[Pdns-users] PDNS Authoritative: updating from 4.6.4 to 4.7.3 - broken RFC2136 / dynamic updates

2022-12-15 Thread Andrea Biancalani via Pdns-users
Hello there, I've recently updated my PDNS Authoritative from 4.6.4 to 4.7.3 and I've noticed my dynamic DNS updates has broken. Just to make an example: 1. create a new zone (aka: 123.com) 2. set meta-data for that zone allowing update for specific IP, key name, alghorithm 3. send an nsu

Re: [Pdns-users] Pdns Authoritative

2022-05-30 Thread Brian Candler via Pdns-users
On 30/05/2022 16:45, Wafa BEN KHOUD via Pdns-users wrote: s it possible to configure pdns slave with fixed content records? And how to do it? As example: master records for zone "test.com " are NS "ns.test.com " and MX "mx.test.com " an

[Pdns-users] Pdns Authoritative

2022-05-30 Thread Wafa BEN KHOUD via Pdns-users
Hello, Is it possible to configure pdns slave with fixed content records? And how to do it? As example: master records for zone "test.com" are NS "ns.test.com" and MX "mx.test.com" and slave records are NS "ns.test.com" and MX "mx55.test.com" master records for zone "hello.com" are NS "ns.test.c

Re: [Pdns-users] Pdns Authoritative 4.5.4 on centos 7

2022-05-17 Thread Jhonny Paco via Pdns-users
Hello Wafa I used this Link https://www.claudiokuenzler.com/blog/844/powerdns-master-slave-dns-replication-mysql-backend To config master/slave PowerDNS server with MySQL backend. In that document the keys was "supermasters" table in the backend and AXFR. Then I checked iptables firewall ru

Re: [Pdns-users] Pdns Authoritative 4.5.4 on centos 7

2022-05-17 Thread Wafa BEN KHOUD via Pdns-users
Hello, You find below my configuration I just want to ensure replication from master to slave Can you advise documentation links? how to troubleshoot? Master (IP @ : 10.10.22.1) allow-axfr-ips=10.20.21.25/32 also-notify=10.20.21.25:53 daemon=yes default-soa-content=ns10.test.tn xxx...@ww.ww 20

Re: [Pdns-users] Pdns Authoritative 4.5.4 on centos 7

2022-05-17 Thread Kevin P. Fleming via Pdns-users
Also your 'Master LOG' shows it *receiving* a NOTIFY, not sending one. On Mon, May 16, 2022 at 12:44 PM Jan-Piet Mens via Pdns-users wrote: > > >Can you please advise how to configure Pdns Authoritative 4.5.4 > >master/slave replication? > > You have not told us what your configuration looks like

Re: [Pdns-users] Pdns Authoritative 4.5.4 on centos 7

2022-05-16 Thread Jan-Piet Mens via Pdns-users
Can you please advise how to configure Pdns Authoritative 4.5.4 master/slave replication? You have not told us what your configuration looks like, what you've done, which documentation you've studied, and which tests you've conducted. -JP ___

[Pdns-users] Pdns Authoritative 4.5.4 on centos 7

2022-05-16 Thread Wafa BEN KHOUD via Pdns-users
Hello team, Can you please advise how to configure Pdns Authoritative 4.5.4 master/slave replication? When I add record in master server it is not replicated on slave? How to troubleshoot? Master LOG after pdns_control notify test.tn May 16 12:11:24 DNS-SLV1-G3 pdns_server[32677]: Received NOTIF

Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN

2021-06-22 Thread Thomas via Pdns-users
Am 22.06.2021 um 17:27 schrieb Brian Candler: On 22/06/2021 16:16, Thomas via Pdns-users wrote: Thanks for the clarification, but this scares me. How can I have configured the server in a way it thinks it is authoritative for the entire Internet? It should be authoritative for zur-sonne.it and

Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN

2021-06-22 Thread Brian Candler via Pdns-users
On 22/06/2021 16:16, Thomas via Pdns-users wrote: Thanks for the clarification, but this scares me. How can I have configured the server in a way it thinks it is authoritative for the entire Internet? It should be authoritative for zur-sonne.it and the other 2500 domains we have, sihosting.clou

Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN

2021-06-22 Thread Thomas via Pdns-users
Thanks for the clarification, but this scares me. How can I have configured the server in a way it thinks it is authoritative for the entire Internet? It should be authoritative for zur-sonne.it and the other 2500 domains we have, sihosting.cloud is not part of the domains we host Am 22.06

Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN

2021-06-22 Thread Brian Candler via Pdns-users
On 22/06/2021 15:54, Thomas wrote: Doing a "dig www.zur-sonne.it +nostats +nocomments +nocmd @localhost" I (think) get correct result: ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.zur-sonne.it +nostats +nocomments +nocmd @localhost ;; global options: +cmd ;www.zur-sonne.it. 

Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN

2021-06-22 Thread Thomas via Pdns-users
Am 22.06.2021 um 16:16 schrieb Brian Candler: On 22/06/2021 14:55, Thomas via Pdns-users wrote: I have upgraded pdns authoritative server from version 4.3 to version 4.4.1 on CentOS 7, MySQL is the backend. If I query a CNAME record on both servers I get the following error (do not remember if

Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN

2021-06-22 Thread Brian Candler via Pdns-users
On 22/06/2021 14:55, Thomas via Pdns-users wrote: I have upgraded pdns authoritative server from version 4.3 to version 4.4.1 on CentOS 7, MySQL is the backend. If I query a CNAME record on both servers I get the following error (do not remember if it worked before the upgrade): [root@pdns1 lo

[Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN

2021-06-22 Thread Thomas via Pdns-users
Hello, I have upgraded pdns authoritative server from version 4.3 to version 4.4.1 on CentOS 7, MySQL is the backend. If I query a CNAME record on both servers I get the following error (do not remember if it worked before the upgrade): [root@pdns1 log]# nslookup www.example.it localhost Serv

Re: [Pdns-users] PDNS Authoritative and Mariadb share single core but multiple available

2019-10-31 Thread Otto Moerbeek
On Thu, Oct 31, 2019 at 05:24:05PM +0200, George Asenov wrote: > Yes I understand that this test is not relevant! > > The one think I didn't understand is why two different services working with > 2 different users share 1 core at 100% and not working on separate > cores/treads ? > Even if the re

Re: [Pdns-users] PDNS Authoritative and Mariadb share single core but multiple available

2019-10-31 Thread George Asenov
Yes I understand that this test is not relevant! The one think I didn't understand is why two different services working with 2 different users share 1 core at 100% and not working on separate cores/treads ? Even if the requests are not overlapping i think the two services should work independ

Re: [Pdns-users] PDNS Authoritative and Mariadb share single core but multiple available

2019-10-31 Thread Otto Moerbeek
On Thu, Oct 31, 2019 at 05:08:50PM +0200, George Asenov wrote: > > Here is a dnsperf test > https://monosnap.com/direct/IijS7l37a4r1Ck7dVKeO1UAf6kvEg0 > > # dnsperf -s XXX.XXX.XXX.XXX -c 1 -T 5 -d domainslist.txt -n 100 > DNS Performance Testing Tool > Nominum Version 2.1.0.0 > > [Status] C

Re: [Pdns-users] PDNS Authoritative and Mariadb share single core but multiple available

2019-10-31 Thread George Asenov
Here is a dnsperf test https://monosnap.com/direct/IijS7l37a4r1Ck7dVKeO1UAf6kvEg0 # dnsperf -s XXX.XXX.XXX.XXX -c 1 -T 5 -d domainslist.txt -n 100 DNS Performance Testing Tool Nominum Version 2.1.0.0 [Status] Command line: dnsperf -s XXX.XXX.XXX.XXX -c 1 -T 5 -d domainslist.txt -n 100

Re: [Pdns-users] PDNS Authoritative and Mariadb share single core but multiple available

2019-10-31 Thread Otto Moerbeek
On Thu, Oct 31, 2019 at 02:28:48PM +, Brian Candler wrote: > On 31/10/2019 13:44, George Asenov wrote: > > For example if the mariadb get 70% pdns 30% if i check the load by cores > > one core has 0%id all other 3 are near 100%id . > > here are some screenshots > > Looks like sequential opera

Re: [Pdns-users] PDNS Authoritative and Mariadb share single core but multiple available

2019-10-31 Thread Brian Candler
On 31/10/2019 13:44, George Asenov wrote: For example if the mariadb get 70% pdns 30% if i check the load by cores one core has 0%id all other 3 are near 100%id . here are some screenshots Looks like sequential operation to me: 1. pdns sends a query to mariadb (goes to sleep waiting for respo

[Pdns-users] PDNS Authoritative and Mariadb share single core but multiple available

2019-10-31 Thread George Asenov
Hello, We have a setup with hidden master (with couple of thousand zones) with like 30 slaves which is slave of multiple BIND masters. The setup works well but we are concerned about the subject. If the first level master (where all the changes happen) is restarted for example it sends notifys

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-29 Thread Remi Gacogne
/new Best regards, Remi > -Original Message- From: Pdns-users > [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of bert > hubert Sent: Tuesday, July 17, 2018 3:49 PM To: > pdns-users@mailman.powerdns.com Subject: Re: [Pdns-users] PDNS > Authoritative Server DDOS

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-24 Thread Hamed Haghshenas
Hi, Is there any update here? Could anyone help me on this ? BR, Hamed Haghshenas -Original Message- From: Hamed Haghshenas [mailto:haghshe...@chavoosh.com] Sent: Saturday, July 21, 2018 10:38 AM To: 'pdns-users@mailman.powerdns.com' Subject: RE: [Pdns-users] PDNS Authoritat

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-20 Thread Hamed Haghshenas
en block /24 subnet . for example for 10.10.10.0/24, if query rate exist 10 for 10s then block 10.10.10.0/24. BR, Hamed Haghshenas -Original Message- From: Pdns-users [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of bert hubert Sent: Tuesday, July 17, 2018 3:49 PM To: pdns-us

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-17 Thread bert hubert
On Tue, Jul 17, 2018 at 03:24:22PM +0430, Hamed Haghshenas wrote: > Could you please let me know how handle these large DDOS attacks? Hi Hamed, Please take a look at https://dnsdist.org/guides/dynblocks.html#dynblockrulesgroup This is specifically meant for the case of many different IP address

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-17 Thread Hamed Haghshenas
Message- From: bert hubert [mailto:bert.hub...@powerdns.com] Sent: Saturday, July 7, 2018 4:39 PM To: Hamed Haghshenas Cc: pdns-users@mailman.powerdns.com Subject: Re: [Pdns-users] PDNS Authoritative Server DDOS Protection On Sat, Jul 07, 2018 at 03:49:16PM +0430, Hamed Haghshenas wrote: > I'm

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-07 Thread bert hubert
On Sat, Jul 07, 2018 at 03:49:16PM +0430, Hamed Haghshenas wrote: > I'm using PDNS Authoritative Server 4.1.3, today I see my server not > response and error or timeout on resolves . Hi Hamed, What you can best do is install dnsdist and put it in front of your authoritative servers. Try this dns

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-07 Thread Hamed Haghshenas
t: Re: [Pdns-users] PDNS Authoritative Server DDOS Protection in the conf file , you can specify the subnets those allowed to use this server s.t (default ) allow-from = 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 _ From: Pdns-users < <mailto:pdns

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-07 Thread Mohamad F. Barham
@mailman.powerdns.com Subject: [Pdns-users] PDNS Authoritative Server DDOS Protection Hi, I’m using PDNS Authoritative Server 4.1.3, today I see my server not response and error or timeout on resolves . When check the server see to many DNS requests from some IPs from Brazil like DDOS attack. To

[Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-07 Thread Hamed Haghshenas
Hi, I'm using PDNS Authoritative Server 4.1.3, today I see my server not response and error or timeout on resolves . When check the server see to many DNS requests from some IPs from Brazil like DDOS attack. To fix errors and timeouts, I block the attacker subnet in my firewall . Now could

[Pdns-users] pdns-authoritative: Meaning of "Received question from socket which had no remote address, dropping (Transport endpoint is not connected)"

2016-11-11 Thread Thomas Mieslinger
Hi, during an incident this week, where the resolvers of an access provider decided to send their dns queries with UDP message buffer size = 512, powerdns sent compliant answers with tc=1 because the the queried zone is DNSSEC signed. In turn the access providers resolver sent the queries aga

Re: [Pdns-users] PDNS Authoritative server 2.9.22 on SLES V11?

2014-09-22 Thread Dan Campbell
Bert, Thanks for your reply. We have cache-ttl=0 for other reasons, so I think we're ok on the security issue. We built PDNS staticly from from source. I have been hoping to upgrade PDNS and other components for a while. Hopefully, I can use your recommendation to make that happen. :-) --

Re: [Pdns-users] PDNS Authoritative server 2.9.22 on SLES V11?

2014-09-22 Thread bert hubert
On Thu, Sep 18, 2014 at 06:13:15PM -0400, p...@w3eta.net wrote: > I manage a few PDNS v2.9.22 authoritative servers on SLES V10 and wee need to > upgrade the OS to SLES V11. We would prefer not to upgrade PDNS. We can only recommend that you do. 2.9.22 has known security issues, please see http://

[Pdns-users] PDNS Authoritative server 2.9.22 on SLES V11?

2014-09-18 Thread p...@w3eta.net
I manage a few PDNS v2.9.22 authoritative servers on SLES V10 and wee need to upgrade the OS to SLES V11. We would prefer not to upgrade PDNS. I was wondering -- does anyone of the list have experience with OS upgrades and v2.9.22? Specifically SLES V11? I'm trying to gauge the risk in updrading

Re: [Pdns-users] PDNS Authoritative DNSSEC Question

2014-02-10 Thread Peter van Dijk
Hello Chris, more good news: the bug in the DNSSEC debugger was fixed today and it now identifies your domain as correct! On 10 Feb 2014, at 9:55 , Peter van Dijk wrote: > Hello Chris, > > SUMMARY: the DNSSEC debugger is broken and your domain is fine. Kind regards, -- Peter van Dijk Nether

Re: [Pdns-users] PDNS Authoritative DNSSEC Question

2014-02-10 Thread Peter van Dijk
Hello Chris, SUMMARY: the DNSSEC debugger is broken and your domain is fine. On 07 Feb 2014, at 12:22 , Chris wrote: > The signing errored due to the 'type' column not allowing NULL. I updated the > schema to allow this. Good. > 2. I disabled dnssec on the domain and enabled it again: > > #

[Pdns-users] PDNS Authoritative DNSSEC Question

2014-02-07 Thread Chris
Hi list, I am playing around with DNSSEC and I seem to have created a strange problem for myself. I am using PDNS 3.3-1 on Debian with the generic SQL backend and a MySQL database. The schema I was using previously didn't match the recommended one in the documentation, the 'type' column didn

Re: [Pdns-users] Pdns Authoritative + Recursor

2011-12-08 Thread Daniel L. Miller
On 12/8/2011 3:57 AM, IRCHeaven Technical Support wrote: In the documents I have read that the authoritative server runs on port 53 and the recursor on port 5300. In the authoritative server I have puth the recursor ip and port Now is the problem that it seems that the auth not communicate with

Re: [Pdns-users] Pdns Authoritative + Recursor

2011-12-08 Thread abang
my recursor.conf -additional-processing=on allow-from=My local and network ranges local-address=my local and external IPv4 and external IPv6 Maybe you didn't set the local-address 127.0.0.1 in recursor: local-address=127.0.0.1, -- Winfried __

Re: [Pdns-users] Pdns Authoritative + Recursor

2011-12-08 Thread IRCHeaven Technical Support
contents of the e-mail." -Original Message- From: pdns-users-boun...@mailman.powerdns.com [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of Augie Schwer Sent: Wednesday, 07 Dec, 2011 22:38 To: Pdns-users Subject: Re: [Pdns-users] Pdns Authoritative + Recursor What doesn't

Re: [Pdns-users] Pdns Authoritative + Recursor

2011-12-07 Thread Augie Schwer
What doesn't work? Are both the auth. and recursive PowerDNS servers running? --Augie On Wed, Dec 7, 2011 at 6:36 AM, IRCHeaven Technical Support wrote: > Dear Users, > > > > I have on this moment running Pdns Authoritative server + Recursor but this > combination don’t work. > I have read the d

Re: [Pdns-users] Pdns Authoritative + Recursor

2011-12-07 Thread Aki Tuomi
On Wed, Dec 07, 2011 at 03:36:26PM +0100, IRCHeaven Technical Support wrote: > Dear Users, > > > > I have on this moment running Pdns Authoritative server + Recursor but this > combination don't work. > I have read the docs on powerdns.com but I don't get this combination to > work. > > My que

[Pdns-users] Pdns Authoritative + Recursor

2011-12-07 Thread IRCHeaven Technical Support
Dear Users, I have on this moment running Pdns Authoritative server + Recursor but this combination don't work. I have read the docs on powerdns.com but I don't get this combination to work. My question is do is miss something or do I something wrong. PDNS.conf allow-recursion=My local and n