Hi Walter,
I believe you may be missing the 'NOTIFY-DNSUPDATE' domain meta setting. [1]
Note that 'dnsupdate' is a different and global setting; whether or not
to enable the support for dynamic updates overall on the instance. [2]
What is the backend that you use for the dynamic zone?
In my case I have a small scale setup using SQLite on a hidden master
and I used these queries (taken from notes years ago) to enable notify
updates to secondary servers (running a possibly different backend).
$ sqlite3 /path/to/my/sqlite3.db
sqlite> update domains set type='MASTER' where name='dyn.zone.tld';
sqlite> insert into domainmetadata(domain_id, kind, content)
values((select id from domains where name='dyn.zone.tld'),
'SOA-EDIT-DNSUPDATE', 'SOA-EDIT-INCREASE');
sqlite> insert into domainmetadata(domain_id, kind, content)
values((select id from domains where name='dyn.zone.tld'),
'NOTIFY-DNSUPDATE','1');
Likely unrelated, but just wanted to note the following. I ran into zone
caching issues on the secondaries side ever since upgrading to 4.5 and
still happening for me on 4.6, complaining about the domain SOA being
out of date. Still have to investigate that further and perhaps file an
issue, but my current workaround for that is setting this on the primary
server:
zone-cache-refresh-interval=0
zone-metadata-cache-ttl=0
... which is fine for a small scale setup like mine. You may not run
into the same issue, though. :-)
HTH
Gert
[1]: https://doc.powerdns.com/authoritative/dnsupdate.html#notify-dnsupdate
[2]: https://doc.powerdns.com/authoritative/dnsupdate.html#dnsupdate
On 6/26/22 19:44, Walter Parker via Pdns-users wrote:
Hi,
I have a PowerDNS server with Dynamic Updates (RFC2136 enabled) and it
is not pushing the updates to the secondaries.
I have allow-axfr-ips set to allow the IP addresses of the secondaries
and also-notify set to IP addresses of the notification servers.
I have allow-dnsudpates-from set to the IP subnet where the request is
coming from. I have dnsupdate set to true.
When I run acme.sh, I see the update request come in (UPDATE (18591)
from 66.113.99.184 for chaosdynamics.com <http://chaosdynamics.com>:
TSIG is provided, but domain is not secured with TSIG. Processing continues
) but I don't see the notification queue message or the AXFR messages.
When I run a notify manually, I see them (logs below).
What did I miss to get dynamic DNS updates to be transferred to the
secondary servers?
Jun 26 10:39:02 natasha pdns[65543]: Notification request for domain
'chaosdynamics.com <http://chaosdynamics.com>' received from operator
Jun 26 10:39:02 natasha pdns[65543]: Queued notification of domain
'chaosdynamics.com <http://chaosdynamics.com>' to 208.80.126.13:53
<http://208.80.126.13:53>
Jun 26 10:39:02 natasha pdns[65543]: Queued notification of domain
'chaosdynamics.com <http://chaosdynamics.com>' to 208.94.148.13:53
<http://208.94.148.13:53>
Jun 26 10:39:03 natasha pdns[65543]: IXFR of domain 'chaosdynamics.com
<http://chaosdynamics.com>' initiated by 208.94.150.198:61335
<http://208.94.150.198:61335> with serial 2022062505
Jun 26 10:39:03 natasha pdns[65543]: AXFR of domain 'chaosdynamics.com
<http://chaosdynamics.com>' allowed: client IP 208.94.150.198:61335
<http://208.94.150.198:61335> is in allow-axfr-ips
Jun 26 10:39:03 natasha pdns[65543]: IXFR of domain 'chaosdynamics.com
<http://chaosdynamics.com>' initiated by 208.94.147.135:48779
<http://208.94.147.135:48779> with serial 2022062505
Jun 26 10:39:03 natasha pdns[65543]: AXFR of domain 'chaosdynamics.com
<http://chaosdynamics.com>' allowed: client IP 208.94.147.135:48779
<http://208.94.147.135:48779> is in allow-axfr-ips
Jun 26 10:39:03 natasha pdns[65543]: IXFR fallback to AXFR for domain
'chaosdynamics.com <http://chaosdynamics.com>' our serial 2022062606
Jun 26 10:39:03 natasha pdns[65543]: AXFR of domain 'chaosdynamics.com
<http://chaosdynamics.com>' initiated by 208.94.150.198:61335
<http://208.94.150.198:61335>
Jun 26 10:39:03 natasha pdns[65543]: AXFR of domain 'chaosdynamics.com
<http://chaosdynamics.com>' allowed: client IP 208.94.150.198:61335
<http://208.94.150.198:61335> is in allow-axfr-ips
--
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
