Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Steffan via Pdns-users
Thanks I downgraded pdns without problems Met vriendelijke groet, Steffan Noord -Oorspronkelijk bericht- Van: Brian Candler Verzonden: dinsdag 9 maart 2021 16:12 Aan: steffanno...@gmail.com; 'pdns-users-ml' Onderwerp: Re: [Pdns-users] DNSSEC UDP problems On 09/03/2021 14:0

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Brian Candler via Pdns-users
On 09/03/2021 14:01, Steffan via Pdns-users wrote: [powerdns-auth-master] name=PowerDNS repository for PowerDNS Authoritative Server - master branch baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/auth-master For production use, you would be better with the "version 4.4.X" branch

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Steffan via Pdns-users
] DNSSEC UDP problems Hi, On 3/9/21 3:01 PM, Steffan via Pdns-users wrote: >> Are you actually using AXFR to transfer the zone to the nameservers? >> Or are > you using database replication? Because ALIAS live-signing is not > implemented, only signing on AXFR-out is implement

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Pieter Lexis via Pdns-users
Hi, On 3/9/21 3:01 PM, Steffan via Pdns-users wrote: >> Are you actually using AXFR to transfer the zone to the nameservers? Or are > you using database replication? Because ALIAS live-signing is not > implemented, only signing on AXFR-out is implemented. This is in the > documentation I sent you

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Steffan via Pdns-users
Hi, > Running bleeding edge in production is not recommended. Although we haven't had big issues in the master branch for quite a while. Just keep that in mind :). Hm i just yum updated. [powerdns-auth-master] name=PowerDNS repository for PowerDNS Authoritative Server - master branch baseurl=ht

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Pieter Lexis via Pdns-users
Hi, On 3/9/21 2:44 PM, Steffan via Pdns-users wrote: > Hm that was a one time error > > Upgraded to: > pdns-4.5.0-0.alpha0.master.826.gd1a09d600.1pdns Running bleeding edge in production is not recommended. Although we haven't had big issues in the master branch for quite a while. Just keep th

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Steffan via Pdns-users
199.59.242.153 No RRSIGs found Met vriendelijke groet, Steffan Noord -Oorspronkelijk bericht- Van: Pdns-users Namens Pieter Lexis via Pdns-users Verzonden: dinsdag 9 maart 2021 14:36 Aan: pdns-users@mailman.powerdns.com Onderwerp: Re: [Pdns-users] DNSSEC UDP problems Hi Steffen

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Pieter Lexis via Pdns-users
Hi Steffen, On 3/9/21 2:20 PM, Steffan via Pdns-users wrote: > Hm that explanes a lot 😊 > > expand-alias=yes was allready enabled > i now have outgoing-axfr-expand-alias=yes enabled and restarted pdns > > But it is still complaines abouth the A record > > Error resolving for crazyforprint.nl

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Steffan via Pdns-users
pdns-users@mailman.powerdns.com Onderwerp: Re: [Pdns-users] DNSSEC UDP problems Hi Steffen, On 3/9/21 1:35 PM, Steffan via Pdns-users wrote: > This domain is not using a A record > > But a ALIAS and CNAME > > Is that why dnssec failes? Yes, see https://doc.powerdns.com/authoritativ

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Pieter Lexis via Pdns-users
Hi Steffen, On 3/9/21 1:35 PM, Steffan via Pdns-users wrote: > This domain is not using a A record > > But a ALIAS and CNAME > > Is that why dnssec failes? Yes, see https://doc.powerdns.com/authoritative/guides/alias.html#alias-and-dnssec Cheers, Pieter -- Pieter Lexis PowerDNS.COM BV -- htt

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread frank+pdns--- via Pdns-users
> > Van: frank+p...@tembo.be <mailto:frank+p...@tembo.be> <mailto:frank+p...@tembo.be>> > Verzonden: dinsdag 9 maart 2021 13:34 > Aan: steffanno...@gmail.com <mailto:steffanno...@gmail.com> > CC: pdns-users-ml > Onderwerp: Re: [Pdns-users] DNSSEC UDP proble

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Pieter Lexis via Pdns-users
Hi Steffen, On 3/9/21 1:13 PM, Steffan via Pdns-users wrote: > Suddenly im getting DNSSE|C warnings. > Any idees what im missing here? > > When analysing the dns with dnsviz.net im seeing > > " The server(s) were not responsive to queries over UDP. > (2a00:1bd0:740:1:2::2, 2a00:1bd0:740:1:46::1

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Steffan via Pdns-users
This domain is not using a A record But a ALIAS and CNAME Is that why dnssec failes? Met vriendelijke groet, Steffan Noord Van: frank+p...@tembo.be Verzonden: dinsdag 9 maart 2021 13:34 Aan: steffanno...@gmail.com CC: pdns-users-ml Onderwerp: Re: [Pdns-users] DNSSEC UDP problems

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread frank+pdns--- via Pdns-users
Hi Steffan, Sometimes the dnsviz.net debugger is quite complete but can be overwhelming at first. The Versisign Analyser can be easier to perform basic checks. https://dnssec-analyzer.verisignlabs.com/crazyforprint.nl. In this case, it seems the zone is not properly signed, but DS records are

Re: [Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Steffan via Pdns-users
An: pdns-users@mailman.powerdns.com > Betreff: [Pdns-users] DNSSEC UDP problems > > Hello, > > Suddenly im getting DNSSE|C warnings. > Any idees what im missing here? > > When analysing the dns with dnsviz.net im seeing > > " The server(s) were not responsive

[Pdns-users] DNSSEC UDP problems

2021-03-09 Thread Steffan via Pdns-users
Hello, Suddenly im getting DNSSE|C warnings. Any idees what im missing here? When analysing the dns with dnsviz.net im seeing " The server(s) were not responsive to queries over UDP. (2a00:1bd0:740:1:2::2, 2a00:1bd0:740:1:46::162) I dont understand why, I disabled the firewall for testing ne