Re: [Pdns-users] LUA createForward() records and improvement suggestions
Hi Otto,
thanks for the pointer! AFAICT it covers my patches as well, looks a lot more
complicated, though. I'll take a closer look at it.
Is there any reason, why it hasn't been merged yet? Any cases that would break
that needed to be avoided?
Thanks,
Michael.
--
Michael Rommel, Erlangen, Germany
> On 23 Jun 2020, at 08:16, Otto Moerbeek wrote:
>
> On Mon, Jun 22, 2020 at 10:11:30PM +0200, Michael Rommel via Pdns-users
> wrote:
>
>>
>> Dear all,
>>
>> a while ago (2020-03-01) I asked about setting up domains with LUA
>> createForward()
>> records.
>>
>> I suceeded in setting it up and found some peculiarities, which I would like
>> to
>> discuss here (in parallel I consider to submit PRs for some issues in Github
>> and
>> would appreciate guidance, whether it makes sense to open them).
>>
>> There are four (4) questions in this mail and sorry for the length, but I
>> wanted
>> to make it explicit with all possible information provided from the get-go.
>>
>> The setup for the proof-of-concept is a MASTER/SLAVE setup with sqlite3 as
>> backend. The used version is 4.3.0-1pdns.bionic from
>> http://repo.powerdns.com/ubuntu bionic-auth-43.
>>
>> The demo setup has essentially these domains and records (taken from the
>> master):
>>
>> sqlite> select * from records;
>> 1|1|example.com|SOA|ns1.example.com ra-dns-admin.example.com 3 10380 3600
>> 604800 3600|86400|||0||1
>> 2|1|example.com|NS|ns1.example.com|86400|||0||1
>> 3|1|example.com|NS|ns2.example.com|86400|||0||1
>> 4|1|ns1.example.com|A|104.41.128.19|86400|||0||1
>> 5|1|ns2.example.com|A|52.148.215.179|86400|||0||1
>> 7|1|*..1001.example.com|LUA|A "createForward()"|60|||0||1
>> 8|1|*.-2002.example.com|LUA|A "createForward()"|60|||0||1
>> 9|2|-3003.example.com|SOA|ns1.example.com ra-dns-admin.example.com 2
>> 10380 3600 604800 3600|86400|||0||1
>> 10|2|*.-3003.example.com|LUA|A "createForward()"|60|||0||1
>>
>> sqlite> select * from domains;
>> 1|example.com|||MASTER|2|
>> 2|-3003.example.com|||MASTER|2|
>>
>> Other tables available on request, I'll try to be as brief as possible.
>>
>> The intended use is a DNS resolver for approx. 200.000 devices (more
>> later), each device shall have one of those wildcard createForward()
>> records and an accompanying _acme-challenge TXT record to obtain a Let's
>> Encrypt certificate for that record.
>>
>>
>> Q 1: Structure of the domain/subdomains / current implementation limitations
>>
>>
>> Currently the implementation of the LUA createForward() is in a way that
>> accepts the wildcard only as being directly underneath the domain in
>> question. In the example setup above, the 4.3 version:
>>
>> - will not resolve the record ip10203040.-2002.example.com
>> - will resolve the record ip10203040.-3003.example.com
>>
>> because only the latter one is directly beneath the domain. In my use case
>> that would mean to create 200. additional entries in the domain table
>> (the NS records for a proper DNS delegation can be omitted here, because
>> all live on the same server). Each domain would only have two entries.
>>
>> Even with a less aggressive SOA refresh time, that would mean, that pdns
>> would check all of those 200K domains within one hour. Since they mostly
>> stay the same, there is no AXFR involved, but the checking imposes a load
>> on the database and logging (tuneable of course). With PGSQL later this
>> will certainly bearable, but I think a multi-level structure might be
>> better suited. Hence the first patch:
>>
>> I suggest changing the line 616 in lua-record.cc to
>>
>>if(parts.size()<4) {
>>
>> This would retain the behaviour of accepting questions like:
>>
>> 192.168.1.1.-3003.example.com
>>
>> but would enable additionally questions like:
>>
>> ip10203040.-2002.example.com
>> ip10203040..1001.example.com
>>
>> letting me subdivide the domain without the need for separate subdomains
>> just for the resolution purpose.
>>
>> It would be breaking for setups where the top level domain also has a
>> wildcard record and it is not wished that subdomains are resolved:
>>
>> *.example.com|LUA|A "createForward()"
>>
>> And ip10203040.test.example.com shall NOT be resolved. With the patch, it
>> would.
>>
>> Shall I submit a PR with this or do you have better ideas for an
>> implementation.
>>
>>
>> Q 2: Does it make sense to subdivide the domain
>>
>>
>> The patch above allows me to structure the domain like the example
>> 1001..example.com or vice versa. This would result in
>>
>> ~ 850 records like .example.com, each with
>> 1 - 10.000 records underneath it like 1001..example.com each with:
>> *.1001..example.com LUA "createForward()" and
>> _acme-challenge.1001..example.com TXT "token from LE"
>> The 850 records would be full domains with their entry in the domains
>> table, but the 10.000 entries below
Re: [Pdns-users] LUA createForward() records and improvement suggestions
On Mon, Jun 22, 2020 at 10:11:30PM +0200, Michael Rommel via Pdns-users wrote:
>
> Dear all,
>
> a while ago (2020-03-01) I asked about setting up domains with LUA
> createForward()
> records.
>
> I suceeded in setting it up and found some peculiarities, which I would like
> to
> discuss here (in parallel I consider to submit PRs for some issues in Github
> and
> would appreciate guidance, whether it makes sense to open them).
>
> There are four (4) questions in this mail and sorry for the length, but I
> wanted
> to make it explicit with all possible information provided from the get-go.
>
> The setup for the proof-of-concept is a MASTER/SLAVE setup with sqlite3 as
> backend. The used version is 4.3.0-1pdns.bionic from
> http://repo.powerdns.com/ubuntu bionic-auth-43.
>
> The demo setup has essentially these domains and records (taken from the
> master):
>
> sqlite> select * from records;
> 1|1|example.com|SOA|ns1.example.com ra-dns-admin.example.com 3 10380 3600
> 604800 3600|86400|||0||1
> 2|1|example.com|NS|ns1.example.com|86400|||0||1
> 3|1|example.com|NS|ns2.example.com|86400|||0||1
> 4|1|ns1.example.com|A|104.41.128.19|86400|||0||1
> 5|1|ns2.example.com|A|52.148.215.179|86400|||0||1
> 7|1|*..1001.example.com|LUA|A "createForward()"|60|||0||1
> 8|1|*.-2002.example.com|LUA|A "createForward()"|60|||0||1
> 9|2|-3003.example.com|SOA|ns1.example.com ra-dns-admin.example.com 2
> 10380 3600 604800 3600|86400|||0||1
> 10|2|*.-3003.example.com|LUA|A "createForward()"|60|||0||1
>
> sqlite> select * from domains;
> 1|example.com|||MASTER|2|
> 2|-3003.example.com|||MASTER|2|
>
> Other tables available on request, I'll try to be as brief as possible.
>
> The intended use is a DNS resolver for approx. 200.000 devices (more
> later), each device shall have one of those wildcard createForward()
> records and an accompanying _acme-challenge TXT record to obtain a Let's
> Encrypt certificate for that record.
>
>
> Q 1: Structure of the domain/subdomains / current implementation limitations
>
>
> Currently the implementation of the LUA createForward() is in a way that
> accepts the wildcard only as being directly underneath the domain in
> question. In the example setup above, the 4.3 version:
>
> - will not resolve the record ip10203040.-2002.example.com
> - will resolve the record ip10203040.-3003.example.com
>
> because only the latter one is directly beneath the domain. In my use case
> that would mean to create 200. additional entries in the domain table
> (the NS records for a proper DNS delegation can be omitted here, because
> all live on the same server). Each domain would only have two entries.
>
> Even with a less aggressive SOA refresh time, that would mean, that pdns
> would check all of those 200K domains within one hour. Since they mostly
> stay the same, there is no AXFR involved, but the checking imposes a load
> on the database and logging (tuneable of course). With PGSQL later this
> will certainly bearable, but I think a multi-level structure might be
> better suited. Hence the first patch:
>
> I suggest changing the line 616 in lua-record.cc to
>
> if(parts.size()<4) {
>
> This would retain the behaviour of accepting questions like:
>
> 192.168.1.1.-3003.example.com
>
> but would enable additionally questions like:
>
> ip10203040.-2002.example.com
> ip10203040..1001.example.com
>
> letting me subdivide the domain without the need for separate subdomains
> just for the resolution purpose.
>
> It would be breaking for setups where the top level domain also has a
> wildcard record and it is not wished that subdomains are resolved:
>
> *.example.com|LUA|A "createForward()"
>
> And ip10203040.test.example.com shall NOT be resolved. With the patch, it
> would.
>
> Shall I submit a PR with this or do you have better ideas for an
> implementation.
>
>
> Q 2: Does it make sense to subdivide the domain
>
>
> The patch above allows me to structure the domain like the example
> 1001..example.com or vice versa. This would result in
>
> ~ 850 records like .example.com, each with
> 1 - 10.000 records underneath it like 1001..example.com each with:
>*.1001..example.com LUA "createForward()" and
> _acme-challenge.1001..example.com TXT "token from LE"
> The 850 records would be full domains with their entry in the domains
> table, but the 10.000 entries below would not be separate domains.
>
> This means that once a new device needs a certificate, two records would be
> created and in the worst case a domain with 20.000 entries would be needed
> to AXFR by the SLAVE (or via native replication later).
>
> But the refresh would only check the SOA for 850 records between pdns and
> its backend db.
>
> Would you consider a different solution / structure or does that make sense
> to you?
>
>
> Q 3: SERVFAIL with special ques
[Pdns-users] LUA createForward() records and improvement suggestions
Dear all,
a while ago (2020-03-01) I asked about setting up domains with LUA
createForward()
records.
I suceeded in setting it up and found some peculiarities, which I would like to
discuss here (in parallel I consider to submit PRs for some issues in Github
and
would appreciate guidance, whether it makes sense to open them).
There are four (4) questions in this mail and sorry for the length, but I
wanted
to make it explicit with all possible information provided from the get-go.
The setup for the proof-of-concept is a MASTER/SLAVE setup with sqlite3 as
backend. The used version is 4.3.0-1pdns.bionic from
http://repo.powerdns.com/ubuntu bionic-auth-43.
The demo setup has essentially these domains and records (taken from the
master):
sqlite> select * from records;
1|1|example.com|SOA|ns1.example.com ra-dns-admin.example.com 3 10380 3600
604800 3600|86400|||0||1
2|1|example.com|NS|ns1.example.com|86400|||0||1
3|1|example.com|NS|ns2.example.com|86400|||0||1
4|1|ns1.example.com|A|104.41.128.19|86400|||0||1
5|1|ns2.example.com|A|52.148.215.179|86400|||0||1
7|1|*..1001.example.com|LUA|A "createForward()"|60|||0||1
8|1|*.-2002.example.com|LUA|A "createForward()"|60|||0||1
9|2|-3003.example.com|SOA|ns1.example.com ra-dns-admin.example.com 2
10380 3600 604800 3600|86400|||0||1
10|2|*.-3003.example.com|LUA|A "createForward()"|60|||0||1
sqlite> select * from domains;
1|example.com|||MASTER|2|
2|-3003.example.com|||MASTER|2|
Other tables available on request, I'll try to be as brief as possible.
The intended use is a DNS resolver for approx. 200.000 devices (more
later), each device shall have one of those wildcard createForward()
records and an accompanying _acme-challenge TXT record to obtain a Let's
Encrypt certificate for that record.
Q 1: Structure of the domain/subdomains / current implementation limitations
Currently the implementation of the LUA createForward() is in a way that
accepts the wildcard only as being directly underneath the domain in
question. In the example setup above, the 4.3 version:
- will not resolve the record ip10203040.-2002.example.com
- will resolve the record ip10203040.-3003.example.com
because only the latter one is directly beneath the domain. In my use case
that would mean to create 200. additional entries in the domain table
(the NS records for a proper DNS delegation can be omitted here, because
all live on the same server). Each domain would only have two entries.
Even with a less aggressive SOA refresh time, that would mean, that pdns
would check all of those 200K domains within one hour. Since they mostly
stay the same, there is no AXFR involved, but the checking imposes a load
on the database and logging (tuneable of course). With PGSQL later this
will certainly bearable, but I think a multi-level structure might be
better suited. Hence the first patch:
I suggest changing the line 616 in lua-record.cc to
if(parts.size()<4) {
This would retain the behaviour of accepting questions like:
192.168.1.1.-3003.example.com
but would enable additionally questions like:
ip10203040.-2002.example.com
ip10203040..1001.example.com
letting me subdivide the domain without the need for separate subdomains
just for the resolution purpose.
It would be breaking for setups where the top level domain also has a
wildcard record and it is not wished that subdomains are resolved:
*.example.com|LUA|A "createForward()"
And ip10203040.test.example.com shall NOT be resolved. With the patch, it
would.
Shall I submit a PR with this or do you have better ideas for an
implementation.
Q 2: Does it make sense to subdivide the domain
The patch above allows me to structure the domain like the example
1001..example.com or vice versa. This would result in
~ 850 records like .example.com, each with
1 - 10.000 records underneath it like 1001..example.com each with:
*.1001..example.com LUA "createForward()" and
_acme-challenge.1001..example.com TXT "token from LE"
The 850 records would be full domains with their entry in the domains
table, but the 10.000 entries below would not be separate domains.
This means that once a new device needs a certificate, two records would be
created and in the worst case a domain with 20.000 entries would be needed
to AXFR by the SLAVE (or via native replication later).
But the refresh would only check the SOA for 850 records between pdns and
its backend db.
Would you consider a different solution / structure or does that make sense
to you?
Q 3: SERVFAIL with special questions
Currently there is a strange behaviour with createForward(). I would
consider this a bug, but am open to corrections.
The implementation skips the first two octets, then parses the remainder
with sscanf. This leads to a problem, when someone asks a question like
192-168-3-4.-3003.example.com
which leads
Re: [Pdns-users] API issue
Hi Aki,
>> we are using PowerDNS version 4.2.2 and seeing errors creating subdomains
>> via the api.
>>
>> The following curl worked for years [1], but after an update to latest pdns
>> version it is returning 500 http errors:
>>
>> curl -i -s -XPATCH \
>> -H 'X-API-Key: $powerdns_api_key' \
>> https://$powerdns_host/api/v1/servers/localhost/zones/$domain -d '{
>> "rrsets": [
>> {
>> "name": "$subdomain.$domain.",
>> "type": "A",
>> "changetype": "REPLACE",
>> "ttl": 600,
>> "records": [
>> {
>> "content": "$ip",
>> "disabled": false
>> }
>> ]
>> }
>> ]
>> }'
>>
>> HTTP ISE for "/api/v1/servers/localhost/zones/example.com": Exception:
>> GSQLBackend unable to insert empty non-terminal rr '_domainkey.example.com'
>> in domain_id 2: Could not execute mysql statement: insert into records
>> (type,domain_id,disabled,name,ordername,auth,content,ttl,prio) values
>> (null,?,0,?,?,?,NULL,NULL,NULL): Column 'type' cannot be null
>
> Did you remember to update the schema as well?
Yes, I executed the documented schema changes.
- Stefan
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Mysql cluster backend & rpz
- Original Message - > From: "Otto Moerbeek" > To: "bill pye" > Cc: "Pdns-users" > Sent: Monday, 22 June, 2020 12:44:31 > Subject: Re: [Pdns-users] Mysql cluster backend & rpz > On Mon, Jun 22, 2020 at 10:07:07AM +, Bill Pye via Pdns-users wrote: > >> As a follow-up to my last post I have a question (or two) about using a mysql >> cluster as the backend and using rpz. >> >> First, where does PDNS-recursor store the download zone for an rpz, is it in >> the >> mysql db or an on-disk file? I'd assume it's on-disk. >> >> Second, as I use a cluster of three pdns, pdns-recursor & dnsdist and the rpz >> zone is on-disk I'd need that specified in each recursor I guess? >> >> I'm probably missing something obvious here so a nudge in the right direction >> would be appreciated. :) >> >> Regards > > Recursor knows nothing about databases > > RPZ data is stored in memory. Starting wit 4.2. you can write it to > disk (using the dumpFile attribute) and use that file for a quick load > on restart (using the seedFile attribute). > > And yes, you'll need to specify the rpz zone in each recursor where > it should be used. > > -Otto Otto Thanks again and I guess a bit more reading for me. :) PDNS: 4.3.0 PDNS-recursor: 4.3.0 DNSDIST: 1.5.0 rc3 Regards Bill ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Problem configuring rpz
- Original Message - > From: "Otto Moerbeek" > To: "bill pye" > Cc: "Pdns-users" > Sent: Monday, 22 June, 2020 12:40:58 > Subject: Re: [Pdns-users] Problem configuring rpz > On Mon, Jun 22, 2020 at 09:57:13AM +, Bill Pye via Pdns-users wrote: > >> Hi all >> >> I'm a home user of your excellent software and by no means an expert in DNS. >> A >> while ago I was experimenting with setting-up rpz files on my DNS servers, >> that >> all worked OK. Recently I've been trying to configure the rpz via AXFR from >> ioc2rpz here: [ https://ioc2rpz.net/ | https://ioc2rpz.net/ ] >> >> After a bit of trial and error (normal for me!) I have this working quite >> well >> but I did hit a 'problem' and have a couple of questions. >> >> While reading the documentation of the feed it mentioned that the feeds were >> updated every thirty minutes, PDNS-recursor documentation states that the >> zones >> default is used if not specified in the config file: >> >> "refresh >> >> >> >> An integer describing the interval between checks for updates. By default, >> the >> RPZ zone’s default is used" >> >> >> >> >> That sounded reasonable so I left that alone and started with one feed which >> contained four records. Strangely that resulted in an IXFR being done every >> second, I left that running for a while (i.e. for about 12 hours) and it >> never >> stopped. Is this a bug and should I file one on github? >> >> >> >> >> >> Next a question, the documentation states the Refresh is an "integer" but it >> doesn't mention that it's a per-second "integer" - should that be added to >> the >> documentation? . Could the fact that if it's left empty be responsible for my >> once-per-second IXFR? As the feed said it was updated every thirty minutes >> override that once-per-second? >> >> The relevant SOA record from my feed is this: >> >> dns-bh.ioc2rpz. 604800 IN SOA ioc2rpz-srv1.ioc2rpz.net. ioc2rpz.ioc2rpz.com. >> 1591664280 43200 900 2592000 7200 >> >> Obviously that has a refresh of 15 minutes which is not the 30 mins the >> document >> says but should my once-per-second IXFR be happening with that SOA? Once I >> added a refresh to my rpzmaster entry it all worked as expected. :) >> >> I hope that all makes sense but if I've missed something or it isn't too >> clear >> then just let me know. >> >> Regards >> >> >> Bill > > Please always tell which version you are using. > > An issue that sounds very much lkike what you are seeing was fixed in > https://github.com/PowerDNS/pdns/pull/8778. This is also in 4.3.1 > > For older versions, you should set a refresh interval explicitly. > > As for the feed's data update interval vs their published refresh > interval in their SOA record, I think yo have to contact the feed source. > > -Otto Otto It seems to be one of those days, here's the version for the list: PDNS: 4.3.0 PDNS-recursor: 4.3.0 DNSDIST: 1.5.0 rc3 Regards Bill ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Mysql cluster backend & rpz
On Mon, Jun 22, 2020 at 10:07:07AM +, Bill Pye via Pdns-users wrote: > As a follow-up to my last post I have a question (or two) about using a mysql > cluster as the backend and using rpz. > > First, where does PDNS-recursor store the download zone for an rpz, is it in > the mysql db or an on-disk file? I'd assume it's on-disk. > > Second, as I use a cluster of three pdns, pdns-recursor & dnsdist and the rpz > zone is on-disk I'd need that specified in each recursor I guess? > > I'm probably missing something obvious here so a nudge in the right direction > would be appreciated. :) > > Regards Recursor knows nothing about databases RPZ data is stored in memory. Starting wit 4.2. you can write it to disk (using the dumpFile attribute) and use that file for a quick load on restart (using the seedFile attribute). And yes, you'll need to specify the rpz zone in each recursor where it should be used. -Otto ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Problem configuring rpz
On Mon, Jun 22, 2020 at 09:57:13AM +, Bill Pye via Pdns-users wrote: > Hi all > > I'm a home user of your excellent software and by no means an expert in DNS. > A while ago I was experimenting with setting-up rpz files on my DNS servers, > that all worked OK. Recently I've been trying to configure the rpz via AXFR > from ioc2rpz here: [ https://ioc2rpz.net/ | https://ioc2rpz.net/ ] > > After a bit of trial and error (normal for me!) I have this working quite > well but I did hit a 'problem' and have a couple of questions. > > While reading the documentation of the feed it mentioned that the feeds were > updated every thirty minutes, PDNS-recursor documentation states that the > zones default is used if not specified in the config file: > > "refresh > > > > An integer describing the interval between checks for updates. By default, > the RPZ zone’s default is used" > > > > > That sounded reasonable so I left that alone and started with one feed which > contained four records. Strangely that resulted in an IXFR being done every > second, I left that running for a while (i.e. for about 12 hours) and it > never stopped. Is this a bug and should I file one on github? > > > > > > Next a question, the documentation states the Refresh is an "integer" but it > doesn't mention that it's a per-second "integer" - should that be added to > the documentation? . Could the fact that if it's left empty be responsible > for my once-per-second IXFR? As the feed said it was updated every thirty > minutes override that once-per-second? > > The relevant SOA record from my feed is this: > > dns-bh.ioc2rpz. 604800 IN SOA ioc2rpz-srv1.ioc2rpz.net. ioc2rpz.ioc2rpz.com. > 1591664280 43200 900 2592000 7200 > > Obviously that has a refresh of 15 minutes which is not the 30 mins the > document says but should my once-per-second IXFR be happening with that SOA? > Once I added a refresh to my rpzmaster entry it all worked as expected. :) > > I hope that all makes sense but if I've missed something or it isn't too > clear then just let me know. > > Regards > > > Bill Please always tell which version you are using. An issue that sounds very much lkike what you are seeing was fixed in https://github.com/PowerDNS/pdns/pull/8778. This is also in 4.3.1 For older versions, you should set a refresh interval explicitly. As for the feed's data update interval vs their published refresh interval in their SOA record, I think yo have to contact the feed source. -Otto ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Mysql cluster backend & rpz
As a follow-up to my last post I have a question (or two) about using a mysql cluster as the backend and using rpz. First, where does PDNS-recursor store the download zone for an rpz, is it in the mysql db or an on-disk file? I'd assume it's on-disk. Second, as I use a cluster of three pdns, pdns-recursor & dnsdist and the rpz zone is on-disk I'd need that specified in each recursor I guess? I'm probably missing something obvious here so a nudge in the right direction would be appreciated. :) Regards Bill ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Problem configuring rpz
Hi all I'm a home user of your excellent software and by no means an expert in DNS. A while ago I was experimenting with setting-up rpz files on my DNS servers, that all worked OK. Recently I've been trying to configure the rpz via AXFR from ioc2rpz here: [ https://ioc2rpz.net/ | https://ioc2rpz.net/ ] After a bit of trial and error (normal for me!) I have this working quite well but I did hit a 'problem' and have a couple of questions. While reading the documentation of the feed it mentioned that the feeds were updated every thirty minutes, PDNS-recursor documentation states that the zones default is used if not specified in the config file: "refresh An integer describing the interval between checks for updates. By default, the RPZ zone’s default is used" That sounded reasonable so I left that alone and started with one feed which contained four records. Strangely that resulted in an IXFR being done every second, I left that running for a while (i.e. for about 12 hours) and it never stopped. Is this a bug and should I file one on github? Next a question, the documentation states the Refresh is an "integer" but it doesn't mention that it's a per-second "integer" - should that be added to the documentation? . Could the fact that if it's left empty be responsible for my once-per-second IXFR? As the feed said it was updated every thirty minutes override that once-per-second? The relevant SOA record from my feed is this: dns-bh.ioc2rpz. 604800 IN SOA ioc2rpz-srv1.ioc2rpz.net. ioc2rpz.ioc2rpz.com. 1591664280 43200 900 2592000 7200 Obviously that has a refresh of 15 minutes which is not the 30 mins the document says but should my once-per-second IXFR be happening with that SOA? Once I added a refresh to my rpzmaster entry it all worked as expected. :) I hope that all makes sense but if I've missed something or it isn't too clear then just let me know. Regards Bill ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dnstap problem
On Mon, Jun 22, 2020 at 08:13:11AM +0100, Brian Candler wrote:
> On 22/06/2020 07:03, Otto Moerbeek wrote:
> > AF 2 is inet, not inet6, in /usr/include/sys/socket.h on my (OpenBSD)
> > machine:
> >
> > #define AF_INET 2
>
> Ah I see, I was going by pdns/dnstap.proto:
>
> // SocketFamily: the network protocol family of a socket. This specifies how
> // to interpret "network address" fields.
> enum SocketFamily {
> INET = 1; // IPv4 (RFC 791)
> INET6 = 2; // IPv6 (RFC 2460)
> }
Yes, it is confusing, the IANA assigned numbers differ from the
internal AF_* values...
-Otto
>
>
> > The problem is your version of the fstrm lib only supports unix domain
> > sockets. inet and inet6 support are recent addtions to libfstrm.
>
> That makes a lot of sense - thank you.
>
> root@cache2:~# dpkg-query -l | grep fstrm
> ii libfstrm0:amd64 0.3.0-1build1 amd64 Frame
> Streams (fstrm) library
> root@cache2:~# ldd /usr/sbin/pdns_recursor | grep fstrm
> libfstrm.so.0 => /usr/lib/x86_64-linux-gnu/libfstrm.so.0
> (0x7f031ef14000)
>
> Ubuntu 20.04 has version 0.6.0, which is the latest release. I'll try that.
>
> Cheers,
>
> Brian.
>
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dnstap problem
On 22/06/2020 07:03, Otto Moerbeek wrote:
AF 2 is inet, not inet6, in /usr/include/sys/socket.h on my (OpenBSD)
machine:
#define AF_INET 2
Ah I see, I was going by pdns/dnstap.proto:
// SocketFamily: the network protocol family of a socket. This specifies how
// to interpret "network address" fields.
enum SocketFamily {
INET = 1; // IPv4 (RFC 791)
INET6 = 2; // IPv6 (RFC 2460)
}
The problem is your version of the fstrm lib only supports unix domain
sockets. inet and inet6 support are recent addtions to libfstrm.
That makes a lot of sense - thank you.
root@cache2:~# dpkg-query -l | grep fstrm
ii libfstrm0:amd64 0.3.0-1build1 amd64
Frame Streams (fstrm) library
root@cache2:~# ldd /usr/sbin/pdns_recursor | grep fstrm
libfstrm.so.0 => /usr/lib/x86_64-linux-gnu/libfstrm.so.0
(0x7f031ef14000)
Ubuntu 20.04 has version 0.6.0, which is the latest release. I'll try that.
Cheers,
Brian.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
