On Fri, Dec 03, 2010 at 12:43:53PM +0100, David Douard wrote: > Hi everybody, > > I am using PowerDNS from Debian Squeeze with LDAP backend. > > The problem is that I have never been able make AXFR dig. I have the problem > for years now, but until now, I never really need to make it work. But I'd > like now to use a PowerDNS server as shadow master for my public zone (the > DNS > server is BIND9). > > When I do on the machine running powerdns: > > dig @localhost logilab.fr AXFR > > I sometimes get the correct result, but most of the times, I have a: > > ;; Got bad packet: out of range > 473 bytes > [snip gathered hex values] > > > If I activate some debug information, I can see: > > Dec 2 16:10:54 ident pdns[10893]: TCP Connection Thread died because of > STL > error: Writing data: Broken pipe > > or if I dig fro another machine: > > Dec 2 16:20:00 ident pdns[12375]: TCP Connection Thread died because of > STL > error: Reading data: Connection reset by peer > > I've been searching on the web and in the Mailing List, without being able to > find a definitive answer to the problem. The recent discussions on similar > situation do not apply here (eg. I do have a serial set to a value >0 for my > SOA.) > > Using wireshark on port 53, the strange thing is that when I do an AXFR > request, the communication ends with 2 almost identical ACK packets, the > second one having the RESET flag set. All the requested zone information is > included in the DNS answer packet (the zone is small enough to fit in one > packet). So I guess dig do notice the presence of the RESET packet and > conclude something wrong occured. > > Note that the AXFR request do sometimes succeed (very rarely to be honest, I > haven't seen one for a while). > > I may have missed something obvious, but I can't find it :-/ > > Anyone having a clue? > > Thanks, > > David Douard
It is stated in the PDNS documentation that the LDAP backend does not support master/slave/superslave/autoserial: http://doc.powerdns.com/ldap.html You will need to use one that does support the features you need/want to use. Cheers, Ken _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
