We've set up pdns "hidden slaves" which get notified by Windows DNS Servers.
Windows DNS admins need configure the equivalent of ALSO-NOTIFY and allow transfers from "hidden slaves". pdns hidden slaves write AXFRs in Database. Database replication transports DNS data to authoritative pdns servers. pdns_recoursor forward zone points to authoritative pdns Servers instead of Windows DNS. Cheers Thomas P.S.: The term "hidden slaves" does not exist in any RFC to the best of my knowledge, but I have nothing better. Suggestions welcome. On 11.01.20 17:51, Satya Sharma wrote:
Hi, I want to make interface with Windows DNS and PowerDNS any best practice and way to do that. On Sat, 11 Jan 2020 at 5:30 PM, <pdns-users-requ...@mailman.powerdns.com <mailto:pdns-users-requ...@mailman.powerdns.com>> wrote: Send Pdns-users mailing list submissions to pdns-users@mailman.powerdns.com <mailto:pdns-users@mailman.powerdns.com> To subscribe or unsubscribe via the World Wide Web, visit https://mailman.powerdns.com/mailman/listinfo/pdns-users or, via email, send a message with subject or body 'help' to pdns-users-requ...@mailman.powerdns.com <mailto:pdns-users-requ...@mailman.powerdns.com> You can reach the person managing the list at pdns-users-ow...@mailman.powerdns.com <mailto:pdns-users-ow...@mailman.powerdns.com> When replying, please edit your Subject line so it is more specific than "Re: Contents of Pdns-users digest..." Today's Topics: 1. Re: pdns-recursor Permissions Error (Sharone) 2. Re: pdns-recursor Permissions Error (Steve Shipway) ---------------------------------------------------------------------- Message: 1 Date: Fri, 10 Jan 2020 16:32:43 +0300 From: Sharone <missaki...@gmail.com <mailto:missaki...@gmail.com>> To: Brian Candler <b.cand...@pobox.com <mailto:b.cand...@pobox.com>> Cc: Otto Moerbeek <otto.moerb...@open-xchange.com <mailto:otto.moerb...@open-xchange.com>>, pdns-users@mailman.powerdns.com <mailto:pdns-users@mailman.powerdns.com> Subject: Re: [Pdns-users] pdns-recursor Permissions Error Message-ID: <CACMzb4dGtzN=Xo8NxscaJDpKnxpSGmqZ=h9=nxr_bx0jvuu...@mail.gmail.com <mailto:nxr_bx0jvuu...@mail.gmail.com>> Content-Type: text/plain; charset="utf-8" Thank you all for the generous and tremendous support. I have traffic on Cacti from my recursive servers now. Have a lovely weekend. Regards, Sharone On Fri, 10 Jan 2020 at 14:30, Brian Candler <b.cand...@pobox.com <mailto:b.cand...@pobox.com>> wrote: > On 10/01/2020 11:07, Sharone wrote: > > I have attempted to comment out the line *extend pdns-rec > /usr/local/bin/pdns_stats *in snmpd.conf file and still gotten the same > error, however changing permissions to the entire directory to rwx worked > but like you mentioned this indeed brings about a security issue. > > Oh well, if that works, you just do tighter permissions - e.g. changing > the directory *group* to "snmp" or "Debian-snmp" as appropriate, and > setting mode 775. > > This is what out-of-box recursor has: > > root@cache1:~# ls -ld /var/run/pdns-recursor > drwxr-xr-x 2 pdns pdns 60 Dec 12 12:49 /var/run/pdns-recursor > > root@cache1:~# ls -l /var/run/pdns-recursor/ > total 0 > srwxr-xr-x 1 pdns pdns 0 Dec 12 12:49 pdns_recursor.controlsocket > > Using pdns:snmp and mode 775 should be fine. > > See also the perms for the socket itself: > https://docs.powerdns.com/recursor/settings.html#socket-owner-socket-group-socket-mode > > HTH, > > Brian. > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200110/5c915578/attachment-0001.htm> ------------------------------ Message: 2 Date: Sat, 11 Jan 2020 20:53:08 +1300 (NZDT) From: Steve Shipway <steve.ship...@smxemail.com <mailto:steve.ship...@smxemail.com>> To: Sharone <missaki...@gmail.com <mailto:missaki...@gmail.com>> Cc: pdns-users@mailman.powerdns.com <mailto:pdns-users@mailman.powerdns.com> Subject: Re: [Pdns-users] pdns-recursor Permissions Error Message-ID: <352284712.7331.1578729188...@webmail.nz.smxemail.com <mailto:352284712.7331.1578729188...@webmail.nz.smxemail.com>> Content-Type: text/plain; charset="utf-8" From what I can see, your snmpd system will run /usr/local/bin/pdns_stats as the snmpd user. This user does not have write permission to the /var/run/pdns-recursor directory and so you get the error. You could either make the /var/run/pdns-recursor mode 775 and group snmpd; or maybe add the snmpd user to the pdns group and make the directory mode 775. Note that you also need to have the same mode and ownership on the socket. Hope this helps, sorry for the slow reply have been very busy Steve > On 09 January 2020 at 18:24 Sharone <missaki...@gmail.com <mailto:missaki...@gmail.com>> wrote: > > Hello Steve, > > I appreciate your response. Below is what is inside /etc/snmp/snmpd.conf file > > rocommunity public > syslocation "Data Center" > syscontact ad...@techs.co.ug <mailto:ad...@techs.co.ug> mailto:ad...@techs.co.ug <mailto:ad...@techs.co.ug> > createUser admin SHA admin123! AES admin123! > rouser admin authPriv > extend pdns-rec /usr/local/bin/pdns_stats > agentAddress udp:161,udp6:[::1]:161 > > /etc/default/snmpd > > # This file controls the activity of snmpd > > # Don't load any MIBs by default. > # You might comment this lines once you have the MIBs downloaded. > export MIBS= > > # snmpd control (yes means start daemon). > SNMPDRUN=yes > > # snmpd options (use syslog, close stdin/out/err). > SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid' > > snmp service status > > # systemctl status snmpd.service > ? snmpd.service - LSB: SNMP agents > Loaded: loaded (/etc/init.d/snmpd; bad; vendor preset: enabled) > Active: active (running) since Thu 2020-01-09 08:24:04 EAT; 4s ago > Docs: man:systemd-sysv-generator(8) > Process: 694 ExecStop=/etc/init.d/snmpd stop (code=exited, status=0/SUCCESS) > Process: 703 ExecStart=/etc/init.d/snmpd start (code=exited, status=0/SUCCESS) > Tasks: 1 > Memory: 4.3M > CPU: 66ms > CGroup: /system.slice/snmpd.service > ??710 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I -smux mteTrigger mteTriggerConf -p /run/snmpd.pid > > Jan 09 08:24:04 vdns-50 systemd[1]: Starting LSB: SNMP agents... > Jan 09 08:24:04 vdns-50 snmpd[703]: * Starting SNMP services: > Jan 09 08:24:04 vdns-50 systemd[1]: Started LSB: SNMP agents. > Jan 09 08:24:04 vdns-50 snmpd[710]: NET-SNMP version 5.7.3 > > Regards, > Sharone > > > On Wed, 8 Jan 2020 at 22:35, Steve Shipway < steve.ship...@smxemail.com <mailto:steve.ship...@smxemail.com> mailto:steve.ship...@smxemail.com <mailto:steve.ship...@smxemail.com> > wrote: > > > > On Wed, 2020-01-08 at 09:20 +0300, Sharone wrote: > > > > > > > # snmpwalk -v2c -c public localhost .1.3.6.1.4.1.8072.1.3.2.4.1.2 > > > iso.3.6.1.4.1.8072.1.3.2.4.1.2.8.112.100.110.115.45.114.101.99.1 = STRING: "Fatal: Unable to generate local temporary file in directory '/var/run/pdns-recursor': Permission denied" > > > > > > > > > > A couple of thoughts here . Either > > - SElinux is doing its magic and blocking - this should be logged in the syslog if so, or > > - Your SNMP is running with chroot enabled and /var/run/pdns-recursor doesn't exist in the chroot environment > > - rec_control is trying to generate a tmp file as the snmp user so doesn't have wri <https://www.google.com/maps/search/tmp+file+as+the+snmp+user+so+doesn%27t+have+wri?entry=gmail&source=g>te permission. > > - Your SNMP daemon is using a temporary file for the rec_control output which it is trying to put in /var/run/pdns-recursor > > > > Being able to see your snmp daemon configuration would probably help with diagnosing this, so please post it here if possible. > > > > Steve > > > > > > -- > > Steve Shipway | Senior Email Systems Administrator > > Phone: +64 9 302 0515 Fax: +64 9 302 0518 > > Freephone: 0800 SMX SMX (769 769) > > SMX Limited: Level 10, 19 Victoria Street West, Auckland, New Zealand > > Web: http://smxemail.com/ > > > > > > > > > > > > This email has been filtered by SMX. For more information visit http://smxemail.com/ > > > > > > > > > > _______________________________________________ > > Pdns-users mailing list > > Pdns-users@mailman.powerdns.com <mailto:Pdns-users@mailman.powerdns.com> mailto:Pdns-users@mailman.powerdns.com <mailto:Pdns-users@mailman.powerdns.com> > > https://mailman.powerdns.com/mailman/listinfo/pdns-users > > > > > _____________________________________________________________________________ This email has been filtered by SMX. For more info visit http://smxemail.com _____________________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200111/5deed278/attachment-0001.htm> ------------------------------ Subject: Digest Footer _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com <mailto:Pdns-users@mailman.powerdns.com> https://mailman.powerdns.com/mailman/listinfo/pdns-users ------------------------------ End of Pdns-users Digest, Vol 204, Issue 10 ******************************************* -- Sent from Gmail Mobile _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
