Re: [Pdns-users] dns queries timeout on secondary IPs
On 09/08/2010 11:55 AM, George wrote: > I thought 0.0.0.0 is supposed to make it work on all IPs. The socket listens on all IPs, but unfortunately recvfrom() doesn't know what IP address the packet arrived on, so when the response is sent, it is sent with the primary IP assigned to the "closest" interface (i.e., whatever has the most relevant next-hop route that will go to the desired host). Thus, the IP is wrong, and the request originator doesn't recognize the response as being part of the same conversation (since the source address doesn't match). Unfortunately, this is a persisting misfeature related to datagrams under the Berkeley Sockets model. (I say that as someone who likes the Berkeley Sockets model, so take that for what it's worth.) The problem is, fixing it would involve incompatible changes to certain syscalls (like recvfrom() and sendto()). Maybe that'll get fixed someday though - it'd make it way easier to handle this sort of thing "right". -- Derrik Pates de...@devrandom.net ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dns queries timeout on secondary IPs
Thanks! I changed local-address and included all the IPs with a , between them and it worked. I thought 0.0.0.0 is supposed to make it work on all IPs. On Wed, Sep 8, 2010 at 8:46 PM, bert hubert wrote: > On Wed, Sep 08, 2010 at 08:44:01PM +0300, George wrote: >> Here are the outputs: >> [r...@webprod02 ~]# grep local-address /etc/pdns/pdns.conf >> # local-address Local IP addresses to which we bind >> local-address=0.0.0.0 > (...) >> pdns[6269]: It is advised to bind to explicit addresses with the >> --local-address option >> pdns[6269]: UDP server bound to 0.0.0.0:53 >> pdns[6269]: TCP server bound to 0.0.0.0:53 > (...) >> Please advise > > George - it already gave you advice ;-) Please bind to explicit Ip > addresses, and not to 0.0.0. > > Good luck! > > Bert > ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dns queries timeout on secondary IPs
On Wed, Sep 08, 2010 at 08:44:01PM +0300, George wrote: > Here are the outputs: > [r...@webprod02 ~]# grep local-address /etc/pdns/pdns.conf > # local-address Local IP addresses to which we bind > local-address=0.0.0.0 (...) > pdns[6269]: It is advised to bind to explicit addresses with the > --local-address option > pdns[6269]: UDP server bound to 0.0.0.0:53 > pdns[6269]: TCP server bound to 0.0.0.0:53 (...) > Please advise George - it already gave you advice ;-) Please bind to explicit Ip addresses, and not to 0.0.0. Good luck! Bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dns queries timeout on secondary IPs
Hi, Here are the outputs: [r...@webprod02 ~]# grep local-address /etc/pdns/pdns.conf # local-address Local IP addresses to which we bind local-address=0.0.0.0 # query-local-address Source IP address for sending queries # query-local-address= pdns[5109]: Scheduling exit on remote request pdns[5109]: Guardian is killed, taking down children with us pdns[6266]: Listening on controlsocket in '/var/run/pdns.controlsocket' pdns[6269]: Guardian is launching an instance pdns[6269]: This is module gmysqlbackend.so reporting pdns[6269]: This is a guarded instance of pdns pdns[6269]: It is advised to bind to explicit addresses with the --local-address option pdns[6269]: UDP server bound to 0.0.0.0:53 pdns[6269]: TCP server bound to 0.0.0.0:53 pdns[6269]: PowerDNS 2.9.21 (C) 2001-2006 PowerDNS.COM BV (Apr 1 2008, 12:06:01, gcc 4.1.2 20070626 (Red Hat 4.1.2-14)) starting up pdns[6269]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2. pdns[6269]: Creating backend connection for TCP pdns[6269]: Master/slave communicator launching pdns[6269]: gmysql Connection succesful pdns[6269]: About to create 3 backend threads for UDP pdns[6269]: gmysql Connection succesful pdns[6269]: gmysql Connection succesful pdns[6269]: All slave domains are fresh pdns[6269]: gmysql Connection succesful Please advise Thanks On Wed, Sep 8, 2010 at 8:39 PM, bert hubert wrote: > On Wed, Sep 08, 2010 at 08:31:45PM +0300, George wrote: >> I have CentOS 5.5 and powerdns 2.9.21 set up as a slave server. My >> problem is that pdns does not reply to queries that come from outside >> on any secondary IP . Here's the full story: > > Can you run: > grep local-address /etc/powerdns/pdns.conf (or whereever your configuration > is?). > > Can you also paste the startup messages of PowerDNS? > > Thanks. > ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dns queries timeout on secondary IPs
On Wed, Sep 08, 2010 at 08:31:45PM +0300, George wrote: > I have CentOS 5.5 and powerdns 2.9.21 set up as a slave server. My > problem is that pdns does not reply to queries that come from outside > on any secondary IP . Here's the full story: Can you run: grep local-address /etc/powerdns/pdns.conf (or whereever your configuration is?). Can you also paste the startup messages of PowerDNS? Thanks. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] dns queries timeout on secondary IPs
Hi, I have CentOS 5.5 and powerdns 2.9.21 set up as a slave server. My problem is that pdns does not reply to queries that come from outside on any secondary IP . Here's the full story: nslookup -norecurse domain.com - MAINIP Server: MAINIP Address:MAINIP#53 Name: domain.com Address: 1.1.1.1 nslookup -norecurse domain.com - SECONDARYIP ;; connection timed out; no servers could be reached When I run nmap on both primary and secondary IP for port 53 UDP and TCP it says they are open. I configured pdns for verbose logging and the strange thing is that when I query for a non-existent domain then I can see in the pdns logs: pdns[5282]: Not authoritative for 'asd', sending servfail to SOMEIP (recursion was desired) But when I query for a domain that exists in pdns there's no message, nothing. Just timeout. However querying from the dns server itself on all its IPs works fine. I have no firewalls Please help Thanks -- Server Surgeon Support supp...@serversurgeon.com http://www.serversurgeon.com System Administration Services Toll Free 1-877-E-SURGEON (877-378-7436) International 623-374-6848 Get the system support you need when you need it. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
