Re: [Pdns-users] How to config pdns to send notification to addres not in "IN NS" record.

On 12/03/2024 13:11, Bino Oetomo wrote: The zone record editing is done via CPanel webUI. There is "zone editor" in that UI and thats the one I use itu. Via that UI, I just change single IN A record of one record. Then it becomes a question of how CPanel integrates with pdns, and since I

Re: [Pdns-users] How to config pdns to send notification to addres not in "IN NS" record.

On 12/03/2024 11:40, Bino Oetomo wrote: I run --> tcpdump -vv --interface eth1 port 53 at powerdns box , got no traffic indicating notification sent. But when I restart the bind9 service at the slave, tcpdump shows some traffic to and from slave. So still IMHO my pdns box did not send any

Re: [Pdns-users] How to config pdns to send notification to addres not in "IN NS" record.

On 12/03/2024 10:41, Bino Oetomo via Pdns-users wrote: dear all I have a cpanel box with powerdns as it's DNS server. it's IP address is 192.168.1.101 ... zone "domain0.bino" { type secondary; file "/var/named/domain0.bino.db"; primaries {103.30.144.60;}; }; 103.30.144.60 !=

Re: [Pdns-users] [EXT] Re: remote backend

That code is incomplete and not runnable. What is "[0:netip]" for example? More importantly, what is "c" when you do c.Write(data) ? However, there is also an unstated question here, which is "how are the requests and responses delimited when PowerDNS using the unixsock remote backend?" 

Re: [Pdns-users] Short Name Resolution

On 29/11/2023 21:32, t...@garayfam.com wrote: So, create my local domain (something.lan) and put all my entries in that then configure the clients to use something.lan as the default search domain? Yes, that's the way. However it would be better to use a subdomain of a real domain that you

Re: [Pdns-users] Short Name Resolution

On 29/11/2023 20:27, Tim Garay via Pdns-users wrote: How can I setup PDNS to resolve short names? I would like to be able to resolve something like “testserver” to 192.168.1.1.  No domain. Generally this is the job of the stub resolver on the client, to expand "testserver" to

Re: [Pdns-users] remote backend

On 29/11/2023 14:04, Alexis Fidalgo wrote: So, by now, i dont know what is making for a query to be answered and another not (timeout) and in a retry is answered ok. (this is why i thought on speed and considered the unix socket but now i know it’s not that) Put logging in your remote

Re: [Pdns-users] remote backend

On 29/11/2023 10:19, Alexis Fidalgo wrote: by the responder, what im not understanding is, why in 2 different languages (golang and python) i get the same behavior. Well, you haven't shown the code from either. It would be extremely inefficient for PowerDNS to open a new connection for

Re: [Pdns-users] remote backend

On 29/11/2023 00:07, Alexis Fidalgo via Pdns-users wrote: I think i found why this is not working, as you can see below, socket is connected and first message is sent (the initialize message), which is answered and the response is read ({“result”: true}). Problem is (and i’ve testing with

Re: [Pdns-users] remote backend

On 28/11/2023 18:10, Walter Parker via Pdns-users wrote: Unclear as to what you mean by “remote backend connected using Unix sockets” See: https://doc.powerdns.com/authoritative/backends/remote.html "Remote backend" in this case means "out-of-process", not necessarily on a different server.

Re: [Pdns-users] Share DNS-Records between two zones/views (internal & external)

On 15/11/2023 17:11, Sebastian Neumann via Pdns-users wrote: 3. Install a Response Policy Zone (RPZ) in the recursor to *override* the results provided by the auth for queries from internal clients Thanks a lot for that hint, I will look into that. I guess you are talking about this bit here?

Re: [Pdns-users] Share DNS-Records between two zones/views (internal & external)

On 15/11/2023 14:53, sebastian-n-95--- via Pdns-users wrote: Hey, I am considering migrating my current BIND-Based setup to PowerDNS. For multiple zones, I currently have split-view in bind, so that I can define DNS-Records available only for internal clients. To achieve this, I have the

Re: [Pdns-users] LUA for "filter-aaaa-on-v4"

On 30/10/2023 09:10, Djerk Geurts via Pdns-users wrote: Your right that once dual stack is enabled on parts of the network and in clients, then we'll need to be mindful of this. But, I would expect most dual stack clients to default to querying DNS using IPv6. In fact as we control the

Re: [Pdns-users] Logging to /var/log/messages

On 14/09/2023 15:32, Ian Goldstein (BLOOMBERG/ 120 PARK) wrote: The log entry that appears in my pdns.log is: Sep 14 09:07:52 xx-232 pdns[1380]: AXFR of domain 'foo.bar.com' to 1.2.3.4 finished The entry that appears in /var/log/messages: Sep 14 09:26:30 xx-209 pdns_server: AXFR of

Re: [Pdns-users] Logging to /var/log/messages

On 13/09/2023 22:48, Ian Goldstein (BLOOMBERG/ 120 PARK) via Pdns-users wrote: While I am successfully logging to /var/log/pdns.log, I am also logging to /var/log/messages which I do not want. That question is entirely about rsyslog and not powerdns, but in short you'll need something like

Re: [Pdns-users] Recursor forwarder DoT configuration

On 08/09/2023 15:50, Christoph via Pdns-users wrote: - does it validate the server certificate? how do I configure the name when performing certificate verification? Not answering your questions about PDNS recursor specifically, but I'll just point out that 1.1.1.1:853 and 1.0.0.1:853 both

Re: [Pdns-users] DNSSEC error

On 18/08/2023 10:12, Huber, Peter via Pdns-users wrote: Thank you, I understand, that our server is not authoritative for .de. bur it seems our zone is no longer signed, but it was signed in the past. There's a DS record in the parent zone: $ dig @a.nic.de. uni-wh.de. ds uni-wh.de.       

Re: [Pdns-users] DNSSEC error

On 18/08/2023 08:53, Huber, Peter via Pdns-users wrote: i have strange thing using the pdns resolver. My domain uni-wh.de was ok for a long time, now there seems to be a DNSSEC problem and I don’t know where this comes from, nor how to fix this. What I am testing: delv @193.175.243.110

Re: [Pdns-users] listen on net iface

On 28/07/2023 10:07, Klaus Darilion via Pdns-users wrote: PS: This sound like you want to run PDNS in an active-standby HA-setup with a "hot" standby If it were me, I'd have a pair of dnsdist instances (with the floating IP moving between those), which in turn point to the real servers

Re: [Pdns-users] Cannot update server-id

On 26/05/2023 12:01, Kevin P. Fleming via Pdns-users wrote: I'm pretty sure those are unrelated IDs, and the 'localhost' in the API URLs cannot be changed. Confirmed at https://doc.powerdns.com/authoritative/http-api/server.html In the PowerDNS Authoritative Server, the|server_id|is

Re: [Pdns-users] SSL Proxy with PowerDNS

On 04/05/2023 18:21, Tom Barrett via Pdns-users wrote: I'm looking for a solution for running an SSL proxy with PowerDNS. This is a service that will auto-generate SSL certs (such as letsencrypt) for each zone. I think you might be confusing several concepts here, most of which are nothing

Re: [Pdns-users] Strange behaviour with ALIAS/CNAME records

On 17/04/2023 14:56, Andrea Biancalani wrote: Using the PowerDNS-admin GUI from github https://github.com/PowerDNS-Admin/PowerDNS-Admin In that case, I'd suggest your best starting point is to raise your problem as an issue with that project, since that's what you're actually interacting

Re: [Pdns-users] Strange behaviour with ALIAS/CNAME records

On 17/04/2023 14:05, Andrea Biancalani wrote: after I've applied with success above example.com zone (as you notice in attached image) You appear to be using some sort of (unspecified) front-end web application.  It could be editing zone files directly, or it could be making direct SQL

Re: [Pdns-users] Strange behaviour with ALIAS/CNAME records

I suggest you specify the version of pdns authoritative you're running, otherwise this isn't reproducible by anyone.  Also what backend you're using and how you're adding/removing records, although I'm guessing it's probably the bind backend. On 17/04/2023 12:50, Andrea Biancalani via

Re: [Pdns-users] (no subject)

On 14/03/2023 06:45, Raghvendra Choudhary via Pdns-users wrote: I want to put the DNS of google in the *forwarder* in the recursor.conf but i am unable to resolve the DNS form the *forwarder. *Please help me to get this configuration in the right way. The setting you need is

Re: [Pdns-users] reverse zone ipv4 and ipv6

On 01/02/2023 20:05, Vinícius Dalcin wrote: where am i going wrong? (Aside: it's hard to read screenshots rather than text, and I can't copy paste from them) I can't explain why it's not working, but I do see a few odd things. 1. Where does /etc/resolv.conf point on your host? I note that

Re: [Pdns-users] reverse zone ipv4 and ipv6

On 01/02/2023 18:13, Vinícius Dalcin via Pdns-users wrote: good I made some adjustments and as for the ipv4 this functional. When to ipv6 I get REFUSED query response. Can you show what configuration you made, the exact query you made, and the exact response you got back? Please make sure

Re: [Pdns-users] Creating a www CNAME in powerDNS Admin (mysql backend) automatically pointing to @

On 23/01/2023 12:10, Andrea Biancalani wrote: my default template for new hosting is similar to this @ SOA ... @ NS ... @ MX ... @ A 192.0.2.1 @ 2001:db8::1 www A 192.0.2.1 www 2001:db8::1 but if I try to use this template @ SOA ... @ NS ... @ MX ... @ ALIAS www. /*(added final

Re: [Pdns-users] Creating a www CNAME in powerDNS Admin (mysql backend) automatically pointing to @

On 23/01/2023 08:39, Andrea Biancalani via Pdns-users wrote: Hello there, do you know if it is possible with pdns Admin GUI (using mysql backend) Questions about a particular third-party project which integrates with PDNS would be better raised with that third-party project. There are

Re: [Pdns-users] Glue records in PowerDNS and MySQL backend

On 11/01/2023 15:13, Carsten Schmitz via Pdns-users wrote: Hello, My case is a bit complicated: I run a PowerDNS  server with a zone "firstdomain.org" which is using a name server name ns1.seconddomain.org . Please read:

Re: [Pdns-users] stupid recursor question [SOLVED]

On 07/12/2022 18:47, Curtis Maurand via Pdns-users wrote: dig doesn't return an error ... root@sirius:~# dig sirius.xyonet.com ; <<>> DiG 9.16.33-Debian <<>> sirius.xyonet.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10323 To be clear:

Re: [Pdns-users] stupid recursor question

On 06/12/2022 17:41, Curtis Maurand via Pdns-users wrote: You can use either xyonet.com or cybernexus.net And the pdns-auth server which you are referring to is ns1.xyonet.com or ns2.xyonet.com?  Or is it neither of these, and is a hidden primary? FYI, ns2.xyonet.com is not responding at

Re: [Pdns-users] stupid recursor question

On 06/12/2022 17:06, Curtis Maurand via Pdns-users wrote: On the authoritative server I host a domain that I'll call domain.tld as the example. It really helps if you give the real domain, since many problems can be diagnosed easily by querying the auth nameserver. See

Re: [Pdns-users] CNAME Resoluion

On 05/12/2022 17:58, Tony Annese via Pdns-users wrote: [Error] Record 'enterpriseenrollment.icdf3.org IN CNAME enterpriseenrollment.manage.microsoft.com' in zone 'icfd3.org' is out-of-zone. Read the error carefully. Hint: icdf3.org != icfd3.org :-)

Re: [Pdns-users] CNAME Resoluion

On 05/12/2022 05:03, Tony Annese via Pdns-users wrote: Here is the unobfuscated data. Thank you, because that now makes it possible to help you: $ dig +norec @ns.whidbey.net. sip.icfd3.org. any ... ;; ANSWER SECTION: sip.icfd3.org.        3600    IN    TXT    "v=spf1 mx

Re: [Pdns-users] Remove zombie/dead zones on superslave server

On 30/11/2022 10:35, Andrea Biancalani via Pdns-users wrote: is there a way to be noticed on master's GUI (or slave) of zombie/dead zones in superslave server? Which GUI? Don't you know about PowerDNS-Admin GUI? https://github.com/PowerDNS-Admin/PowerDNS-Admin "Which GUI" is a fair

Re: [Pdns-users] What are the differences between PowerDNS Authoritative Server and Recursor?

On 25/11/2022 22:10, Michael Hallager (personal) via Pdns-users wrote: This mailing list, like all the other industry ones, is a place for people with some background experience to come and ask a specific and clearly stated question. The context and terms of this list are clearly stated here

Re: [Pdns-users] Configure Powerdns and check if the domain which is not present in Powerdns is tranferring the traffic to 8.8.8.8 .

On 18/11/2022 09:42, Raghvendra Choudhary via Pdns-users wrote: share me some sample entries  which is insert to the databases.  so it wll easy for me I want to copy all the domain entries which is present in the my hosts file. I'd suggest that you start by reading the PowerDNS

Re: [Pdns-users] SNAT and notify messages

On 17/11/2022 22:48, Michael Hallager via Pdns-users wrote: I recommend you fix your underlying issues now by getting all your servers onto the same net block or net blocks which can route between each other without NAT. Also I'd suggest fixing the other underlying issue, which is that a

Re: [Pdns-users] pdns-recursor ecs support config designs

On 08/11/2022 09:20, Robby Pedrica via Pdns-users wrote: The CDN services work correctly when a branch uses the ISP-assigned DNS for that specific branch/link. But as mentioned, it's difficult to manage these DNS entries when you have many branches across the world (180 sites with 2 different

Re: [Pdns-users] About "null MX"

On 31/10/2022 11:37, De Gubellini via Pdns-users wrote: Do you know from which version of the authoritative server "Null MX" was supported? This should be the RFC https://www.rfc-editor.org/rfc/rfc7505 I am asking this because I have an old version of powerdns that I can't upgrade in a short

Re: [Pdns-users] IPv6 PTR with gmysql backend

On 20/10/2022 14:17, qutic development via Pdns-users wrote: Thank you Brian for taking note! That was my bad in the email cause I changed the real ipv6-address into a sample one. https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/

Re: [Pdns-users] IPv6 PTR with gmysql backend

On 20/10/2022 12:55, qutic development via Pdns-users wrote: In the domains-table there is a record with name "0.0.0.0.0.8.b.d.1.0.0.2.ip6.arpa." That's wrong. It should be 0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa - that is, the original address is really 2001:0db8::/48 (when you write out all 4

Re: [Pdns-users] Protobuf - Telegraf

On 01/10/2022 07:28, Otto Moerbeek via Pdns-users wrote: The protobuf streams add a framing header of two bytes of length per protobuf message. The receiving side has to take that into account. Perhaps this issue (still open) is relevant: https://github.com/influxdata/telegraf/issues/6025

Re: [Pdns-users] Is there any option to change the custom RRSIG signature validity in DNSSEC?

On 31/08/2022 20:28, Mohammad Ishtiaq Ashiq Khan via Pdns-users wrote: Right now, it is set to 3 weeks and after looking at the code, it seems like this is fixed at PowerDNS. Please correct me if I am wrong. No, you're correct. See:

Re: [Pdns-users] (pdns 4.3.0 version) support for RFC2317

On 17/08/2022 00:27, Xandro Gavino via Pdns-users wrote: I just would like to confirm if the PowerDNS Authoritative Server (pdns 4.3.0 version) support the RFC2317. pdns 4.3.0 doesn't support anything, because it's end-of-life and unsupported:

Re: [Pdns-users] How to hide pdns authoritative server banner

On 11/07/2022 16:22, Wafa BEN KHOUD via Pdns-users wrote: Can you please explain how to hide pdns authoritative server banner? Do you mean the version.bind CHAOS TXT record?  If I google "powerdns version.bind chaos txt" then I get this as the first hit:

Re: [Pdns-users] LUA script for primary server

On 06/06/2022 11:34, Djerk Geurts wrote: Maybe if I add some examples: 1.2.3.4.5.6.e164.arpa. NAPTR “some text with sip call routing info: AAA” *.4.5.6.e164.arpa. NAPTR “some different sip call routing info: BBB” A query for 9.9.9.4.5.6.e164.arpa. will result in BBB A query for

Re: [Pdns-users] LUA script for primary server

On 06/06/2022 10:52, Djerk Geurts via Pdns-users wrote: Jun 06 11:28:29 host.example.com pdns_server[3559402]: Fatal error: Trying to set unknown setting 'lua-dns-script’ "lua-dns-script" is not a valid setting for pdns authoritative server. See:

Re: [Pdns-users] Pdns Authoritative

On 30/05/2022 16:45, Wafa BEN KHOUD via Pdns-users wrote: s it possible to configure pdns slave with fixed content records? And how to do it? As example: master records for zone "test.com " are NS "ns.test.com " and MX "mx.test.com "

Re: [Pdns-users] SOA request MariaDB backend

On 10/05/2022 09:17, Jan-Piet Mens via Pdns-users wrote: dig @127.0.0.1 zone-name.bo soa +norec zone-name.bo is NXDOMAIN. The longer version of that answer is here: https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/ ___

Re: [Pdns-users] Questions about PowerDNS - CNAME@APEX, Capacity, management, etc...

On 06/05/2022 18:02, Jan-Piet Mens via Pdns-users wrote: CNAME @ APEX questions: There is no such thing. "No CNAME and other data" is the rule. Fired off too quickly. RFC 1912 2.4 clarifies this [1] And don't forget that there is the ALIAS pseudo resource record for this purpose.

Re: [Pdns-users] DNAME randomly failing on Linux clients

On 06/04/2022 10:44, Adam Cecile wrote: If at all possible, I'd suggest you simply run auth and recursor bound to separate IP addresses - whether that be on the same host, or in VMs or containers.  Then you point your clients at your recursor IP(s), your NS records at your auth server

Re: [Pdns-users] DNAME randomly failing on Linux clients

On 06/04/2022 10:25, Adam Cecile via Pdns-users wrote: I need some recursion / logging facilities so I added on top of them (same machine) pdns-recursor or dnsdist. I first went for recursor but ended up thinking dnsdist was more flexible (especially on filtering updates / axfr, you're right).

Re: [Pdns-users] DNAME randomly failing on Linux clients

If I understand that right: you have dnsdist and auth running on the local server, and recursor is on a remote server? If your requirements are simple, for basic DNS querying you may not need dnsdist at all.  Just run the recursor on port 53, and use forward-zones / forward-zones-recurse as

Re: [Pdns-users] DNAME randomly failing on Linux clients

On 06/04/2022 09:36, Adam Cecile via Pdns-users wrote: Any idea what's going on here, I'm completely lost. I guess my DNAME usage is somehow incorrect but I don't understand why it's working intermittently (and always with pure DNS call using dig...) Just a thought, but does your system use

Re: [Pdns-users] zone forwarding in 4.0.6

On 04/04/2022 23:57, Brian Lehnhardt via Pdns-users wrote: It seems like this should just work, but perhaps I am missing something. I'm using an older version of pdns as you can see from my config, and I can't seem to find any documentation on this older version. Any idea what I'm doing

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On 17/03/2022 15:50, Pepe Charli wrote: But the idea is to have in the future a file forward-zones-file of the type test1.com =192.168.1.1 test2.com =192.168.1.2 .=192.168.68.63, 192.168.68.64 I think dnsdist is better for that application - it's what it's

Re: [Pdns-users] ddns: no A records created, only PTR

On 17/03/2022 15:37, Patrick Bervoets via Pdns-users wrote: ddns-domainname "psc-elsene.be"; ddns-rev-domainname "in-addr.arpa."; zone psc-elsene.be { primary 127.0.0.53; key dhcpdupdate; } zone 103.103.10.in-addr.arpa. { primary 127.0.0.53; key dhcpdupdate; } ...   set ddns-client-fqdn =

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On 17/03/2022 15:26, Pepe Charli wrote:      In the traces only the domain has been changed to test.com      192.168.68.63 and 192.168.68.64 are autoritatives for this domain.      Both resolver and authoritative are only used internally with private IPs Are

Re: [Pdns-users] PDNS Recursor and forward-zones-file

Hmm, see also: https://github.com/PowerDNS/pdns/issues/10638 https://github.com/PowerDNS/pdns/pull/10643 But this was backported to the 4.4 branch, and should be present in recursor 4.4.7: https://github.com/PowerDNS/pdns/pull/10654 ___

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On 17/03/2022 12:04, Pepe Charli via Pdns-users wrote: The recursor is configured to forward all zones to other DNS servers forward-zones-file=/path/to/file and the file itself contains .=192.168.68.63, 192.168.68.64 If you're forwarding the whole world then you need a plus sign for the

Re: [Pdns-users] Immediate update visibility

Thanks to Otto for explaining about the recursor notify feature in 4.6.0 - this is very cool and I wasn't aware of it. I think the OP is observing two different problems, and that would solve one of them. ___ Pdns-users mailing list

Re: [Pdns-users] Immediate update visibility

On 09/03/2022 07:08, Daniel Miller via Pdns-users wrote: Anyway, after all that - when I make a change to a domain record using pdnsutil or an external tool using the API - the changes are immediately applied to the zone but are not immediately visible through the recursor. To make that happen

Re: [Pdns-users] Low ttl with combination of forward zones makes queries fail

On 08/02/2022 12:24, Thomas Mieslinger via Pdns-users wrote: But remember, pdns_recursor does not do background checking whether a Nameserver is alive. Background checking is only done by dnsdist afaik. That's a good point.  dnsdist continuously sends one query per second to each backend to

Re: [Pdns-users] Low ttl with combination of forward zones makes queries fail

On 08/02/2022 12:08, Prochazka via Pdns-users wrote: Pdns recursor config: ... forward-zones= forward-zones+=some.domain.tld=AUTH1_ipv6 forward-zones+=some.domain.tld=AUTH1_ipv4 forward-zones+=some.domain.tld=AUTH2_ipv6 forward-zones+=some.domain.tld=AUTH2_ipv4

Re: [Pdns-users] PowerDNS Recursor Performance and Tuning

On 19/01/2022 09:54, Hamed Haghshenas via Pdns-users wrote: How can I secure my dns Recursor? I try read document about dnssec in powerdns wiki but can’t understand what should I do ? https://doc.powerdns.com/recursor/dnssec.html In short: dnssec=validate

Re: [Pdns-users] How to make Authoritative work?

On 18/01/2022 15:03, jrd-p...@jrd.org wrote: Let's get back to my original question: How do I get pdns, with no recursor in the picture, to believe that it's authoritative for a zone? (Presumably by "pdns" you mean "pdns authoritative server") When I it hit with a query, I get

Re: [Pdns-users] How to make Authoritative work?

On 18/01/2022 14:38, jrd-p...@jrd.org wrote: . . . but when I query direct to the pdns, it also doesn't say it's authoritative. See previous mail. Sorry, I missed that mail.  Did you send a dig directly to port 5300?  I didn't catch that. I probably need to go back and re-read the DNS

Re: [Pdns-users] How to make Authoritative work?

On 18/01/2022 13:55, jrd-p...@jrd.org wrote: Oops. Yes. Port 53 has a pdns-recursor listening on it, which is feeding requests to pdns. Want the recursor config too? No need.  You asked why the response didn't have the AA flag set, and the answer is because the response came from a

Re: [Pdns-users] How to make Authoritative work?

On 18/01/2022 12:19, jrd via Pdns-users wrote: root@f3-kong-dyndns /etc/powerdns # dig jrd.org soa @localhost ; <<>> DiG 9.16.22 <<>> jrd.org soa @localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58908 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1,

Re: [Pdns-users] PowerDNS Recursor Performance and Tuning

On 16/01/2022 09:41, Hamed Haghshenas via Pdns-users wrote: quiet=no I need the logs and should export domains to my analyzer platform . There are more scalable ways of doing this.  The "standards-compliant" way is dnstap: https://dnstap.info/

Re: [Pdns-users] PowerDNS with LDAP backend / TFTP-Server for PXE boot

On 13/01/2022 19:00, Stefan Harbich via Pdns-users wrote: I have set up a PowerDNS server with an LDAP backend. I would like to install a TFTP server and wanted to ask if I can set up the following in the PowerDNS LDAP backend? ... When configuring your DHCP server you will need to add the

Re: [Pdns-users] PDNS Recursor - force IPv6

On 16/11/2021 08:57, Otto Moerbeek wrote: I set "query-local-address=0.0.0.0,::" to allow the recursor to use both. I think since 4.5 we do the right thing and*only* use v6 if you set query-local-address=:: But that has the consequence that a lot of (v4 only) nameservers become unreachable.

Re: [Pdns-users] PDNS Recursor - force IPv6

On 16/11/2021 08:29, Otto Moerbeek via Pdns-users wrote: Is there possible to get similar to unbound command to force usage of IPv6 in PDNS Recursor? prefer-ip6: If enabled, prefer IPv6 transport for sending DNS queries to internet nameservers. Default is no. Thanks, No, we do not

Re: [Pdns-users] Best practice for serving a few public domains + auth/recursion for VMs & VPN clients

On 04/10/2021 13:44, Patrick Laimbock via Pdns-users wrote: New to the list & PowerDNS. Pleased to meet you. I have about 50 domains, 10 VMs and 10 VPN clients I would like to setup DNS for. I went through DuckDuckGo and a bunch of ML archives but did not find any hints of a best practice

Re: [Pdns-users] error which prevented lookup Out of range exception

On 30/09/2021 17:39, Oliver Dzombic via Pdns-users wrote: In 4.3 Versions this SOA record worked: ns3.isp4p.net hostmas...@isp4p.net 2006040100 Now with a new server ns3.cloud-interactive.de i...@cloud-interactive.de 2021093000 or ns3.cloud-interactive.de 2021093000 or

Re: [Pdns-users] Prevent external lookup of (private) subdomains

On 23/09/2021 14:31, inform...@trinaxab.se wrote: I don't necessarily need to use PowerDNS for the ACME DNS server, so I might employ bind with the former plugin instead, since it's only going to be a minimal DNS configuration. Exactly.  You can stand up a separate nameserver purely for

Re: [Pdns-users] Prevent external lookup of (private) subdomains

On 22/09/2021 10:54, inform...@trinaxab.se wrote: July 9, 2021 5:12 PM, "Brian Candler" wrote: On 09/07/2021 15:29,inform...@trinaxab.se wrote: Specifically, the intention is to use a single wildcard certificate *.intra.example.com rather than one for each subdomain. I don't know if that

Re: [Pdns-users] PowerDNS issues

On 10/09/2021 10:07, Andrey Sedletsky via Pdns-users wrote: One last question. Our company would like to have commercial support for your product. Is this possible and, if so, what needs to be done for this ? Below is the link to the attachments: https://cloud.mail.ru/public/3y53/RzaP6z2a6

Re: [Pdns-users] Server Hostname not visible

On 02/09/2021 07:12, SOLIT | Michael via Pdns-users wrote: I’m trying to add the server hostname to PowerDNS. This does not seem to work. When I do an nslookup to the specific PowerDNS server I get back that the server hostname is Unknown. Sorry, but this question has nothing to do with

Re: [Pdns-users] API listening address/port

On 20/08/2021 21:31, MRob via Pdns-users wrote: Hi, the API docs shows that it listens at 127.0.0.1:8081 I only see 3 api config vars-- is there any settings for API listening port or interfaces? You need to set configuration setting "webserver-address":

Re: [Pdns-users] Logging outgoing queries and responses

On 04/08/2021 10:49, Hamed Haghshenas via Pdns-users wrote: and add to it : protobufServer(server[[[ ,logQueries=true], logResponses=true] ,exportTypes={'A', '', 'CNAME', 'MX', 'NS'}]); I don't think those square brackets are meant to be there literally; rather they're saying that

Re: [Pdns-users] PowerDNS admin Configuration

On 20/07/2021 13:05, Bill Pye via Pdns-users wrote: I don't know why you think PowerDNS-Admin is not maintained any more or had it's last code change two years ago. It is under continued development but I'm guessing you're not talking about this product:

Re: [Pdns-users] Why does pdns-recursor fail to resolve: data.public.lu

What version of pdns-recursor? ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Prevent external lookup of (private) subdomains

On 09/07/2021 15:29, inform...@trinaxab.se wrote: Specifically, the intention is to use a single wildcard certificate *.intra.example.com rather than one for each subdomain. I don't know if that changes anything. No difference.  You just need to be able to insert TXT records in the zone

Re: [Pdns-users] Prevent external lookup of (private) subdomains

On 09/07/2021 14:43, informant--- via Pdns-users wrote: I intend to set up a PowerDNS authoritative server and recursor, where a few subdomains will be forwarded to the auth server for internal use only. (local IP addresses) We do not wish to allow lookups for these domains by any external

Re: [Pdns-users] PowerDNS suddenly refuses to resolve

On 24/06/2021 12:03, Laurie Brown via Pdns-users wrote: One of my pdns name servers has suddenly stopped resolving, giving a status to dig of status: REFUSED. I have no idea why as it was working perfectly well for several days (it's a new installation). Quite possibly because it's not running

Re: [Pdns-users] Zone transfert rejected in Powerdns Letsencrypt challenge

On 23/06/2021 08:54, Cheikh Dieng wrote: Very Thanks, It's clear for me. For dnsdist i  need HA pour my Powerdns. And how are you achieving HA of your dnsdist? The normal, recommended approach for authoritative DNS resilience is to have multiple nameservers, listed as separate NS records.

Re: [Pdns-users] Zone transfert rejected in Powerdns Letsencrypt challenge

On 22/06/2021 23:30, Cheikh Dieng wrote: Hi, excuse for delay.. For context: My powerdns listen in port 2053 My dnsdist listen in port 1053 We are an translating port through 53 (from external request) to 1053 . That's why from external we use port 53 and in internal we can use port 1053 or

Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN

On 22/06/2021 16:16, Thomas via Pdns-users wrote: Thanks for the clarification, but this scares me. How can I have configured the server in a way it thinks it is authoritative for the entire Internet? It should be authoritative for zur-sonne.it and the other 2500 domains we have,

Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN

On 22/06/2021 15:54, Thomas wrote: Doing a "dig www.zur-sonne.it +nostats +nocomments +nocmd @localhost" I (think) get correct result: ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.zur-sonne.it +nostats +nocomments +nocmd @localhost ;; global options: +cmd ;www.zur-sonne.it. 

Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN

On 22/06/2021 14:55, Thomas via Pdns-users wrote: I have upgraded pdns authoritative server from version 4.3 to version 4.4.1 on CentOS 7, MySQL is the backend. If I query a CNAME record on both servers I get the following error (do not remember if it worked before the upgrade): [root@pdns1

Re: [Pdns-users] Zone transfert rejected in Powerdns Letsencrypt challenge

On 22/06/2021 12:33, Jan-Piet Mens via Pdns-users wrote: For Letsencrypt protocol to generate certificate I have to enable zone transfer in my powerdns. I think you mean "DNS Updates" for Let's Encrypt dns-01, but I don't believe these are possible in PowerDNS with the LDAP backend.

Re: [Pdns-users] Zone transfert rejected in Powerdns Letsencrypt challenge

On 21/06/2021 08:53, Cheikh Dieng via Pdns-users wrote: Hi, My powerdns reject request for zone transfert . My powerdns domain is "cloud.lfpw.dsna.fr " it is a sub domain of "lfpw.dsna.fr " (this parent domain  is not a powerdns solution).

Re: [Pdns-users] Sub-domains and zones

On 18/06/2021 05:16, Daniel Miller via Pdns-users wrote: Given a published zone of ".myzone.com" - I want to have a list of hosts like: a.sub.myzone.com b.sub.myzone.com c.sub.myzone.com Nothing special. I can implement this by explicitly declaring each host in my parent zone - and this

Re: [Pdns-users] Geo DNS - Apex Alias (not resolving)

$ dig +short @dns0.hotchilli.uk. geo.hotchilli.co.uk. a 46.17.220.152 $ dig +short @dns0.hotchilli.uk. hotchilli.co.uk. a 10.0.2.18 I see that's the response you configured for "unknown.geo.hotchilli.co.uk" I'd be inclined to use tcpdump to look at queries from dist to auth, auth to recursor,

Re: [Pdns-users] Upgrading Auth Server directly from 4.1.14 to 4.4.1

On 19/05/2021 19:40, Nikolaos Milas via Pdns-users wrote: Can we upgrade directly to 4.4.1 provided we do pertinent config changes as described in the upgrade guide, or it is suggested to upgrade in steps, e.g. to the last point release of each major version (4.1.14 --> 4.2.3 --> 4.3.2 -->

Re: [Pdns-users] Private IP Addresses in DNS Records

On 14/05/2021 16:13, Nikolaos Milas wrote: Hmm, probably you mean IPv6 Link-local addresses (rather than GUAs); GUAs are reachable indeed. GUAs aren't necessarily reachable: you can have internal ranges that are not routed, or blocked by ACLs.  Or he might have meant ULAs. Either way, I agree

Re: [Pdns-users] Private IP Addresses in DNS Records

On 14/05/2021 13:03, Nikolaos Milas via Pdns-users wrote: 2. If anyone on the Internet looks up *directly* a particular hostname under private.noa.gr zone (e.g. example.private.noa.gr), won't they be able to see data about it? Shouldn't we somehow deny all Internet requests for that particular

  1   2   >