Re: [Pdns-users] LUA for "filter-aaaa-on-v4"

> On 30 Oct 2023, at 09:50, Brian Candler wrote: > > On 30/10/2023 09:10, Djerk Geurts via Pdns-users wrote: >> >> Your right that once dual stack is enabled on parts of the network and in >> clients, then we'll need to be mindful of this. But, I would expect

Re: [Pdns-users] LUA for "filter-aaaa-on-v4"

under our control. Thank you for your input, Djerk Geurts On 30 Oct 2023, 06:26, at 06:26, Otto Moerbeek wrote: >On Mon, Oct 30, 2023 at 04:35:25AM +, Djerk Geurts via Pdns-users >wrote: > >> Hi all, >> >> Not had the opportunity to test this yet, but wanted to chec

[Pdns-users] LUA for "filter-aaaa-on-v4"

Hi all, Not had the opportunity to test this yet, but wanted to check with those more experienced at LUA scripting if the following has any unexpected side effects: function preresolve(dq) -- Implementation of 'filter--on-v4' if dq.qtype == pdns. and dq.remoteaddr:isIPv4() then

[Pdns-users] Pdns-recursor and dnsdist on same machine

I’ve noticed that using "proxy-protocol-from” in the pdns-recursor, a simple query from that source no longer works. So if I set pdns-recursor to 127.0.53.53 and dnsdist to the network IP address of the host then on this host I can’t query pdns-recursor on 127.0.53.53 as the host command

Re: [Pdns-users] Pdns recursor - forward-zones-file not working

tto Moerbeek wrote: > > On Mon, Jun 19, 2023 at 05:10:01PM +0100, Djerk Geurts via Pdns-users wrote: > >> Hi all, >> >> Reading up on recursor settings I found that with forward-zones-file one can >> set recurse an RD flag and also add domains to an allow-not

[Pdns-users] Pdns recursor - forward-zones-file not working

Hi all, Reading up on recursor settings I found that with forward-zones-file one can set recurse an RD flag and also add domains to an allow-notify-for list. "Zones prefixed with a ‘+’ are treated as with forward-zones-recurse

Re: [Pdns-users] signatures were invalid: EXPKEYSIG 1B0C6205FD380FBB

> On 7 Jun 2023, at 17:46, Otto Moerbeek wrote: > > On Wed, Jun 07, 2023 at 06:03:29PM +0200, Otto Moerbeek via Pdns-users wrote: > >> On Wed, Jun 07, 2023 at 04:26:53PM +0100, Djerk Geurts via Pdns-users wrote: >> >>> Hi all, >>> >>> Is th

[Pdns-users] signatures were invalid: EXPKEYSIG 1B0C6205FD380FBB

Hi all, Is there an issue with the Ubuntu repo? I changes a host from focal-auth-master to focal-auth-48 and encountering a GPG error, previously the GPG key had been updated but I see the normal key listed everywhere still. Err:1 http://repo.powerdns.com/ubuntu focal-auth-48 InRelease The

Re: [Pdns-users] DoT for recursor

Hi Otto, Thank you, good to know. I use dnsdist at my clients but am working on my lab at the moment where I don’t yet have have dnsdist deployed. -- Djerk Geurts > On 9 May 2023, at 13:47, Otto Moerbeek wrote: > > On Tue, May 09, 2023 at 01:34:51PM +0100, Djerk Geurts via Pdns-us

[Pdns-users] DoT for recursor

Hi all, Had a look and the only thing I could find is that DoT apparently is enabled when configuring PowerDNS-recursor with specific upstream servers on port 853. Being relatively new to DoT and DoH I’m trying to work out why I can’t configure the recursor to listen to port 853 without

Re: [Pdns-users] Protobuf - Telegraf

FYI, I’ve been working with one of the coders working on Telefrag and the following code is working beautifully so far: https://github.com/influxdata/telegraf/pull/11999 -- Djerk > On 1 Oct 2022, at 10:31, Djerk Geurts wrote: > > >> On 1

[Pdns-users] Missing tags in protobuf query messages

Hi all, Working on a protobuf feed into Telegraf and I’m now noticing that no tags are set in the generated messages. I’m on v4.9.0, I guess I could/should try stable, but thought I’d ask here first before downgrading. The relevant bits of recursor.lua config: -- DNS filtering via RPZ feeds

Re: [Pdns-users] Protobuf - Telegraf

> On 1 Oct 2022, at 07:28, Otto Moerbeek wrote: > > The protobuf streams add a framing header of two bytes of length per protobuf > message. > The receiving side has to take that into account. I have no idea if it does as the Telegraf xpack_protobuf input doesn’t have that many options to

Re: [Pdns-users] Protobuf - Telegraf

> On 1 Oct 2022, at 09:01, Brian Candler wrote: > > On 01/10/2022 07:28, Otto Moerbeek via Pdns-users wrote: >> The protobuf streams add a framing header of two bytes of length per >> protobuf message. >> The receiving side has to take that into account. > > Perhaps this issue (still open) is

[Pdns-users] Protobuf - Telegraf

Hi, Has anyone managed to get Protobuf output logged through Telegraf? Telegraf is supposed to support Protobuf input but I’m getting the following error: … E! [inputs.socket_listener] Unable to parse incoming line: proto: cannot parse invalid wire-format data The Telegraf config I’m using:

Re: [Pdns-users] PDNS recursor cache sync

e the one providing DNS recursive service to the >DNS >clients or to the downstream DNS caching servers, or you should resort >to >URL filtering. > > >Best Regards, >Óscar Zovo. > >A sábado, 17/09/2022, 01:01, Djerk Geurts via Pdns-users < >pdns-users@mailman.powerd

Re: [Pdns-users] PDNS recursor cache sync

s an issue that records can change: >> >the scenario: >> > >> >- a client asks the record, record gets cached >> >- client A asks and gets cached value, >> >- publisher of records changes the record >> >- record expires from cac

Re: [Pdns-users] PDNS recursor cache sync

t, Sep 17, 2022 at 01:01:09AM +0100, Djerk Geurts via Pdns-users >wrote: > >> Just ran into an issue with recursive DNS servers where the two >servers have cached a different A record for mirror.centos.org. >> >> This is a problem as the firewalls permit access to t

[Pdns-users] PDNS recursor cache sync

Just ran into an issue with recursive DNS servers where the two servers have cached a different A record for mirror.centos.org. This is a problem as the firewalls permit access to the FQDN, which presumes that both the client and the firewall end up with the same A record for the domain. I'm

Re: [Pdns-users] LUA script for primary server

> -- nxdomain runs after no result is found. > function nxdomain(dq) > dquery = newDN(dq.qname:toString()) > pdnslog("nxdomain called for: "..dquery:toString()) > if dq.qtype == pdns.NAPTR then > pdnslog("Search parent wildcard record") > if dquery:countLabels() == 12 then >

Re: [Pdns-users] LUA script for primary server

> What I still need to test is if this script actually works and what will > happen if the followupFunction also returns NXDOMAIN, if it hit the Lua > script again then nothing else is needed, else I’ll need to add more logic to > keep going with a chopOff() until the zone’s ‘root' wildcard

Re: [Pdns-users] LUA script for primary server

> On 6 Jun 2022, at 12:44, Brian Candler wrote: > > On 06/06/2022 11:34, Djerk Geurts wrote: >> Maybe if I add some examples: >> >> 1.2.3.4.5.6.e164.arpa. NAPTR “some text with sip call routing info: AAA” >> *.4.5.6.e164.arpa. NAPTR “some different sip call routing info: BBB” >> >> A query for

Re: [Pdns-users] LUA script for primary server

On 6 Jun 2022, at 11:17, Brian Candler wrote: > > On 06/06/2022 10:52, Djerk Geurts via Pdns-users wrote: >> Jun 06 11:28:29 host.example.com <http://host.example.com/> >> pdns_server[3559402]: Fatal error: Trying to set unknown setting >> 'lua-dns-script’ >

[Pdns-users] LUA script for primary server

I’ve got a set of authoritative servers, all with the same MySQL backend. And am looking to catch nxdomain replies. All LUA suggestions I’ve found so far are for recursors, Is there no way to use the same LUA script on an authoritative server? Jun 06 11:28:29 host.example.com

[Pdns-users] Is it possible to filter tsig-key dnsupdate access?

Hi all, I’m in the process of setting up DNS-01 Let’s Encrypt verification and have generated the tsig-key, added it to the zone as TSIG-ALLOW-DNSUPDATE. But I’d like to restrict the updates to hostname "_acme-challenge" and record type TXT. Will I have to write a LUA script for this or is