral ? send-root-referral | --send-root-referral=yes | --send-root-referral=no | --send-root

Re: [Pdns-users] new server, cann; t make it authoritive for some reason

root wrote: > Hello all, > Hi, > how can I achieve this? what do I need to set up/configure? > If you read question 3 in the FAQ: http://doc.powerdns.com/pdns-users-faq.html You mind find you don't need it. Hope that helps. Have a nice

Re: [Pdns-users] PowerDNS & DNSSEC!

On Thu, Jul 16, 2009 at 03:08:33AM +1000, Duane at e164 dot org wrote: > Stephane Bortzmeyer wrote: Hi Duane and Stephane, > > On Wed, Jul 15, 2009 at 02:59:58AM +1000, > > Duane at e164 dot org wrote > > a message of 62 lines which said: > > > >> On the other hand do you know of any "exciti

Re: [Pdns-users] Multiple IP?

SoloUnAltroNick wrote: > Hi, > > on my server i have 2 network interfaces. > > With the default option: > > local-address=0.0.0.0 > > Server doesn't respond. And in the documentation, it's written that this > value so configured make PDNS listening on all interfaces. > > If i set it with my 2

Re: [Pdns-users] PDNS Recursor compile errors on g++ 4.4.0

d to add: #include to misc.hh http://cvs.fedora.redhat.com/viewvc/devel/pdns-recursor/pdns-recursor-gcc44.patch?revision=1.1&view=markup Hope that helps. Have a nice day, Leen Besselink. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Difficulty changing nameservers on domain registar's site

On Thu, Jul 02, 2009 at 06:15:44PM +0300, Jani Karlsson wrote: > Hi, > > Your problem is with SOA DNS-record: > The given nameservers return different SOA entries. > > So either your SOA serial, data or TTL differs between servers. Or it > just that other server doesn't respond to SOA request th

Re: [Pdns-users] Bindings

addresses. Unix does not provide a way of figuring out what IP address a packet was sent to when binding to any. http://docs.powerdns.com/all-settings.html Have a nice day, Leen. > > > > > > -

Re: [Pdns-users] Question on setting up PDNS

Nicholas Orr wrote: > You'd need to setup a sub-domain and have your primary domain give out > NS for where the sub-domain is hosted. > > I remember doing this ages ago with Windows Server DNS, was pretty > straight forward. > hmmm. > Sorry I'm not much more help :/ Anyway, it's called '(DNS)

Re: [Pdns-users] STL error

Johan Kooijman wrote: >> The last line is a reset packet from client to server, I wouldn't >> expect to see a reset packet. I tried a working installation as a >> test and I didn't see a reset packet. >> >> I don't know why the client-side does this, but it's not the usual >> way. >> >> Also I noti

Re: [Pdns-users] STL error

Johan Kooijman wrote: > Hi, > > Thank you for your reply. > >> Hmm, I'm no expert, but looking at the error and code, I would say, >> your TCP-connection to the PowerDNS died. > > My guess too. > >> TCP is different from the normal UDP-packets used by DNS. >> >> If this is a new installation, y

Re: [Pdns-users] STL error

e normal UDP-packets used by DNS. If this is a new installation, you are possible setting it up in an environment where you might not need a firewall on that server, could you disable it and test it again ? It looks like PowerDNS is not able to push any packets out to your dig-client. If I we

[Pdns-users] [ignore] mailinglist test-message

I'm sorry, I'm having some odd problems with changing addresses, this is a test-message please ignore. Have a good weekend ! :-) ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Recursor 3.1.8-prerelease with EDNS-PING

not authoritive, that packet is about just as large as the question, so there is no amplification. Seperating your recursor from your authoritive nameserver has always been a good security practice. > Regards, > > Frank Hope this was helpful. Have a nice day, Leen. __

Re: [Pdns-users] Adding a caching nameserver to an existing secondary DNS server

ver for a certain domain, you can use the forward-zones= option for that. > Thanks, > > Nils Breunese. No problem. I hope it answers your questions. Have a nice day, Leen Besselink ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Why prefer recursor answers over auth Authoritative answers?

the PowerDNS authoritive server at all. Not sure how it helps in your situation though. Have a nice day, Leen Besselink. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Handling packet flood from one client.

On Wed, Jan 28, 2009 at 11:07:53AM -0800, Augie Schwer wrote: > We discussed this on #powerdns a bit as it came up on the > dns-operations list; the conclusion was that dropping the request was > worse because it opened up spoofing attacks. Thanks for the > suggestion though. --Augie > Yes, tha

Re: [Pdns-users] Handling packet flood from one client.

Ton van Rosmalen wrote: Leen Besselink schreef: On Tue, Jan 27, 2009 at 10:00:18AM -0800, Augie Schwer wrote: Obviously; but that's being reactive; I was looking for something more proactive. --Augie I've not tested it, but I understand the u32 option is available on De

Re: [Pdns-users] Handling packet flood from one client.

On Tue, Jan 27, 2009 at 10:00:18AM -0800, Augie Schwer wrote: > Obviously; but that's being reactive; I was looking for something more > proactive. --Augie > I've not tested it, but I understand the u32 option is available on Debian/Linux for example: http://www.stupendous.net/archives/2009/01

Re: [Pdns-users] Can't access remotely: "connection timed out; no servers could be reached"

On Tue, Jan 20, 2009 at 01:30:22PM -0700, JK E-Lists wrote: > I have a fresh PowerDNS install with some test records in the database. > CentOS 5 (all updates) > MySQL > Latest PowerDNS RPM > > I can query successfully when logged into the name server, e.g. > > [...@ns1 ~] $ host foo.test.com 12

Re: [Pdns-users] DDos Reflector

Leen Besselink wrote: Christof Meerwald wrote: Hi, since about Friday late evening I am seeing lots of pdns errors in my syslog like: Not authoritative for '', sending servfail to 76.9.31.42 (recursion was desired) Over in comp.protocols.dns.bind there is already some discus

Re: [Pdns-users] DDos Reflector

Christof Meerwald wrote: Hi, since about Friday late evening I am seeing lots of pdns errors in my syslog like: Not authoritative for '', sending servfail to 76.9.31.42 (recursion was desired) Over in comp.protocols.dns.bind there is already some discussion about these DNS requests (which

Re: [Pdns-users] Error While loading shared libraries: libpq.so.5: Cannot open shared object

you needed to install to get it work, post it here so it's saved in the archives and people don't need to ask about it again. Have a nice day, Leen Besselink. > Thanks & regards, > Borin > ___ > Pdns-users mailing l

Re: [Pdns-users] PDNS-Recursor Not Providing DNS Lookups?

On Fri, Aug 22, 2008 at 01:40:05PM -0500, Kenneth Marshall wrote: > On Fri, Aug 22, 2008 at 07:42:31PM +0200, bert hubert wrote: > > On Fri, Aug 22, 2008 at 12:30:36PM -0400, Steve Chapman wrote: > > > I'm working in an environment that uses split DNS (some parentcompany.com > > > servers we want r

Re: Can pdns-recursor forward . ? / Re: [Pdns-users] Where can I download Windows binaries?

On Tue, Jul 29, 2008 at 12:53:04PM +0200, bert hubert wrote: > On Tue, Jul 29, 2008 at 12:49:24PM +0200, Leen Besselink wrote: > > I have an other reason I might want a windows binary. In this case > > for PowerDNS-recursor. > > You can compile the powerdns recursor

Re: [Pdns-users] pdns-recursor performance

On Tue, Aug 05, 2008 at 10:29:14AM +0200, Leen Besselink wrote: > On Tue, Aug 05, 2008 at 12:30:25AM -0700, Brad Dameron wrote: > > And you will see your response times drop from 1-2 seconds to milliseconds. > > I did a lot of testing of this and pdns-recursor is definite

Re: [Pdns-users] pdns-recursor performance

On Tue, Aug 05, 2008 at 12:30:25AM -0700, Brad Dameron wrote: > And you will see your response times drop from 1-2 seconds to milliseconds. I > did a lot of testing of this and pdns-recursor is definitely the best out > there. > > Brad > Hi Brad, Did you also test Unbound ( www.unbound.net

[Pdns-users] Re: Can pdns-recursor forward . ? / Re: Where can I download Windows binaries?

On Tue, Jul 29, 2008 at 11:25:58PM +0200, Christof Meerwald wrote: > On Tue, 29 Jul 2008 23:13:07 +0200, Leen Besselink wrote: > >> Wouldn't simple UDP forwarding be sufficient in this case? (but you would > >> still need to find a program to do the UDP forwarding

[Pdns-users] Re: Can pdns-recursor forward . ? / Re: Where can I download Windows binaries?

On Tue, Jul 29, 2008 at 10:02:17PM +0200, Christof Meerwald wrote: > On Tue, 29 Jul 2008 12:49:24 +0200, Leen Besselink wrote: > [...] > > And Windows XP doesn't support DNS over IPv6, installing a local > > forwarding IPv6-enabled PowerDNS-recursor might a be solution to &

Re: Can pdns-recursor forward . ? / Re: [Pdns-users] Where can I download Windows binaries?

On Tue, Jul 29, 2008 at 12:53:04PM +0200, bert hubert wrote: > On Tue, Jul 29, 2008 at 12:49:24PM +0200, Leen Besselink wrote: > > I have an other reason I might want a windows binary. In this case > > for PowerDNS-recursor. > > You can compile the powerdns recursor

Can pdns-recursor forward . ? / Re: [Pdns-users] Where can I download Windows binaries?

I have an other reason I might want a windows binary. In this case for PowerDNS-recursor. When I'm going to deploy IPv6, I would really like to have an IPv6-only network behind the (currently NAT) firewall. And Windows XP doesn't support DNS over IPv6, installing a local forwarding IPv6-enabled P

Re: [Pdns-users] Re: PowerDNS interview on Dutch national radio tonight

On Wed, Jul 09, 2008 at 09:03:57AM +0200, Stephane Bortzmeyer wrote: > On Tue, Jul 08, 2008 at 06:13:04PM +0200, > Stephane Bortzmeyer <[EMAIL PROTECTED]> wrote > a message of 13 lines which said: > > > > Microsoft will be releasing more details tonight, > > > > Apparently done: > > > > http

Re: [Pdns-users] coordinated patch

On Wed, Jul 09, 2008 at 08:26:47AM +0200, bert hubert wrote: > On Wed, Jul 09, 2008 at 07:47:45AM +0200, Leen Besselink wrote: > > So now the question becomes did anyone inform Bert and/or PowerDNS too ? > > I knew about this stuff from the very beginning (February I think), eve

[Pdns-users] coordinated patch

This sounds pretty scary, it seems to concerns recursors and resolver-libraries. The way to solve it, is to use port randomization, which shouldn't be a big suprise to the PowerDNS-using community. Massive, Coordinated Patch To the DNS Released [0] tkrabec alerts us to a CERT advisory announcin