Re: [Pdns-users] Delegation Test Script

2011-08-08 Thread Posner, Sebastian 
John Macleod wrote:
 
 This is slightly unspecific to pdns...
 
 I am looking for a script to test the current delegation of zones
 within our pdns installation.
 
 Effectively...
 
 - Grab zone out of db
 - Poke root...
 - Poke parent
 - NS is one of our IPs, yes or no
 
 Searches have yielded surprisingly nothing on this so I wondered what
 the community had, if anything.

It's nothing powerdns-specific, but for externally visible
domains I found DNS Bajaj very helpful; recursively queries
every nameserver said to be authoritative for the given domain 
and displays delegations graphically.

http://www.zonecut.net/dns/

But definately not suiteable to bulk queries due to the UI..

greets,

Sebastian

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Pipe-backend: ABI-v3, TXT, and DNSSEC

2011-08-08 Thread Jan-Piet Mens 
Hello,

I was curious as to wether PowerDNS would sign records produced by the
PIPE back-end, particularly since the release notes indicate it may be
possible ([3] also says partial support).

I set up a small test with PowerDNS 3.0.1 [1] and the example
backend-v3.pl [2]. I encountered the following issues:

0. Configuration `powerdns.conf` contains only:

daemon=no
launch=gmysql,pipe
gmysql-dnssec
gmysql-dbname=pdns
gmysql-host=127.0.0.1
gmysql-port=3306
gmysql-user=pdns
gmysql-password=secret
cache-ttl=0
query-cache-ttl=0
log-dns-details=yes
loglevel=4
pipe-command=/etc/powerdns/backend-v3.pl
pipebackend-abi-version=3

1. A query of type ANY produces a SERVFAIL with the sample back-end. The
   console logs: 
   Exception building answer packet (Parsing record content: Data field
   in DNS should start with quote () at position 3 of ' hallo
   allemaal!') sending out servfail

   Changing quotes to single quotes, or removing them altogether doesn't
   improve: I can't get PowerDNS to reply with a TXT RR.

2. I created a zone in gmysql called example.com, type=NATIVE and
   signed it with `pdnssec secure-zone example.com`. (Records table for
   the zone is empty)

3. I query the PIPE backend `dig @127.0.0.1 example.com any' and get
   expected results including 3 DNSKEY RR

4. I query the PIPE backend `dig @127.0.0.1 +dnssec example.com any' and
   powerdns aborts with the following message on the console:

Default beforeAndAfterAbsolute called!
Got a signal 6, attempting to print trace
...

A bug or two, surely? :-)

Additionally, I note that the documentation for the PIPE backend [3]
has no mention of ABI version 3, nor does it describe the bits and auth
returned by the example pipe backend. Could somebody explain what the
`bits' are?

Thanks  regards,

-JP

[1]: http://downloads.powerdns.com/releases/rpm/pdns-static-3.0-1.i386.rpm
[2]: 
http://wiki.powerdns.com/trac/browser/trunk/pdns/modules/pipebackend/backend-v3.pl?rev=2239
[3]: http://doc.powerdns.com/backends-detail.html#pipebackend
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] loglevel in pdns-recursor

2011-08-08 Thread Yu, Yingdi 
Hi,

I want to log warning message from pdns-recursor, but its default loglevel is 3 
(seems higher than warning).
I did not see loglevel option in pdns-recursor.conf. Anybody knows how to do 
that? Thanks!

Regards!

Yingdi
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Pipe-backend: ABI-v3, TXT, and DNSSEC

2011-08-08 Thread Leen Besselink 
On 08/08/2011 11:34 PM, Leen Besselink wrote:
 On 08/08/2011 06:57 PM, Jan-Piet Mens wrote:
 Hello,

 I was curious as to wether PowerDNS would sign records produced by the
 PIPE back-end, particularly since the release notes indicate it may be
 possible ([3] also says partial support).

 I set up a small test with PowerDNS 3.0.1 [1] and the example
 backend-v3.pl [2]. I encountered the following issues:

 I tried that too. I did rename mine test.net and used gpsqlite3 because
 I already had that setup.

 0. Configuration `powerdns.conf` contains only:

 daemon=no
 launch=gmysql,pipe
 gmysql-dnssec
 gmysql-dbname=pdns
 gmysql-host=127.0.0.1
 gmysql-port=3306
 gmysql-user=pdns
 gmysql-password=secret
 cache-ttl=0
 query-cache-ttl=0
 log-dns-details=yes
 loglevel=4
 pipe-command=/etc/powerdns/backend-v3.pl
 pipebackend-abi-version=3

 1. A query of type ANY produces a SERVFAIL with the sample back-end. The
console logs: 
Exception building answer packet (Parsing record content: Data field
in DNS should start with quote () at position 3 of ' hallo
allemaal!') sending out servfail

Changing quotes to single quotes, or removing them altogether doesn't
improve: I can't get PowerDNS to reply with a TXT RR.

 Seems that part works for me if I remove all quotes:

 print DATA $bits $auth $qname $qclass TXT 3600 -1 hallo allemaal!\n;

 Although it does add a space at the start:

 $ dig +short +norec +dnssec @127.0.0.1 test.net txt
 TXT 8 2 3600 2011081800 2011080400 63826 test.net.
 fD8xqLMN9vcBK1Y0CwAJrgr9CfFQRwdc3j9OVijHXjvU5TdMDZ4s4y0g
 JcmUCREUFAdbmasrKmthPEzGvtrD/K41zWSdjwArMDzehmozrCswU8Vq
 oGJ4K2n/2FEUUA1bpS0pbU+KLMW2I0EevhdPNojzgSyD78ztAOjcTH5o s6g=
  hallo allemaal!

 2. I created a zone in gmysql called example.com, type=NATIVE and
signed it with `pdnssec secure-zone example.com`. (Records table for
the zone is empty)

 Yes, it won't work without a records-table.

 3. I query the PIPE backend `dig @127.0.0.1 example.com any' and get
expected results including 3 DNSKEY RR

 4. I query the PIPE backend `dig @127.0.0.1 +dnssec example.com any' and
powerdns aborts with the following message on the console:

 Default beforeAndAfterAbsolute called!
 Got a signal 6, attempting to print trace
 ...

 A bug or two, surely? :-)

 It does work for +dnssec for webserver.$domain A or $domain SOA

 Which is really encouraging.

 But it crashes as stated above if it just doesn't find things and needs
 to do DNSSEC.

 I was using NSEC and asking for  also crashes the whole thing.

 A normal request to the pipe-backend looks like:

 24718 Received: Q test.net IN SOA -1 127.0.0.1 127.0.0.1 127.0.0.1/32
 24718 Sent SOA records
 24718 End of data

 But a request just before a crash says:

 �/32 Received: Q test.net IN SOA -1 0.0.0.0 0.0.0.0 8
 24724 Sent SOA records
 24724 End of data

 Which suggests to me something in the PowerDNS-code isn't able to handle
 it when
 there is no result from any backend in combination with DNSSEC.


I forgot to add:

It also seems to ask the wrong question ? Or atleast use the wrong
'realRemote' and maybe that breaks the protocol ?

I didn't immediately found the cause for it.

 Additionally, I note that the documentation for the PIPE backend [3]
 has no mention of ABI version 3, nor does it describe the bits and auth
 returned by the example pipe backend. Could somebody explain what the
 `bits' are?

 Thanks  regards,

 -JP

 [1]: http://downloads.powerdns.com/releases/rpm/pdns-static-3.0-1.i386.rpm
 [2]: 
 http://wiki.powerdns.com/trac/browser/trunk/pdns/modules/pipebackend/backend-v3.pl?rev=2239
 [3]: http://doc.powerdns.com/backends-detail.html#pipebackend
 ___
 Pdns-users mailing list
 Pdns-users@mailman.powerdns.com
 http://mailman.powerdns.com/mailman/listinfo/pdns-users
 ___
 Pdns-users mailing list
 Pdns-users@mailman.powerdns.com
 http://mailman.powerdns.com/mailman/listinfo/pdns-users

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Pipe-backend: ABI-v3, TXT, and DNSSEC

2011-08-08 Thread Jan-Piet Mens 
 Seems that part works for me if I remove all quotes:
 
 print DATA $bits $auth $qname $qclass TXT 3600 -1 hallo allemaal!\n;
 
 Although it does add a space at the start:

I too see the TXT record if I remove all quotes, with the prepended
space.

-JP
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users