HI!
I have a very tiny and simple setup of PowerDNS Authorative server(s)
4.5.3 with LDAP backend using native OpenLDAP replication. Each pdns
instance asks a single local LDAP server (via ldapi://). No need for
AXFR or IXFR or anything similar fancy in this setup. Also no LDAP
fail-over to
On 5/21/21 12:49 AM, Nikolaos Milas via Pdns-users wrote:
> However, I am now trying to start the upgraded server and I get the
> message (in journal):
>
> Caught an exception instantiating a backend: launch= suffixes are
> not supported on the bindbackend
>
>
On 5/11/21 7:22 PM, Otto Moerbeek wrote:
> On Tue, May 11, 2021 at 07:01:08PM +0200, Michael Ströder via Pdns-users
> wrote:
>> Was support for running on 32-bit platforms dropped?
>
> Yes, as you can read further down below in the announcement.
Arrgh! Missed that. Sorry fo
HI!
Was support for running on 32-bit platforms dropped?
configure fails with:
configure: error: size of time_t is 4, which is not large enough to fix
the y2k38 bug
See build system:
https://build.opensuse.org/package/show/home:stroeder:network/pdns-recursor
Ciao, Michael.
On 5/11/21 11:49
On 2/19/21 10:31 AM, Dario García Díaz-Miguel via Pdns-users wrote:
> I had to add to the /etc/openldap/ldap.conf the following parameter:
>
> SASL_MECH GSSAPI
FYI: If you don't want to set this globally you can set env var LDAPRC
or LDAPCONF to point to a service-specific ldap.conf.
See the
On 9/9/20 11:48 AM, Otto Moerbeek via Pdns-users wrote:
> On 2020-09-09 11:39, Otto Moerbeek via Pdns-users wrote:
>> I do not know what I was doing when I previously looked at this,
>> but this seem to be the minimal patch for the rel/rec-4.3.x branch.
>> Can you check if it works for you?>
> And
On 9/8/20 11:49 AM, Remi Gacogne via Pdns-users wrote:
> On 9/8/20 11:39 AM, Michael Ströder via Pdns-users wrote:
>
>> Currently building PowerDNS Recursor fails building on openSUSE
>> Tumbleweed/Factory:
>
> It's an issue caused by Boost >= 1.73, see [1]. We
HI!
Currently building PowerDNS Recursor fails building on openSUSE
Tumbleweed/Factory:
https://build.opensuse.org/package/live_build_log/home:stroeder:branches:server:dns/pdns-recursor/openSUSE_Tumbleweed/x86_64
Note that openSUSE Tumbleweed/Factory uses
gcc version 10.2.1 20200825 [revision
On 5/16/20 10:25 PM, bert hubert wrote:
> On Sat, May 16, 2020 at 08:42:21PM +0200, Michael Ströder via Pdns-users
> wrote:
>> But I wonder why CAP_CHOWN is set in CapabilityBoundingSet= and
>> AmbientCapabilities= and I could not find a reason in the git history of
>>
HI!
I appreciate that
pdns/recursordist/pdns-recursor.service.in
already contains some of systemd's hardening options.
But I wonder why CAP_CHOWN is set in CapabilityBoundingSet= and
AmbientCapabilities= and I could not find a reason in the git history of
that file.
It seems to run without that
On 1/7/20 3:00 PM, Sharone Bakara wrote:
> On 7 Jan 2020, at 16:55, Remi Gacogne wrote:
>> On 1/7/20 2:41 PM, Sharone wrote:
>>> '/var/run/pdns-recursor': Permission denied"*
>> I'm not sure of what your SNMP setup is, but it looks like the user
>> invoking rec_control does not have the rights
On 9/27/19 8:30 PM, Vitali Quiering via Pdns-users wrote:
> I just started using PowerDNS Authoritative Server recently and got
> to the point where I need all changes logged. Is there an option I
> missed? If there is none: How do you log your changes?
Probably not exactly the answer you're
bert hubert wrote:
> We have done some very tentative measurements on the Linux Meltdown
> workaround & impact on DNS performance.
Besides the performance impact of the "fixes" doesn't this mean that
people should stop doing DNSSEC signing on-the-fly on the authorative
server and move DNSSEC
Dirk Bartley wrote:
> You could log the who of who is logged into the database, but if the database
> connection is done from a front end, it would always be the users the front
> end
> connects to the database as. But if you have a front end, just manage it by
> who
> is logged into the Front
Dirk Bartley wrote:
> I have been asked to look at some options for assisting my employer to
> alter the way our internal dns is served. One of the features being
> requested is the ability to log the who, what and when of all changes
> to the data that dns is serving. Of course when I search
r0m5 wrote:
> So here is my question : what do you think would be a convenient way to
> manage zone and
> records using the LDAP backend ? How do you guys proceed ?
For managing DNS zones in a pdns LDAP backend I've added some plugin classes to
my own
client: https://web2ldap.de/
Be warned it's
StanC wrote:
> Is there a method of translating the ldap schema that Rudder uses for
> its node inventory and using this in a pdns ldap backend?
More or less you're asking for same feature like me:
https://github.com/PowerDNS/pdns/issues/1832
> I had this fantasy that one could connect to
Pieter Lexis wrote:
> * A revived and supported LDAP backend (ldap).
Thanks! :-)
CIao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
l...@consolejunkie.net wrote:
On 2015-04-24 21:35, Michael Ströder wrote:
Michael Ströder wrote:
We're currently testing DNSSEC validation with libunbound 1.5.3 with all
the RRs
retrieved through a pdns-recursor (also tested 3.7.2).
It seems that
1. libunbound does not explicitly retrieve
HI!
We're currently testing DNSSEC validation with libunbound 1.5.3 with all
the RRs
retrieved through a pdns-recursor (also tested 3.7.2).
It seems that
1. libunbound does not explicitly retrieve the RRSIG RRs and
2. pdns-recursor does not return them when not explicitly request (qtype
Michael Ströder wrote:
We're currently testing DNSSEC validation with libunbound 1.5.3 with all the RRs
retrieved through a pdns-recursor (also tested 3.7.2).
It seems that
1. libunbound does not explicitly retrieve the RRSIG RRs and
2. pdns-recursor does not return them when not explicitly
HI!
It seems this wiki page mentions rather old pdns versions:
http://wiki.powerdns.com/trac/wiki/LargeScaleDNSSECBCP
Are there more recent insight to consider regarding versions?
Especially when thinking about pdns upgrade 3.3.x - 3.4.1 for DNSSEC?
Ciao, Michael.
--
Michael Ströder
E-Mail
Nikolaos Milas wrote:
If you managed to set up this demo (Split-DNS with powerdns and LDAP-Backend)
for the Linux-Tage, could you please post this work here or a link to a page
where it is available?
Basically it boils down to this ACL:
access to
dn.subtree=cn=pdns,ou=services,ou=infra-dir
Nikolaos Milas wrote:
On 3/3/2015 2:44 μμ, Nikolaos Milas wrote:
Ideally, we would like pdns to be configured to reply to requests *for
particular names* (under a specific subdomain, say internal.example.com) by
only providing records (if available, otherwise no results) and hide A
Peter van Dijk wrote:
(2) it looks like your RRSIGs and KSK DNSKEY on the slave are truncated; we
recommend increasing the size of the ‘content’ column in the records table
(see our upgrade notes https://doc.powerdns.com/md/authoritative/upgrading/
)
(Sigh!) I really wonder why the LDAP
Ciro Iriarte wrote:
2015-02-24 17:49 GMT-03:00 Ciro Iriarte cyru...@gmail.com:
Hi!, I'm seeing a lot of messages of type Timeout from remote TCP client
10.XXX.XXX.XXX, it seems to be an attack given we have any-to-tcp = yes.
Is this usual?, is there anyway to identify the attackers?. The
bert hubert wrote:
In this post, we’d like to share our current plans for .. PowerDNS 4.x!
Glad to read all your plans.
* We treat DNS names as ASCII strings, which we escape and unescape
repeatedly. DNS names are not ascii strings, and we keep finding
issues related to us
Nick Williams wrote:
I try to always use software packages from my distro package managers
(OpenSUSE zypper and CentOS yum) when I can, because it's easier and it
resolves all my dependencies for me.
But my distro
Which is your distro? Vendor and exact version number?
For openSUSE I'm
Jan-Piet Mens wrote:
Would it be possible to setup a authorative PowerDNS server with DNSSEC
support using the LDAP backend?
The LDAP back-end doesn't support DNSSEC.
I'm aware that the LDAP back-end is not fully supported.
Let me be more precise:
I don't need auto-signing or support by
HI!
Would it be possible to setup a authorative PowerDNS server with DNSSEC
support using the LDAP backend?
Do I have to extend some DNSSEC-related RRs in the list ldap_attrany in file
modules/ldapbackend/ldapbackend.hh ? As it seems to me the attribute name is
derived from qtype name string and
HI!
I know that the LDAP backend is not very high on the list of powerdns
development. But I'd like to propose a small enhancement which would make some
unusual LDAP-related setups easier.
Simple new config item 'ldap-filter-template':
Default:
ldap-filter-template = '(associatedDomain={0})'
k...@rice.edu wrote:
On Thu, Jun 26, 2014 at 10:21:06PM +0100, Jorge Bastos wrote:
For the DNSSEC part, is there a way to create the DNSSEC information just by
SQL ?
If not, the solution is to run pdnssec secure-zone ZONE in a loop on a
cron script, am I right?
I do not know about a SQL
Fredrik Roubert wrote:
My ISP is running a slave DNS service, using PowerDNS 3.0 as this is the
version included in Ubuntu 12.04 LTS. I've already read this post, about
DNSSEC in 3.0 being explicitly deprecated:
http://mailman.powerdns.com/pipermail/pdns-users/2012-July/009099.html
Marc Haber wrote:
pdns-users is an english language mailing list.
On Fri, Aug 16, 2013 at 10:09:44AM +0200, abang wrote:
aber ich brauche eines für Debian auf Raspberry Pi.
wo du ein fertiges Binary für armv6l bekommst weiß ich nicht. Aber
du könntest versuchen, selbst zu kompilieren.
Posner, Sebastian wrote:
CMIIW, but I understand Alex doesn't want to monitor _his_ authoritative
nameservers' performance/availability, but that of the resolver his
upstream provides him with, and/or get a general heatmap of the state
of DNS on teh intartubes.
Whilst for monitoring _your_
Michael Ströder wrote:
Posner, Sebastian wrote:
CMIIW, but I understand Alex doesn't want to monitor _his_ authoritative
nameservers' performance/availability, but that of the resolver his
upstream provides him with, and/or get a general heatmap of the state
of DNS on teh intartubes.
Whilst
Peter van Dijk wrote:
On Apr 26, 2013, at 18:57 , Michael Ströder wrote:
What's the simplest and hopefully efficient way to block domains from being
resolved by pdns-recursor?
I'd like to just NXDOMAIN being returned for all RRs in unwanted domains.
Like JP said, Lua is a very good
HI!
What's the simplest and hopefully efficient way to block domains from being
resolved by pdns-recursor?
I'd like to just NXDOMAIN being returned for all RRs in unwanted domains.
Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
38 matches
Mail list logo