Re: [Pdns-users] What signal to tell PDNS to shut down?

Ah! Thanks, everyone! Using `--init` did, indeed, solve all my problems. Super helpful! Learn something new every day I suppose. :-) Nick > On Jan 13, 2019, at 5:05 PM, frank+pdns--- via Pdns-users > wrote: > > Hi Bert and Nick, > > Docker will issue a SIGTERM, and assumes an app responds

[Pdns-users] What signal to tell PDNS to shut down?

I’m working on a Docker container to run my PDNS Authoritative servers. I’m installing PDNS from repo.powerdns.com . The Docker command that is run in `pdns_server`. The `docker stop` command sends a `SIGTERM` to PID 1, waits some amount of time, and then sends

[Pdns-users] Confused about PDNS versions in distro package repos

I hate how confusing package versions are in distro package repos… (and that’s a systemic issue with repos, not a problem made by the fine folks here). I’m using Ubuntu 18.04 (bionic). I’m trying to decide if I can/should just use the PDNS package in its distro package repo, or if I should use

Re: [Pdns-users] pdns_recursor suddenly decided ALL dnssec queries were bogus

*facepalm* Thank you. Indeed, Ubuntu had an upgrade from 4.0.4-something to 4.0.4-something_else that included the new KSK. All fixed now. *facepalm* I feel dumb for missing that. Nick > On Oct 11, 2018, at 9:40 PM, Tom Ivar Helbekkmo wrote: > > Nick Williams writes: > >&g

[Pdns-users] pdns_recursor suddenly decided ALL dnssec queries were bogus

I’ve been running a pdns_recursor install for a little over 11 months now, and I had about 9 months’ uptime on the machine running it. Tonight, suddenly, without my making any changes, ALL DNS queries through the recursor started returning SERVFAIL. I spent the better part of an hour diagnosing

Re: [Pdns-users] Alternative way to log in pdns_recursor when OS holds Syslog hostage

So, I made some progress with disabling the Busybox syslog server (can’t remove it completely without removing Busybox, but I can disable it) and replacing it with syslog-ng (which I really like, BTW), but I’m experiencing some odd behavior with PDNS (only) writing to syslog: If I start

Re: [Pdns-users] Setting up intentionally invalid DNSSEC record in auto-secure environment

So, I think I’ve almost got this, but I’m having a problem with the pre-signed zone’s NSEC3 RRSIGs. Here’s what I did: I already have a live-signed zone (my-zone.com) that works perfectly. A-records come with automatic RRSIGs, SOA record comes with an RRSIG, NS records come with an RRSIG, etc.

Re: [Pdns-users] Virtual servers in pdns-recursor

On Jan 8, 2016, at 9:46 AM, Pieter Lexis wrote: > > Hi Miguel, > > On Fri, 8 Jan 2016 09:16:32 -0600 > Miguel Miranda wrote: > >> Hi, i want to run several instances of pdns-recursor, is there any support >> similar to pdns virtual

[Pdns-users] Setting up intentionally invalid DNSSEC record in auto-secure environment

signing enabled? Thanks! Nick Williams smime.p7s Description: S/MIME cryptographic signature ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Standardized DNS Record Types Not Supported by PowerDNS

On Mar 9, 2015, at 2:42 AM, bert hubert wrote: Sounds like the Supported Record Types page needs updating to add KX and IPSECKEY. Patches are welcome. It is very easy to update our Markdown documentation these days. https://github.com/PowerDNS/pdns/blob/master/docs/markdown/types.md

[Pdns-users] SOA and trailing/terminating dots (.)

PowerDNS's Supported Record Types page[1] says the following: Warning: Host names and the MNAME of a SOA records are NEVER terminated with a '.' in PowerDNS storage! If a trailing '.' is present it will inevitably cause problems, problems that may be hard to debug. Here I'm particularly

[Pdns-users] Standardized DNS Record Types Not Supported by PowerDNS

The following are standardized DNS record types[1] that aren't supported by PowerDNS[2]. I was hoping someone could enlighten me as to whether there are specific reasons for not supporting them (as opposed to nobody has gotten around to doing the work yet, which is of course understandable) and

[Pdns-users] DNSSEC - What to send to registrar?

I learned the other day that my registrar (Dotster) has no support for DNSSEC in their user interface. At first they told me that they didn't support it at all—but when I pointed out that not supporting DNSSEC is a violation of ICANN's Registrar Accreditation Agreement (RAA) effective January

[Pdns-users] pdnssec set-nsec3 for all zones

Is there not a way to set NSEC3 parameters (pdnssec set-nsec3) for all zones? There's secure-all-zones and rectify-all-zones, but nothing about set-nsec3 for all zones. That could certainly get cumbersome on very large installations. :-/ Thanks, Nick

Re: [Pdns-users] Error Running pdnssec from PHP

Nevermind, my bad. It's not enough for the user to have read permissions on the /etc/pdns directory and /etc/pdns/pdns.conf file. The user also must have execute permissions on the /etc/pdns directory. When I added that, it worked. Thanks! Nick On Feb 27, 2015, at 12:19 PM, Nick Williams

[Pdns-users] Do I need to run pdnssec something when removing a zone?

I've recently enabled DNSSEC with the MySQL backend. I'm using the MySQL Backend for everything (including storage of zones/records). If I remove a zone completely from the MySQL domains/records tables (all data deleted), do I need to also A) Run pdnssec something, B) delete anything else from

[Pdns-users] Error Running pdnssec from PHP

I have a (secured) PHP browser GUI (that I can only access while connected to the VPN) that I use to manage my domains. I'm enabling DNSSEC, so I decided to update my PHP GUI to run the necessary pdnssec commands (secure-zone, set-nsec3, rectify-zone) when applicable. However, when I use PHP's

Re: [Pdns-users] When was ordername column added to records table?

On Feb 19, 2015, at 3:37 PM, k...@rice.edu wrote: On Thu, Feb 19, 2015 at 03:34:06PM -0600, Nick Williams wrote: I'm a bit curious because, looking through the code history, I can't find any evidence of it. The schema for PDNS 3.0 shows no ordername column or orderindex index

[Pdns-users] Why was content length increased?

I'm upgrading to authoritative 3.4 and noticed that the records.content column has been increased from 255 characters to 64000 characters. Because my table is UTF-8, I get the following error: mysql ALTER TABLE records MODIFY content VARCHAR(64000); ERROR 1074 (42000): Column length too big for

Re: [Pdns-users] When was ordername column added to records table?

On Feb 19, 2015, at 3:05 PM, Christian Hofstaedtler wrote: On 19 Feb 2015, at 22:37, k...@rice.edu wrote: On Thu, Feb 19, 2015 at 03:34:06PM -0600, Nick Williams wrote: The schema for PDNS 3.0 shows no ordername column or orderindex index on the records table: https://github.com/PowerDNS

[Pdns-users] Currently using distro packages, want to update

I try to always use software packages from my distro package managers (OpenSUSE zypper and CentOS yum) when I can, because it's easier and it resolves all my dependencies for me. I pretty much never manually deal with RPMs (so please forgive some of my ignorance). But my distro is currently on

Re: [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS

Do you think it's possible that release candidates for 3.5 could be coming soon? =D N On Jan 12, 2015, at 6:35 AM, Peter van Dijk wrote: Hello Nick, this code would be in release 3.5.0, for which no date has been set yet. However, as said below, the autotest website has development

[Pdns-users] Cannot load plugin … /usr//usr/...

I just installed PowerDNS 3.1.0.6 (using package management on OpenSUSE 12.3) on a new machine and copied my MySQL database over to it. As usual, on the first time starting it I tried /etc/init.d/pdns monitor` to see the output. gmysql can't load plugins because it's doubling the first part of

Re: [Pdns-users] master-slave serial problem

Just for the record, there IS a pdns package (and pdns-*-backend packages) in CentOS 5. I have several CentOS 5 machines, none of which have extra repositories like EPEL, and all of them have a pdns package either installed or installable from yum. My openSUSE 10.4 and 11.4 machines also had

Re: [Pdns-users] Status of the LDAP backend in 3.0 release

I wanted to quickly chime in on this. I agree with the decision to move the LDAP backend into unmaintained status and not fix these bugs right now. If there isn't a big enough community demand to supply the resources needed to maintain it, then there likely isn't a big enough demand to make it

[Pdns-users] Reply from unexpected source: ip#267, expected ip#53

I have three identically-configured Power DNS 2.9.21 servers. Server 1 and 2 are on Centos5 Linux version 2.6.18-028stab064.7 (r...@rhel5-64-build) (gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)) #1 SMP Wed Aug 26 13:11:07 MSD 2009 and Linux version 2.6.18-028stab070.5 (r...@rhel5-build-x64)