[Pdns-users] PowerDNS Recursor Server failed When use dnssec

2022-01-27 Thread Hamed Haghshenas via Pdns-users 
Hello,

 

I tried to use dnssec= validate the same as Google dns (8.8.8.8), but my DNS
server for some sites like activity.basalam.com returned an error "Server
failed "I used 8.8.8.8 and was successful.

 

When using the default value "process" for dnssec the resolve will be
successful.

 I would appreciate it if you could help me to fix this .

 

Best Regards,

Hamed Haghshenas

 

 

 

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Recursor Performance and Tuning

2022-01-19 Thread Hamed Haghshenas via Pdns-users 
>> How can I secure my dns Recursor? I try read document about dnssec in
powerdns wiki but can't understand what should I do ?

>>  
https://doc.powerdns.com/recursor/dnssec.html

> In short:

> dnssec=validat

 

I set dnssec=validate, but one error exist  (Invalid signature: connected)

 

#

Your dns security:

DNSSEC (FAIL)

*   Valid signature: connected
*   Invalid signature: connected
*   Expired signature: not connected
*   Missing signature: not connected

 

Best Regards,

 

 

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] PowerDNS Recursor Performance and Tuning

2022-01-19 Thread Hamed Haghshenas via Pdns-users 
Hello Dears,

 

I Configure PowerDNS Recursor with below configuration :

 

allow-from-file=/etc/pdns-recursor/IP-Iran-List.txt

setuid=pdns-recursor

setgid=pdns-recursor

local-address=127.0.0.1 x.x.x.x

any-to-tcp=yes

distribution-load-factor=1.25

pdns-distributes-queries=yes

distributor-threads=1

logging-facility=0

max-tcp-queries-per-connection=10

quiet=no

reuseport=yes

threads=3

 

 

When I check with https://dnscheck.tools/, I have some errors like:

 

##

Oh no! Your dns responses are NOT properly authenticated! You may be
susceptible to certain attacks such as dns cache poisoning.

 

And

 

Your dns security:

DNSSEC (FAIL)

*   Valid signature: connected
*   Invalid signature: connected
*   Expired signature: connected
*   Missing signature: connected

#

But when try using 8.8.8.8 different :

 

Great! Your dns responses are authenticated, protecting you from certain
attacks

 

Your dns security:

DNSSEC (PASS)

*   Valid signature: connected
*   Invalid signature: not connected
*   Expired signature: not connected
*   Missing signature: not connected

How can I secure my dns Recursor? I try read document about dnssec in
powerdns wiki but can't understand what should I do ?

 

Best Regards,

Hamed Haghshenas

 

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Recursor Performance and Tuning

2022-01-16 Thread Hamed Haghshenas via Pdns-users 
Hello,
Thanks for your help. I changed them .

> If you have 8G of RAM, likely the default cache sizes could be enlarged
(max-cache-entries for the record cache and max-packetcache-entries for the
packet cache)

how calculate the best number for "max-packetcache-entries" and
"max-cache-entries"

>Virtulization *could* be an issue, for example when the network interface
is virtualized in a way thet hinders performance. 

I can't change my Platform for now !!!

>If you are using NAT: this *kills* the performance. See
https://docs.powerdns.com/recursor/performance.html

I move it to my Edge Network and set Public IP .

>Depending on kernel version and other factors resuseports and multiple
distributor thread might work better or not, best to start with
reuserport=no and distributor-threads=1, test & measure and then change to
yes and 4 and compare performance on your actual setup.

My Kernel is 3.10.0-862.el7.x86_64, i set reuserport=no and
"distributor-threads=1", "threads=3"

>If you see a lot ot bogus results this might impact performance

"dnssec-log-bogus=yes" removed.

> entropy-source=/dev/random

changed to default

> lowercase-outgoing=yes

I ignore it.

> quiet=no

I need the logs and should export domains to my analyzer platform .


Best Regards,
Hamed Haghshenas


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] PowerDNS Recursor Performance and Tuning

2022-01-15 Thread Hamed Haghshenas via Pdns-users 
Hello Dears,

 

I install PowerDNS Recursor 4.6.0 on CentOS Linux release 7.9.2009. and
configure it as bellow for Iran IP address. I want use it in my ISP
environment for large scale and lots of DNS requests. 

 

My Server have 4 core 2.6 Ghz (x64) and 8GB Ram (KVM Virtualization), I can
apply more cpu or ram.

 

Could you please help me that is my configuration correct? How many
distributor-threads and threads should I use? (same as number of cpu cores
or more).

 

Need something to change, or any kernel optimization ?

 

 

allow-from-file=/etc/pdns-recursor/IP-Iran-List.txt

setuid=pdns-recursor

setgid=pdns-recursor

local-address=127.0.0.1 172.16.1.186

any-to-tcp=yes

distribution-load-factor=1.25

pdns-distributes-queries=yes

distributor-threads=4

dnssec=validate

dnssec-log-bogus=yes

entropy-source=/dev/random

logging-facility=0

lowercase-outgoing=yes

max-tcp-queries-per-connection=10

quiet=no

reuseport=yes

threads=4

 

Best Regards,

Hamed Haghshenas

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Error With add DKIM Record

2021-11-18 Thread Hamed Haghshenas via Pdns-users 

  
  
Hello Dears,


I install Zimbra Mail Server, and try to generate DKIM. the
  output of Zimbra is like below :


42AC5720-484A-11EC-843D-F8C6064ABEF7._domainkey    IN    TXT    (
  "v=DKIM1; k=rsa; "
       
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zpF679lEnd/zFWoRaUAs4qfoQsmsQ69O0s8ehlfWJnxK68Hn+8DGD98Qsu+ntdE46BZusS2rvKNhInom39Z9ua+nozM6jaRo6Ze5F0oZe9UixuxgIIA4f8u2480zs4p6hLXcFqH8Y/veB2XxiyaOxnaKNxdbIDsawYuGsHbubgAshiPSmu6/ZpFU/vBwtv8k0XjUoXYIAlHZS"
       
"rDnK5sosWakEieAP5VgLXJXYSdbPncDscoGo0JrFHPn4dJFAWjzlIRbO4z1TvpADxpttIs2cIpQPiyiTgSNByJctpmyp+Ib9MwtMiKq+xE2taF/blxLZS8H8OFBE6UpWFIvgxh4wIDAQAB"
  )  ; - DKIM key 42AC5720-484A-11EC-843D-F8C6064ABEF7 for
  kartaak.com



I try to add it via pdnsutil zone-edit but every time i got an
  error "is out-of-zone".


I appreciate it, if let me know how add this record to my zone
  file ...




Hamed Haghshenas
Network expert,
Chavoosh Co.
Ferdowsi st., Isfahan, IRAN.
Tel:+9831-32200200 Ext:26
Fax:+9831-32225198
Emails: haghshe...@chavoosh.com
  


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Logging outgoing queries and responses

2021-08-04 Thread Hamed Haghshenas via Pdns-users 
I Removed [Brackets],

 

But problem exists 

Aug  4 14:40:19 localhost pdns_recursor: STL Exception: [string "chunk"]:1:
')' expected near '='

Aug  4 14:40:19 localhost pdns_recursor: Unable to load Lua script from
'/etc/pdns-recursor/lua.conf': [string "chunk"]:1: ')' expected near '='




 

From: b.cand...@pobox.com (Brian Candler) [mailto:b.cand...@pobox.com] 
Sent: Wednesday, August 4, 2021 2:26 PM
To: Hamed Haghshenas ;
pdns-users@mailman.powerdns.com
Subject: Re: [Pdns-users] Logging outgoing queries and responses

 

On 04/08/2021 10:49, Hamed Haghshenas via Pdns-users wrote:

and add to it :

protobufServer(server[[[ ,logQueries=true], logResponses=true]
,exportTypes={'A', '', 'CNAME', 'MX', 'NS'}]);

I don't think those square brackets are meant to be there literally; rather
they're saying that logQuestions, logResponses and exportTypes are optional.

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Logging outgoing queries and responses

2021-08-04 Thread Hamed Haghshenas via Pdns-users 
Hello Dears,

 

I Setup a recursive dns server with powerdns .

The configuration is as follows.

 

setuid=pdns-recursor

setgid=pdns-recursor

allow-from=127.0.0.1, 192.168.1.0/24

local-address=0.0.0.0

logging-facility=0

loglevel=9

max-mthreads=1043

pdns-distributes-queries=no

quiet=no

reuseport=yes

threads=4

write-pid=yes

 

now I want, Logging outgoing queries and responses by the lua-config so I
add the bellow line to configuration :

lua-config-file=/etc/pdns-recursor/lua.conf

 

and add to it :

protobufServer(server[[[ ,logQueries=true], logResponses=true]
,exportTypes={'A', '', 'CNAME', 'MX', 'NS'}]);

 

but now when I start the server got an error like :

Aug  4 13:54:09 localhost pdns_recursor: Unable to load Lua script from
'/etc/pdns-recursor/lua.conf': [string "chunk"]:2: unfinished long string
near ''

Aug  4 13:54:09 localhost pdns_recursor: STL Exception: [string "chunk"]:2:
unfinished long string near ''

 

Could you please, help me see where the problem comes from and the other
question is where will these logs be stored?

 

Best Regards,

Hamed Haghshenas

 

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-24 Thread Hamed Haghshenas 
Hi,
Is there any update here?
Could anyone help me on this ?

BR,
Hamed Haghshenas
-Original Message-
From: Hamed Haghshenas [mailto:haghshe...@chavoosh.com] 
Sent: Saturday, July 21, 2018 10:38 AM
To: 'pdns-users@mailman.powerdns.com' 
Subject: RE: [Pdns-users] PDNS Authoritative Server DDOS Protection

Hi Bert,

Thanks for your solution, I use it same as below:

local dbr = dynBlockRulesGroup()
dbr:setQueryRate(3, 10, "Exceeded query rate", 60) 
dbr:setRCodeRate(dnsdist.NXDOMAIN, 3, 10, "Exceeded NXD rate", 60) 
dbr:setRCodeRate(dnsdist.SERVFAIL, 3, 10, "Exceeded ServFail rate", 60) 
dbr:setQTypeRate(dnsdist.ANY, 3, 10, "Exceeded ANY rate", 60) 
dbr:setResponseByteRate(5000, 10, "Exceeded resp BW rate", 60)

function maintenance()
  dbr:apply()
end

For attacks build by Mausezahn with small Src Address subnet, worked fine and 
blocked every /32 subnet that reach the query rate . but when use big SRC 
subnet like /20 it can't manage the queries and CPU rate increase .

could you please let me know is there any way to force Dyn blocked function 
check /24 subnet instead of /32 and, for every /24 SRC subnet, if query rate 
exceed then block /24 subnet .
for example for 10.10.10.0/24, if query rate exist 10 for 10s then block 
10.10.10.0/24.

BR,
Hamed Haghshenas

-Original Message-
From: Pdns-users [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of 
bert hubert
Sent: Tuesday, July 17, 2018 3:49 PM
To: pdns-users@mailman.powerdns.com
Subject: Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

On Tue, Jul 17, 2018 at 03:24:22PM +0430, Hamed Haghshenas wrote:
> Could you please let me know how handle these large DDOS attacks?

Hi Hamed,

Please take a look at 
https://dnsdist.org/guides/dynblocks.html#dynblockrulesgroup

This is specifically meant for the case of many different IP addresses 
attacking you.

Good luck!

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-21 Thread Hamed Haghshenas 
Hi Bert,

Thanks for your solution, I use it same as below:

local dbr = dynBlockRulesGroup()
dbr:setQueryRate(3, 10, "Exceeded query rate", 60)
dbr:setRCodeRate(dnsdist.NXDOMAIN, 3, 10, "Exceeded NXD rate", 60)
dbr:setRCodeRate(dnsdist.SERVFAIL, 3, 10, "Exceeded ServFail rate", 60)
dbr:setQTypeRate(dnsdist.ANY, 3, 10, "Exceeded ANY rate", 60)
dbr:setResponseByteRate(5000, 10, "Exceeded resp BW rate", 60)

function maintenance()
  dbr:apply()
end

For attacks build by Mausezahn with small Src Address subnet, worked fine and 
blocked every /32 subnet that reach the query rate . but when use big SRC 
subnet like /20 it can't manage the queries and CPU rate increase .

could you please let me know is there any way to force Dyn blocked function 
check /24 subnet instead of /32 and, for every /24 SRC subnet, if query rate 
exceed then block /24 subnet .
for example for 10.10.10.0/24, if query rate exist 10 for 10s then block 
10.10.10.0/24.

BR,
Hamed Haghshenas

-Original Message-
From: Pdns-users [mailto:pdns-users-boun...@mailman.powerdns.com] On Behalf Of 
bert hubert
Sent: Tuesday, July 17, 2018 3:49 PM
To: pdns-users@mailman.powerdns.com
Subject: Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

On Tue, Jul 17, 2018 at 03:24:22PM +0430, Hamed Haghshenas wrote:
> Could you please let me know how handle these large DDOS attacks?

Hi Hamed,

Please take a look at 
https://dnsdist.org/guides/dynblocks.html#dynblockrulesgroup

This is specifically meant for the case of many different IP addresses 
attacking you.

Good luck!

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-17 Thread Hamed Haghshenas 
Dear bert,

Hi, and thanks for your solution,

I configure the dnsdist like below :

setLocal("172.16.1.98:53", {reuseport=true})
addLocal('127.0.0.1:53')
newServer("127.0.0.1:5300")
newServer("172.16.1.106:5300")
setACL({'0.0.0.0/0'})
addAction(MaxQPSIPRule(2, 24, 48), DropAction())
carbonServer("172.16.1.166", "web45-dnsdist")
controlSocket('127.0.0.1:5199')
setConsoleACL('127.0.0.0/24')
setKey("6mJMt0+Bh7nmtCd0hzxvA5UtsywEpfTq8V4uvWYequc=")
webserver("172.16.1.98:8083", "Chav00sh", "6mJMt0+Bh7")

I use Mausezahn to simulate DOS and DDOS attack. when check the webserver
and my metronome, in DOS attack do best and CPU is in low rate but when make
DDOS attack with random SRC IP Addresses the CPU increase to 90%, many
queries drops, and the match rule is not effective .

Could you please let me know how handle these large DDOS attacks?
use the EBPF kernel can manage DDOS?

Noted I use this command to make DDOS attacks .

mz eno1628 -A rand -B 172.16.1.98 -t dns "q=geo.web45.ir" -c 0 -d 1 -4

BR,
Hamed Haghshenas

-Original Message-
From: bert hubert [mailto:bert.hub...@powerdns.com] 
Sent: Saturday, July 7, 2018 4:39 PM
To: Hamed Haghshenas 
Cc: pdns-users@mailman.powerdns.com
Subject: Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

On Sat, Jul 07, 2018 at 03:49:16PM +0430, Hamed Haghshenas wrote:
> I'm using PDNS Authoritative Server 4.1.3, today I see my server not 
> response and error or timeout on resolves .

Hi Hamed,

What you can best do is install dnsdist and put it in front of your
authoritative servers.

Try this dnsdist.conf, assuming your auth server will listen on 127.0.0.1
and your current auth server IP is 1.2.3.4:

newServer("127.0.0.1")
setLocal("1.2.3.4")
addAction(MaxQPSIPRule(10), DropAction())

This restricts each individual IP address to 10 queries per second. I also
recommend you setup the internal webserver which will give you a good feel
for what is going on, https://dnsdist.org/guides/webserver.html

If you don't want to drop, you can also shift traffic to TCP which stops
most attacks:

addAction(AndRule({TCPRule(false), MaxQPSIPRule(10)}), TCAction())

If this is not enough, you could use the EBPF kernel based limits as
described in https://dnsdist.org/advanced/ebpf.html

This allows you to filter like 20gbit/s of unwanted traffic if need be, but
it does require a recent kernel.

Good luck!

> 
> When check the server see to many DNS requests from some IPs from 
> Brazil like DDOS attack. To fix errors and timeouts, I block the 
> attacker subnet in my firewall .
> 
>  
> 
> Now could you please let me know how protect my server from DOS and 
> DDOS attacks ?
> 
>  
> 
> Best Regards,
> 
>  
> 
> Hamed Haghshenas
> 
>  
> 
>  
> 

> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users



___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-07 Thread Hamed Haghshenas 
Dear Mohamad,

My Server is public and I offer my service to lots of domains so I can't
specify the subnets. 

 

BR,

Hamed Haghshenas

 

From: Mohamad F. Barham [mailto:mbar...@birzeit.edu] 
Sent: Saturday, July 7, 2018 3:55 PM
To: Hamed Haghshenas ;
pdns-users@mailman.powerdns.com
Subject: Re: [Pdns-users] PDNS Authoritative Server DDOS Protection

 

in the conf file , you can specify the subnets those allowed to use this
server s.t (default )
allow-from = 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

 

 



 

  _  

From: Pdns-users < <mailto:pdns-users-boun...@mailman.powerdns.com>
pdns-users-boun...@mailman.powerdns.com> on behalf of Hamed Haghshenas <
<mailto:haghshe...@chavoosh.com> haghshe...@chavoosh.com>
Sent: Saturday, July 7, 2018 2:19:16 PM
To:  <mailto:pdns-users@mailman.powerdns.com>
pdns-users@mailman.powerdns.com
Subject: [Pdns-users] PDNS Authoritative Server DDOS Protection 

 

Hi,

 

I'm using PDNS Authoritative Server 4.1.3, today I see my server not
response and error or timeout on resolves .

When check the server see to many DNS requests from some IPs from Brazil
like DDOS attack. To fix errors and timeouts, I block the attacker subnet in
my firewall .

 

Now could you please let me know how protect my server from DOS and DDOS
attacks ?

 

Best Regards,

 

Hamed Haghshenas

 

 

~~ 
The information contained in this communication is intended solely for the
use of the individual or entity to whom it is addressed and others
authorized to receive it. It may contain confidential or legally privileged
information. If you are not the intended recipient you are hereby notified
that any disclosure, copying, distribution or taking any action in reliance
on the contents of this information is strictly prohibited and may be
unlawful. If you have received this communication in error, please notify us
immediately by responding to this email and then delete it from your system.
The University is neither liable for the proper and complete transmission of
the information contained in this communication nor for any delay in its
receipt. 
~~ 

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] PDNS Authoritative Server DDOS Protection

2018-07-07 Thread Hamed Haghshenas 
Hi,

 

I'm using PDNS Authoritative Server 4.1.3, today I see my server not
response and error or timeout on resolves .

When check the server see to many DNS requests from some IPs from Brazil
like DDOS attack. To fix errors and timeouts, I block the attacker subnet in
my firewall .

 

Now could you please let me know how protect my server from DOS and DDOS
attacks ?

 

Best Regards,

 

Hamed Haghshenas

 

 

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] SOA record not resolved for my domains

2018-04-29 Thread Hamed Haghshenas 
Hi,

 

I found the problem, it’s related to use wrong Schema, I update my database 
tables with Default Schema get from 
https://doc.powerdns.com/authoritative/backends/generic-mysql.html and fix the 
problem .

 

Best Regards,

Hamed Haghshenas

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] SOA record not resolved for my domains

2018-04-26 Thread Hamed Haghshenas 
Hi Brian ,

So the zone is web45.ir, and the nameserver is 136.243.129.13, which is known 
as both ns1.web45.ir and ns2.web45.ir. Is that correct (*)?

>> yes both nameservers pointed to one server and IP (136.243.129.13)

what version of pdns-authoritative are you using?

>> pdns-4.1.1-1

Where did you get the package from ?

repo.powerdns.com

What OS are you running underneath?

CentOS Linux release 7.4.1708

Have you tried turning off the geo-ip features and just serving a plain zone? 

No I didn’t, but I use geoip only for this subdomain “geo.web45.ir” like below :

domains:

- domain: geo.web45.ir

  ttl: 30

  records:

geo.web45.ir:

unknown.geo.web45.ir:

  - a: A.B.C.D

tcea.geo.web45.ir:

  - a: W.X.Y.Z

Best Regards,

Hamed Haghshenas

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] SOA record not resolved for my domains

2018-04-26 Thread Hamed Haghshenas 
Hi Bert,

Can you run pdnsutil check-zone web45.ir?

[root@ns1 chvadmin]# pdnsutil check-zone web45.ir
Apr 26 03:21:04 Reading random entropy from '/dev/urandom'
Apr 26 03:21:04 gmysql Connection successful. Connected to database
'powerdns' on 'localhost'.
Apr 26 03:21:04 gmysql Connection successful. Connected to database
'powerdns' on 'localhost'.
Checked 9 records of 'web45.ir', 0 errors, 0 warnings.


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] SOA record not resolved for my domains

2018-04-26 Thread Hamed Haghshenas 
Hi Nico,

I replied my domain name here 
https://mailman.powerdns.com/pipermail/pdns-users/2018-April/025316.html

 

Best Regards,

Hamed Haghshenas

 

 

Hi Hamed,


On 26 Apr 2018, at 06:34, Hamed Haghshenas <haghshe...@chavoosh.com 
<mailto:haghshe...@chavoosh.com> > wrote:

Hi,

 

I configure PowerDNS with configuration bellow :

setuid=pdns

setgid=pdns

launch=gmysql,geoip

gmysql-host=localhost

gmysql-user=powerdns

gmysql-password=Hamed@2013

gmysql-dbname=powerdns

geoip-database-files=/usr/share/GeoIP/GeoIP.dat

geoip-zones-file=/etc/pdns/GeoIP/geo.yaml

edns-subnet-processing=yes

log-dns-queries=yes

loglevel=9

udp-truncation-threshold=4096

server-id=ns1.example.com <http://ns1.example.com> 

 

my zone file for my website is like below where MY IP is (W.X.Y.Z):

$ORIGIN .

mail.example.com <http://mail.example.com>300 IN  A   W.X.Y.Z

ns1.example.com <http://ns1.example.com> 300 IN  A   W.X.Y.Z

ns2.example.com <http://ns2.example.com> 300 IN  A   W.X.Y.Z

example.com <http://example.com> 300 IN  A   W.X.Y.Z

example.com <http://example.com> 300 IN  MX  10 
mail.example.com <http://mail.example.com> .

example.com <http://example.com> 300 IN  NS  
ns1.example.com <http://ns1.example.com> .

example.com <http://example.com> 300 IN  NS  
ns2.example.com <http://ns2.example.com> .

example.com <http://example.com> 300 IN  SOA 
ns1.example.com <http://ns1.example.com>  hostmaster.example.com 
<http://hostmaster.example.com>  2018041910 28800 3600 3600 3600

www.example.com <http://www.example.com> 300 IN  CNAME   
example.com <http://example.com> .

 

but when try lookup for SOA record, nothing resolved !

 

dig example.com <http://example.com>  @8.8.8.8 SOA

;; QUESTION SECTION:

; example.com <http://example.com> .  IN  SOA

 

I appreciate it, if let me know how make changes to fix this problem (resolve 
SOA record).

 

 

Is example.com <http://example.com>  the zone you’re using? Or did you replace 
it in the above output?

 

If the former then you are not authoritative for it and that’s why Google 
public DNS won’t answer with what you configured. 

If the later please give us your domain name as well as your Authoritative IP 
addresses, otherwise it’s near to impossible to help you. 

 

Cheers,

 

-- 

Nico

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] SOA record not resolved for my domains

2018-04-26 Thread Hamed Haghshenas 
Dear Bert

My domain is web45.ir and the nameservers are ns1.web45.ir and ns2.web45.ir

So my zone will be like :

$ORIGIN .
mail.web45.ir   300 IN  A   136.243.129.13
ns1.web45.ir300 IN  A   136.243.129.13
ns2.web45.ir300 IN  A   136.243.129.13
web45.ir300 IN  A   136.243.129.13
web45.ir300 IN  MX  10 mail.web45.ir.
web45.ir300 IN  NS  ns1.web45.ir.
web45.ir300 IN  NS  ns2.web45.ir.
web45.ir300 IN  SOA ns1.web45.ir hostmaster.web45.ir
2018041910 28800 3600 3600 3600
www.web45.ir300 IN  CNAME   web45.ir.

noted I create these records by poweradmin .

Best Regards,
Hamed Haghshenas


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] SOA record not resolved for my domains

2018-04-25 Thread Hamed Haghshenas 
Hi,

 

I configure PowerDNS with configuration bellow :

setuid=pdns

setgid=pdns

launch=gmysql,geoip

gmysql-host=localhost

gmysql-user=powerdns

gmysql-password=Hamed@2013

gmysql-dbname=powerdns

geoip-database-files=/usr/share/GeoIP/GeoIP.dat

geoip-zones-file=/etc/pdns/GeoIP/geo.yaml

edns-subnet-processing=yes

log-dns-queries=yes

loglevel=9

udp-truncation-threshold=4096

server-id=ns1.example.com

 

my zone file for my website is like below where MY IP is (W.X.Y.Z):

$ORIGIN .

mail.example.com   300 IN  A   W.X.Y.Z

ns1.example.com300 IN  A   W.X.Y.Z

ns2.example.com300 IN  A   W.X.Y.Z

example.com300 IN  A   W.X.Y.Z

example.com300 IN  MX  10 mail.example.com.

example.com300 IN  NS  ns1.example.com.

example.com300 IN  NS  ns2.example.com.

example.com300 IN  SOA ns1.example.com
hostmaster.example.com 2018041910 28800 3600 3600 3600

www.example.com300 IN  CNAME   example.com.

 

but when try lookup for SOA record, nothing resolved !

 

dig example.com @8.8.8.8 SOA

;; QUESTION SECTION:

; example.com.  IN  SOA

 

I appreciate it, if let me know how make changes to fix this problem
(resolve SOA record).

 

Best Regards,

Hamed Haghshenas

 

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Announcing: Lua records, GSLB

2018-04-25 Thread Hamed Haghshenas 
Hi,

As I understand this future add to powerdns 4.2 and later .
Could you let me know is 4.2 is final release or in beta test ? I can't find it 
in powerdns repo ! should I compile from github or should wait for final 
release ?

Best Regards,
Hamed Haghshenas


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] GLSB with Health Check Mechanism

2018-04-24 Thread Hamed Haghshenas 
Hello Dears,

 

I run PDNS as traffic management for my servers, I install powerdns
Authoritative with EDNS Support and GeoIP Backend .

 

Then I create a yaml configuration file to manage my traffic based on client
subnets like bellow :

 

##

domains:

- domain: geo.web45.ir

  ttl: 30

  records:

geo.web45.ir:

unknown.geo.web45.ir:

  - a: A.B.C.D

tcea.geo.web45.ir:

  - a: W.X.Y.Z

tcwa.geo.web45.ir:

  - a: I.J.K.L

 

  services:

geo.web45.ir:

  default: [ 'unknown.geo.web45.ir' ]

# TCEA NETWORK #

  176.223.80.0/21: 'tcea.geo.web45.ir'

  176.65.160.0/19: 'tcea.geo.web45.ir'

# TCWA NETWORK #

  178.216.252.0/22: 'tcea.geo.web45.ir'

  185.131.128.0/18: 'tcea.geo.web45.ir'



 

Now I want add health check, for Example, before redirect 185.131.128.0/18
requests to I.J.K.L check the health of I.J.K.L

With ping, http or . and if is OK redirect to I.J.K.L else redirect to
default A.B.C.D .

 

Best Regards,

Hamed Haghshenas

 

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] define several IP Subnet for one service in GeoIP backend

2018-04-24 Thread Hamed Haghshenas 
Thanks dears,

 

From: Brian Candler [mailto:b.cand...@pobox.com] 
Sent: Monday, April 23, 2018 6:43 PM
To: Hamed Haghshenas <haghshe...@chavoosh.com>;
pdns-users@mailman.powerdns.com
Subject: Re: [Pdns-users] define several IP Subnet for one service in GeoIP
backend

 

On 23/04/2018 10:36, Hamed Haghshenas wrote:

I know, it's work with your example but I have many client subnet in my
network about 150 subnets .

 

So a little hard to write every subnet in separated line,I want to find a
way to combine these in one line for every service .

The configuration is YAML, so it's very easy to write a script to convert
from some local representation (in whatever format is convenient for you to
maintain) to the format that PDNS requires.

 

#!/usr/bin/python
import yaml

s1 = yaml.load("""
193.178.201.0/24,188.158.188.0/24: tcar.geo.gadgetworld.ir
""")
s2 = {}

for k, v in s1.items():
for i in k.split(","):
s2[i] = v

print(yaml.dump(s2, default_flow_style=False))

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] define several IP Subnet for one service in GeoIP backend

2018-04-23 Thread Hamed Haghshenas 
Dear Brian,

 

Thanks for your solution

 

I know, it's work with your example but I have many client subnet in my
network about 150 subnets .

 

So a little hard to write every subnet in separated line,I want to find a
way to combine these in one line for every service .

 

Best Regards,

Hamed Haghshenas

 

 

From: Brian Candler [mailto:b.cand...@pobox.com] 
Sent: Sunday, April 22, 2018 7:12 PM
To: Hamed Haghshenas <haghshe...@chavoosh.com>;
pdns-users@mailman.powerdns.com
Subject: Re: [Pdns-users] define several IP Subnet for one service in GeoIP
backend

 

On 22/04/2018 13:04, Hamed Haghshenas wrote:

Hi,

I configure PDNS Authoritative Server with GEOIP backend.

Now I want use several subnets in services but I don't know how ?

I use these schema like below :

  services:

geo.gadgetworld.ir:

  193.178.201.0/24,188.158.188.0/24: 'tcar.geo.gadgetworld.ir'

Have you tried:

services:
  geo.gadgetworld.ir:
193.178.201.0/24:
  tcar.geo.gadgetworld.ir
188.158.188.0/24:
  tcar.geo.gadgetworld.ir

 

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] define several IP Subnet for one service in GeoIP backend

2018-04-22 Thread Hamed Haghshenas 
Hi,

I configure PDNS Authoritative Server with GEOIP backend.

Now I want use several subnets in services but I don't know how ?

I use these schema like below :

  services:

geo.gadgetworld.ir:

  193.178.201.0/24,188.158.188.0/24: 'tcar.geo.gadgetworld.ir'

Or

  services:

geo.gadgetworld.ir:

 

  \"193.178.201.0/24\",\"188.158.188.0/24\": 'tcar.geo.gadgetworld.ir'

 

But only the first subnet work and two and next like 188.158.188.0/24 not
matched ?

 

Could you help me two write the correct format of services .

 

Best Regards

 

 

Hamed Haghshenas

Network expert,

Chavoosh Co.

Ferdowsi st.(Bridge End), Isfahan, IRAN.

Tel:+9831-32200200

Fax:+9831-32225198

Emails: haghshe...@chavoosh.com

 

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users