Re: [Pdns-users] NXDOMAIN for noon authoritative zone

[Peter van Dijk via Pdns-users]

Hello Riccardo,

On Fri, 2022-10-28 at 14:37 +, Riccardo Brunetti via Pdns-users
wrote:
> Thanks for your answer.
> Maybe I found the issue:
> 
> mysql> select * from records where domain_id=13203;
> +--+---+--+--+-
> -+--+--+--+
> ---+--+
> | id   | domain_id | name | type |
> content
>   | ttl  | prio | disabled | ordername | auth |
> +--+---+--+--+-
> -+--+--+--+
> ---+--+
> | 6309 | 13203 | .    | SOA  | a.misconfigured.powerdns.server
> hostmaster 2020032401 10800 3600 604800 3600 | 3600 |    0 |    0 |
> NULL  |    1 |
> +--+---+--+--+-
> -+--+--+--+
> ---+--+
> 1 row in set (0.00 sec)
> There is an entry (probably a mistake with some API call) which shows a
> bad SOA entry in a domain with only a "." in the "name" column.

That would explain the NXDOMAINs.

> In fact, the query for a non existent domain returns something like:
> 
> # dig @my-dns-server-IP non-existent-domain

I asked you, once on-list, once off-list, to show unedited data. Please
respect this next time you ask something. For more information, see
https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/

> Do you think it's safe to simply remove it?
> 
> update records set disabled=1 where id=6309;
> delete from records where id=6309;

The update is not very useful if you're going to delete it right after.

Don't forget to also delete it from the domains table. Perhaps pdnsutil
is a safer approach.

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] NXDOMAIN for noon authoritative zone

[Riccardo Brunetti via Pdns-users]

Hello Peter.

Thanks for your answer.

Maybe I found the issue:



mysql> select * from records where domain_id=13203;

+--+---+--+--+--+--+--+--+---+--+

| id   | domain_id | name | type | content  
    | ttl  | prio | disabled | ordername | auth |

+--+---+--+--+--+--+--+--+---+--+

| 6309 | 13203 | .    | SOA  | a.misconfigured.powerdns.server hostmaster 
2020032401 10800 3600 604800 3600 | 3600 |    0 |    0 | NULL  |    1 |

+--+---+--+--+--+--+--+--+---+--+

1 row in set (0.00 sec)

There is an entry (probably a mistake with some API call) which shows a bad SOA 
entry in a domain with only a "." in the "name" column.

In fact, the query for a non existent domain returns something like:



# dig @my-dns-server-IP non-existent-domain



; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @my-dns-server-IP 
non-existent-domain

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39797

;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; WARNING: recursion requested but not available



;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

;; QUESTION SECTION:

;non-existent-domain. IN A



;; AUTHORITY SECTION:

. 3600 IN SOA a.misconfigured.powerdns.server. hostmaster. 2020032401 10800 
3600 604800 3600



;; Query time: 18 msec

;; SERVER: my-dns-server-IP#53(my-dns-server-IP)
;; WHEN: Fri Oct 28 16:08:14 CEST 2022

;; MSG SIZE  rcvd: 116



Do you think it's safe to simply remove it?



update records set disabled=1 where id=6309;

delete from records where id=6309;

Thanks

Riccardo





28/10/2022, 15:33 Peter van Dijk via Pdns-users ha scritto:

> Hi Riccardo,
> 
> 
> 
> On Fri, 2022-10-28 at 09:11 +, Riccardo Brunetti via Pdns-users
> 
> wrote:
> 
> > Hello.
> 
> > We have a powerdns server which is authoritative for some zones, let's
> 
> > say zoneA and zoneB
> 
> > If we send a dns query for a zoneC we get NXDOMAIN answer instead of
> 
> > REFUSED.
> 
> >
> 
> > Is this the correct behavior or we are making some configuration
> 
> > mistake?
> 
> > pdns version: 4.5.2
> 
> 
> 
> That is not correct behaviour, so it sounds like a configuration (or
> 
> database content) mistake.
> 
> 
> 
> Can you show (unedited!) dig output for the good and the bad queries?
> 
> 
> 
> Kind regards,
> 
> --
> 
> Peter van Dijk
> 
> PowerDNS.COM BV - https://www.powerdns.com/
> 
> 
> 
> ___
> 
> Pdns-users mailing list
> 
> Pdns-users@mailman.powerdns.com
> 
> https://mailman.powerdns.com/mailman/listinfo/pdns-users


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Repeating log file entry for root server

[Otto Moerbeek via Pdns-users]

Hello,

a.root-servers.net is the default name used by the dnsdist health checks.
So no worries.

With respect to pdns_recursor: logging all queries (with quiet=no)
hurts performance. In general, you do not want to enable it on a
production machine.

-Otto

On Fri, Oct 28, 2022 at 08:55:04AM -0500, Slacker T via Pdns-users wrote:

> Hello! I'm running the release versions of dnsdist, recursor and server on
> OpenBSD 7.2. Currently that is:
> dnsdist-1.7.2
> powerdns-4.6.3
> powerdns-recursor-4.7.3
> 
> I'm upgrading the OS and pdns from older versions, 4.4.x. I'm attempting to
> use the previous config files soi that might be the issue.
> 
> I'm seeing the following entries repeated in the log files. I'm wondering
> if it's from the 'hint-file' config file for the recursor entry. I don't
> have that in the config, but I see in the docs that it changed in 4.6.2.
> 
> Oct 28 08:49:57 dns01 pdns[37599]: Remote 127.0.0.1 wants '
> > a.root-servers.net|A', do = 0, bufsize = 512: packetcache HIT
> > Oct 28 08:49:57 dns01 pdns_recursor[8731]: 3 question answered from packet
> > cache tag=0 from 127.0.0.1:47349
> > Oct 28 08:49:58 dns01 pdns[37599]: Remote 127.0.0.1 wants '
> > a.root-servers.net|A', do = 0, bufsize = 512: packetcache HIT
> > Oct 28 08:49:58 dns01 pdns_recursor[8731]: 3 question answered from packet
> > cache tag=0 from 127.0.0.1:10793
> >
> 
> So is this from some internal piece to update the root servers? loglevel is
> 6 on both the recursor and the server. I just wanted to make sure this is
> normal and not a sign of misconfiguration. Rarely the log will show a MISS.

> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Repeating log file entry for root server

[Slacker T via Pdns-users]

Hello! I'm running the release versions of dnsdist, recursor and server on
OpenBSD 7.2. Currently that is:
dnsdist-1.7.2
powerdns-4.6.3
powerdns-recursor-4.7.3

I'm upgrading the OS and pdns from older versions, 4.4.x. I'm attempting to
use the previous config files soi that might be the issue.

I'm seeing the following entries repeated in the log files. I'm wondering
if it's from the 'hint-file' config file for the recursor entry. I don't
have that in the config, but I see in the docs that it changed in 4.6.2.

Oct 28 08:49:57 dns01 pdns[37599]: Remote 127.0.0.1 wants '
> a.root-servers.net|A', do = 0, bufsize = 512: packetcache HIT
> Oct 28 08:49:57 dns01 pdns_recursor[8731]: 3 question answered from packet
> cache tag=0 from 127.0.0.1:47349
> Oct 28 08:49:58 dns01 pdns[37599]: Remote 127.0.0.1 wants '
> a.root-servers.net|A', do = 0, bufsize = 512: packetcache HIT
> Oct 28 08:49:58 dns01 pdns_recursor[8731]: 3 question answered from packet
> cache tag=0 from 127.0.0.1:10793
>

So is this from some internal piece to update the root servers? loglevel is
6 on both the recursor and the server. I just wanted to make sure this is
normal and not a sign of misconfiguration. Rarely the log will show a MISS.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] NXDOMAIN for noon authoritative zone

[Peter van Dijk via Pdns-users]

Hi Riccardo,

On Fri, 2022-10-28 at 09:11 +, Riccardo Brunetti via Pdns-users
wrote:
> Hello.
> We have a powerdns server which is authoritative for some zones, let's
> say zoneA and zoneB
> If we send a dns query for a zoneC we get NXDOMAIN answer instead of
> REFUSED.
> 
> Is this the correct behavior or we are making some configuration
> mistake?
> pdns version: 4.5.2

That is not correct behaviour, so it sounds like a configuration (or
database content) mistake.

Can you show (unedited!) dig output for the good and the bad queries?

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] NXDOMAIN for noon authoritative zone

[Riccardo Brunetti via Pdns-users]

Hello.

We have a powerdns server which is authoritative for some zones, let's say 
zoneA and zoneB

If we send a dns query for a zoneC we get NXDOMAIN answer instead of REFUSED.



Is this the correct behavior or we are making some configuration mistake?

pdns version: 4.5.2



Thanks

Riccardo 




___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Warning in syslog after upgrade to PowerDNS Authoritative Server 4.7

[Otto Moerbeek via Pdns-users]

Hello,

4.7.0 introduced (optional) GSS-TSIG support. Even with that support
not compiled in will report about GSS-TSIG requests it could not
handle. That might generate too much log spam, will discuss if this
message should stay, maybe the level should be Debug. There is also a
typo there: an extra `not'.

So what happens is that the server sees GSS-TSIG enabled requests but
is not prepared to deal with them. Do you have clients or other
servers that send these GSS-TSIG enabled queries?

As for the failing SOA retrieval: does the primary log anything why it
isn't willing to serve the SOA? Perhaps a packet capture will shed
some light on why the SOA retrieval fails. Increasin the loglevel
might also help.

-Otto

On Thu, Oct 27, 2022 at 11:07:29AM +, Giorgio Lardone via Pdns-users wrote:

> Dear all,
> after updating my secondary PowerDNS to version 4.7, I see a myriad of these 
> messages in the syslog:
> 
> "pdns_server[7658]: GSS-TSIG request but not feature not compiled in"
> 
> and
> 
> "pdns_server[7658]: Unable to retrieve SOA for domainname.tld, this was the 
> first time. NOTE: For every subsequent failed SOA check the domain will be 
> suspended from freshness checks for 'num-errors x 60 seconds', with a maximum 
> of 3600 seconds. Skipping SOA checks until 1666868614"
> 
> What do you think they depend on?
> 
> Thanks for your opinion,
> Giorgio

> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Authoritative Server 4.7.0

[Otto Moerbeek via Pdns-users]

This is known, a 4.7.1 will be released very soon with this fixed.

-Otto

On Fri, Oct 28, 2022 at 07:12:03AM +, Henri Nougayrede via Pdns-users wrote:

> Hi
> 
> Same for ubuntu 4.7 .deb package.
> I ran the SQL script 
> here.
> 
> Regards
> 
> HNO
> 
> De : Pdns-users  de la part de 
> Florian Obser via Pdns-users 
> Envoyé : vendredi 28 octobre 2022 09:07
> À : Peter van Dijk via Pdns-users 
> Objet : Re: [Pdns-users] PowerDNS Authoritative Server 4.7.0
> 
> Hi,
> 
> On 2022-10-20 11:02 +02, Peter van Dijk via Pdns-users 
>  wrote:
> > Please make sure to read the [3]Upgrade Notes before upgrading.
> >
> 
> | The new Catalog Zones feature comes with a mandatory schema change for
> | the gsql database backends. See files named
> | 4.3.x_to_4.7.0_schema.X.sql for your database backend in our Git repo,
> | tarball, or distro-specific documentation path.
> 
> Looks like https://downloads.powerdns.com/releases/pdns-4.7.0.tar.bz2
> misses the 4.3.x_to_4.7.0_schema.X.sql files.
> 
> Cheers,
> Florian
> 
> --
> I'm not entirely sure you are real.
> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Authoritative Server 4.7.0

[Henri Nougayrede via Pdns-users]

Hi

Same for ubuntu 4.7 .deb package.
I ran the SQL script 
here.

Regards

HNO

De : Pdns-users  de la part de Florian 
Obser via Pdns-users 
Envoyé : vendredi 28 octobre 2022 09:07
À : Peter van Dijk via Pdns-users 
Objet : Re: [Pdns-users] PowerDNS Authoritative Server 4.7.0

Hi,

On 2022-10-20 11:02 +02, Peter van Dijk via Pdns-users 
 wrote:
> Please make sure to read the [3]Upgrade Notes before upgrading.
>

| The new Catalog Zones feature comes with a mandatory schema change for
| the gsql database backends. See files named
| 4.3.x_to_4.7.0_schema.X.sql for your database backend in our Git repo,
| tarball, or distro-specific documentation path.

Looks like https://downloads.powerdns.com/releases/pdns-4.7.0.tar.bz2
misses the 4.3.x_to_4.7.0_schema.X.sql files.

Cheers,
Florian

--
I'm not entirely sure you are real.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Authoritative Server 4.7.0

[Florian Obser via Pdns-users]

Hi,

On 2022-10-20 11:02 +02, Peter van Dijk via Pdns-users 
 wrote:
> Please make sure to read the [3]Upgrade Notes before upgrading.
>

| The new Catalog Zones feature comes with a mandatory schema change for
| the gsql database backends. See files named
| 4.3.x_to_4.7.0_schema.X.sql for your database backend in our Git repo,
| tarball, or distro-specific documentation path.

Looks like https://downloads.powerdns.com/releases/pdns-4.7.0.tar.bz2
misses the 4.3.x_to_4.7.0_schema.X.sql files.

Cheers,
Florian

-- 
I'm not entirely sure you are real.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users