subject:"\[Pdns\-users\] PowerDNS Delegation \(SmartConnect Isilon\)"

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-17 Thread Drew Decker

The versions of PowerDNS that we are running are as follows (and I don’t think 
it matches the criteria that the bug indicates, but could be a new bug):

PowerDNS Server:
Version: 3.2, compiled on Jan 17 2013, 11:13:59 with gcc version 4.4.6 20120305 
(Red Hat 4.4.6-4)

PowerDNS Recursor:
version: 3.5.2

-- 
Drew Decker


On December 16, 2013 at 11:10:02 AM, Michael Loftis (mlof...@wgops.com) wrote:

I can't replicate with 3.0.1 so I don't think its in any current code. Barring 
a regression of course. Idk what he is running but it is possible that its old 
and affected. Can't be sure since I can't investigate directly.

On Dec 15, 2013 11:40 PM, Peter van Dijk peter.van.d...@netherlabs.nl wrote:
Hello folks,

I have not followed this thread (I saw it was full of helpful people already!), 
but I would just like to point out that that bug is actually 8 years old -- our 
github migration could not copy the timestamps reliably. The fix was in version 
2.9.20, released March 2006.

That said, if anybody does think a bug has been found in a recent PowerDNS, 
we're happy to look into it!

Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

On Dec 13, 2013, at 23:54 , Michael Loftis wrote:

 Ah...You actually *may* have hit a bug.  What version of powerdns and
 what backend?  There's an issue on github, number 49, fixed in commit
 number 549 according to the bug where PDNS was behaving similar to
 this...if you dig for things *under* that subdomain eg
 test.labisilon.lab.domain.com you get the correct response (NS and A
 records w/ no AA bit indicating you must chase the delegation) -- but
 when querying for the delegated domain, it returns the SOA and an AA
 bit w/ NXDOMAIN indicating no such record.
 https://github.com/PowerDNS/pdns/issues/49



___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

___  
Pdns-users mailing list  
Pdns-users@mailman.powerdns.com  
http://mailman.powerdns.com/mailman/listinfo/pdns-users  
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-16 Thread Michael Loftis

I can't replicate with 3.0.1 so I don't think its in any current code.
Barring a regression of course. Idk what he is running but it is possible
that its old and affected. Can't be sure since I can't investigate directly.
On Dec 15, 2013 11:40 PM, Peter van Dijk peter.van.d...@netherlabs.nl
wrote:

 Hello folks,

 I have not followed this thread (I saw it was full of helpful people
 already!), but I would just like to point out that that bug is actually 8
 years old -- our github migration could not copy the timestamps reliably.
 The fix was in version 2.9.20, released March 2006.

 That said, if anybody does think a bug has been found in a recent
 PowerDNS, we're happy to look into it!

 Kind regards,
 --
 Peter van Dijk
 Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

 On Dec 13, 2013, at 23:54 , Michael Loftis wrote:

  Ah...You actually *may* have hit a bug.  What version of powerdns and
  what backend?  There's an issue on github, number 49, fixed in commit
  number 549 according to the bug where PDNS was behaving similar to
  this...if you dig for things *under* that subdomain eg
  test.labisilon.lab.domain.com you get the correct response (NS and A
  records w/ no AA bit indicating you must chase the delegation) -- but
  when querying for the delegated domain, it returns the SOA and an AA
  bit w/ NXDOMAIN indicating no such record.
  https://github.com/PowerDNS/pdns/issues/49



 ___
 Pdns-users mailing list
 Pdns-users@mailman.powerdns.com
 http://mailman.powerdns.com/mailman/listinfo/pdns-users


___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-15 Thread Peter van Dijk

Hello folks,

I have not followed this thread (I saw it was full of helpful people already!), 
but I would just like to point out that that bug is actually 8 years old -- our 
github migration could not copy the timestamps reliably. The fix was in version 
2.9.20, released March 2006.

That said, if anybody does think a bug has been found in a recent PowerDNS, 
we're happy to look into it!

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

On Dec 13, 2013, at 23:54 , Michael Loftis wrote:

 Ah...You actually *may* have hit a bug.  What version of powerdns and
 what backend?  There's an issue on github, number 49, fixed in commit
 number 549 according to the bug where PDNS was behaving similar to
 this...if you dig for things *under* that subdomain eg
 test.labisilon.lab.domain.com you get the correct response (NS and A
 records w/ no AA bit indicating you must chase the delegation) -- but
 when querying for the delegated domain, it returns the SOA and an AA
 bit w/ NXDOMAIN indicating no such record.
 https://github.com/PowerDNS/pdns/issues/49




signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-13 Thread k...@rice.edu

On Thu, Dec 12, 2013 at 06:17:50PM -0600, Drew Decker wrote:
 Does anyone else know of a way to do this, or could give me some
 recommendations on how we could do this in or current configuration?  We
 just  need to be able to create a delegation in PowerDNS to  use a
 different Nameserver on the actual isilon.  We are basically delegating to
 the Isilon for a specific subdomain.
 
 Thanks!
 

Hi again Drew,

I thought that you said that you shared the domain with the Isilon? But
above you say that it is its own domain. Which is it? I thought that the
Isilon required its own domain to work.

Regards,
Ken

 
 On Wed, Dec 4, 2013 at 2:06 PM, k...@rice.edu k...@rice.edu wrote:
 
  On Wed, Dec 04, 2013 at 02:03:57PM -0600, Drew Decker wrote:
   Ken,
  
   Yea - I don't think this will work for us.  Our domain is shared with the
   Isilon, so it would be lab.domain.com, and I don't want to forward the
   entire zone over to the Isilon.
  
   thanks!
  
 
  Yes, we put our Isilon in its own (sub)domain for exactly that reason. It
  made this easy. You could roll-your-own with lua in the recursor if a
  separate
  domain is not possible.
 
  Regards,
  Ken
 
 
 
 
 -- 
 Best Regards,
 Drew Decker

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-13 Thread Drew Decker

No it's shared - so to speak. It's part of the lab.example.com domain. That's 
the common domain. I'm trying to delegate labisilon.lab.example.com to the 
isilon smartconnect feature. 

Sent from my iPhone

 On Dec 13, 2013, at 7:48 AM, k...@rice.edu k...@rice.edu wrote:
 
 On Thu, Dec 12, 2013 at 06:17:50PM -0600, Drew Decker wrote:
 Does anyone else know of a way to do this, or could give me some
 recommendations on how we could do this in or current configuration?  We
 just  need to be able to create a delegation in PowerDNS to  use a
 different Nameserver on the actual isilon.  We are basically delegating to
 the Isilon for a specific subdomain.
 
 Thanks!
 
 Hi again Drew,
 
 I thought that you said that you shared the domain with the Isilon? But
 above you say that it is its own domain. Which is it? I thought that the
 Isilon required its own domain to work.
 
 Regards,
 Ken
 
 
 On Wed, Dec 4, 2013 at 2:06 PM, k...@rice.edu k...@rice.edu wrote:
 
 On Wed, Dec 04, 2013 at 02:03:57PM -0600, Drew Decker wrote:
 Ken,
 
 Yea - I don't think this will work for us.  Our domain is shared with the
 Isilon, so it would be lab.domain.com, and I don't want to forward the
 entire zone over to the Isilon.
 
 thanks!
 
 Yes, we put our Isilon in its own (sub)domain for exactly that reason. It
 made this easy. You could roll-your-own with lua in the recursor if a
 separate
 domain is not possible.
 
 Regards,
 Ken
 
 
 
 -- 
 Best Regards,
 Drew Decker

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-13 Thread Michael Loftis

So there is no A record for labisilon.lab.example.com in the pdns01 name
server? (What's the dig output when you request the A record for the
delegated domain?)
Michael,

You are correct - my typo - it is labisilon (not simply isilon).

When I do “dig @pdns01 NS labisilon.lab.example.com I get the following:

$ dig @psl-pdns01 ns pslisilon.lab.securustech.net

;  DiG 9.8.3-P1  @psl-pdns01 ns pslisilon.lab.securustech.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 53684
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;labisilon.lab.example.com. IN NS

;; AUTHORITY SECTION:
labisilon.lab.example.com. 900 IN NS lab-isilon.lab.example.com.

;; ADDITIONAL SECTION:
lab-isilon.lab.example.com. 900 IN A x.x.x.x

;; Query time: 59 msec

I don’t believe the records are overlapping according to this output but
please correct me if I’m wrong on this.

-- 
Drew Decker
Sent with Airmail http://airmailapp.com/tracking

On December 13, 2013 at 12:35:02 AM, Michael Loftis
(mlof...@wgops.com//mlof...@wgops.com)
wrote:

Is the delegated zone isilon or labisilon? I think you need to check the A,
and NS records as you've mixed them up even in the email there. I would
delegate a completely different sub domain than I would name the A record
just to avoid such confusion, it sounds like you've got an NS and A records
for the same name, which is why you're getting the static A record from
powerdns.

In your typed example you are using labisilon as the sub domain and
lab-isilon as the A record and NS delegation...  What does dig NS
labisilon.lab.example.com @1.2.3.4 give you? (Replace 1.2.3.4 with the pdns
auth server ip address) you should get back two records, one NS type
pointing to lab-isilon and one A type giving the address to send UDP/TCP
queries to.

Sounds like that's where the problem is still. Your delegation shouldn't
have any overlapping A records labisilon should be just an NS which
points to lab-isilon, otherwise you get the behavior you described. Which
is a broken delegation.
On Dec 12, 2013 9:54 PM, Drew Decker drewrocksh...@gmail.com wrote:

  Michael,

  I think  you only read a few posts on this thread, so I’ll give you some
 details of what had/has been done up to this point, as I read your entire
 email and from what you are saying, I’ve already done (which is why I’m
 reaching out to the community) - correct me if I’m wrong.

  I have a single zone: *lab.example.com http://lab.example.com*

  The isilon needs a delegated zone for it to use, so we simply chose 
 *isilon.lab.example.com
 http://isilon.lab.example.com*

  From a PowerDNS perspective, *lab.example.com http://lab.example.com*lives 
 on a single server
 *pdns01* and the database server runs on its own dedicated hardware
 *pdnsdb01*.

  A single zone was created - *lab.example.com http://lab.example.com*

  We added the following DNS records to PowerDNS (in the *lab.example.com
 http://lab.example.com* zone):

 labisilon.lab.example.com. 900 IN NS 
 lab-isilon.lab.example.com.lab-isilon.lab.example.com. 900 IN A x.x.x.x

 Once we added this, it still does not work; when we ping 
 labisilon.lab.example.com, it returns the IP from lab-isilon.lab.example.com, 
 which would be as expected, but since the “x.x.x.x” IP is a SmartConnect IP 
 on the Isilon, it actually takes that IP gives a random IP (depends on how 
 the Isilon is configured) back to the client.  So, in our case, we basically 
 round-robin it, so each new request to the isilon should give us a new IP, 
 until we get to the end, and then we start over.

 I just need to know if I’m missing something here, and if not, maybe it is an 
 issue with the Isilon, in this case.  I just want to make sure that I’m 
 setting up DNS delegation correctly in PowerDNS, or if I’m missing something 
 PowerDNS specific.

  Thanks for your continued input.

 --
 Drew Decker


 On December 12, 2013 at 9:32:33 PM, Michael Loftis 
 (mlof...@wgops.com//mlof...@wgops.com)
 wrote:

  The most common and obvious example of glue is when you have a TLD
 such as GOV, COM, or EDU delegate your domain, your NS records usually
 exist within your domain so glue must exist higher up, exact same
 principal applies at every level where a delegation occurs. Say
 isil.lab.example.com is served by the isilon. This is the delegated
 subdomain. lab.example.com is served by other nameservers. The A
 record you're using could be ns1.isil.lab.example.com, and so must
 exist in both the isil.lab.example.com domain, AND the lab.example.com
 domain, in two seperate nameservers.

 You must have on BOTH the lab.example.com and the isil.lab.example.com
 domains and nameservers A records for out of zone nameservers in
 subdomains are called glue. Nothing magical. Everyone has some in
 COM, GOV, EDU, ORG, etc. If you take a look at google.com, you'll see
 ns1 through ns4.google.com -- those four A records exist in the COM
 zone

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-13 Thread Drew Decker

Sorry - replace “pslisilon.lab.securustech.net” with “pslisilon.lab.domain.com” 
(trying to keep things simple)

-- 
Drew Decker
Sent with Airmail

On December 13, 2013 at 10:23:02 AM, Drew Decker (drewrocksh...@gmail.com) 
wrote:

pslisilon.lab.securustech.net___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-13 Thread Drew Decker

Same output -

dig @psl-pdns01 A pslisilon.lab.securustech.net

;  DiG 9.8.3-P1  @pdns01 A labisilon.lab.domain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 24930
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;labisilon.lab.domain.com.  IN  A

;; AUTHORITY SECTION:
labisilon.lab.domain.com 900 IN NS  lab-isilon.lab.domain.com.

;; ADDITIONAL SECTION:
lab-isilon.lab.domain.com.  900 IN  A   x.x.x.x

;; Query time: 2 msec

Do I need to specifically add an “A” record of labisilon.lab.domain.com - 
x.x.x.x?
-- 
Drew Decker
Sent with Airmail

On December 13, 2013 at 10:18:10 AM, Michael Loftis (mlof...@wgops.com) wrote:

labisilon.lab.example.com___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-13 Thread Michael Loftis

No you definitely do not want to add an A record for
labisilon.lab.domain.com to the powerdns server, that would cause it
to always serve the A record.  From the response information I take it
the powerdns server isn't your recursive resolver (IE it's not whats
in the /etc/resolv.conf or equivalent for your platform) - but from
the output you've shown me the first half of the delegation is fine.
The second half of the delegation must also exist or BIND in
particular won't count it as valid (though the validation is lazy so
you'll sometimes get an answer, but most of the time not) -- and hte
second half is the matching NS record on the isilon, and the SOA
(though the SOA is less important) -- you'll want to do the same dig
@x.x.x.x NS labisilon.lab.domain.com and dig @x.x.x.x A
labisilon.lab.domain.com - this is all part of diagnosing what
actually *is* happening with this delegation. If the NS records aren't
being returned from the isilon or the A or SOA isn't I can't really
help you out there if those aren't there as I've never used the
smartconnect product though there's a small chance I can get some
information since we used their storage boxes at my present day job
years back before I started (We literally have a couple racks worth of
them sitting around after being decommissioned).


... reading a bit in...is securustech.net the actual domain?  It has
wild cards which would be causing all manner of hell for you, if the A
record you're getting back is the same as I'm seeing from the outside
- 69.43.161.163 - then that would explain your problems.  Your
recursive resolver is getting the wildcard answers from your outside
nameservers.

On Fri, Dec 13, 2013 at 8:23 AM, Drew Decker drewrocksh...@gmail.com wrote:
 Same output -

 dig @psl-pdns01 A pslisilon.lab.securustech.net

 ;  DiG 9.8.3-P1  @pdns01 A labisilon.lab.domain.com
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; -HEADER- opcode: QUERY, status: NOERROR, id: 24930
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

 ;; QUESTION SECTION:
 ;labisilon.lab.domain.com. IN A

 ;; AUTHORITY SECTION:
 labisilon.lab.domain.com 900 IN NS lab-isilon.lab.domain.com.

 ;; ADDITIONAL SECTION:
 lab-isilon.lab.domain.com. 900 IN A x.x.x.x

 ;; Query time: 2 msec

 Do I need to specifically add an “A” record of labisilon.lab.domain.com -
 x.x.x.x?
 --
 Drew Decker
 Sent with Airmail

 On December 13, 2013 at 10:18:10 AM, Michael Loftis (mlof...@wgops.com)
 wrote:

 labisilon.lab.example.com



-- 

Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds.
-- Samuel Butler

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-13 Thread Drew Decker

Michael,

the PowerDNS server IS the main recursor resolver and the IP of the PowerDNS 
server is actually in /etc/resolv.conf for all of the platform servers.  We no 
longer have any BIND servers in our infrastructure.

Here are the dig outputs:

$ dig @pdns01 NS labisilon.lab.domain.com

;  DiG 9.8.3-P1  @pdns01 NS labisilon.lab.domain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 9680
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;labisilon.lab.domain.com.  IN  NS

;; AUTHORITY SECTION:
lab.domain.com. 900 IN  SOA pdns01.lab.domain.com. 
linuxadmins.domain.com. 2013073047 86400 7200 604800 3600

;; Query time: 1 msec

[~]
ddecker$ dig @pdns01 A labisilon.lab.domain.com

;  DiG 9.8.3-P1  @pdns01 A labisilon.lab.domain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 1337
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;labisilon.lab.domain.com.  IN  A

;; AUTHORITY SECTION:
lab.domain.com. 900 IN  SOA pdns01.lab.domain.com. 
linuxadmins.domain.com. 2013073047 86400 7200 604800 3600

;; Query time: 0 msec


-- 
Drew Decker
Sent with Airmail

On December 13, 2013 at 12:08:35 PM, Michael Loftis (mlof...@wgops.com) wrote:

No you definitely do not want to add an A record for  
labisilon.lab.domain.com to the powerdns server, that would cause it  
to always serve the A record. From the response information I take it  
the powerdns server isn't your recursive resolver (IE it's not whats  
in the /etc/resolv.conf or equivalent for your platform) - but from  
the output you've shown me the first half of the delegation is fine.  
The second half of the delegation must also exist or BIND in  
particular won't count it as valid (though the validation is lazy so  
you'll sometimes get an answer, but most of the time not) -- and hte  
second half is the matching NS record on the isilon, and the SOA  
(though the SOA is less important) -- you'll want to do the same dig  
@x.x.x.x NS labisilon.lab.domain.com and dig @x.x.x.x A  
labisilon.lab.domain.com - this is all part of diagnosing what  
actually *is* happening with this delegation. If the NS records aren't  
being returned from the isilon or the A or SOA isn't I can't really  
help you out there if those aren't there as I've never used the  
smartconnect product though there's a small chance I can get some  
information since we used their storage boxes at my present day job  
years back before I started (We literally have a couple racks worth of  
them sitting around after being decommissioned).  


... reading a bit in...is securustech.net the actual domain? It has  
wild cards which would be causing all manner of hell for you, if the A  
record you're getting back is the same as I'm seeing from the outside  
- 69.43.161.163 - then that would explain your problems. Your  
recursive resolver is getting the wildcard answers from your outside  
nameservers.  

On Fri, Dec 13, 2013 at 8:23 AM, Drew Decker drewrocksh...@gmail.com wrote:  
 Same output -  
  
 dig @psl-pdns01 A pslisilon.lab.securustech.net  
  
 ;  DiG 9.8.3-P1  @pdns01 A labisilon.lab.domain.com  
 ; (1 server found)  
 ;; global options: +cmd  
 ;; Got answer:  
 ;; -HEADER- opcode: QUERY, status: NOERROR, id: 24930  
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1  
  
 ;; QUESTION SECTION:  
 ;labisilon.lab.domain.com. IN A  
  
 ;; AUTHORITY SECTION:  
 labisilon.lab.domain.com 900 IN NS lab-isilon.lab.domain.com.  
  
 ;; ADDITIONAL SECTION:  
 lab-isilon.lab.domain.com. 900 IN A x.x.x.x  
  
 ;; Query time: 2 msec  
  
 Do I need to specifically add an “A” record of labisilon.lab.domain.com -  
 x.x.x.x?  
 --  
 Drew Decker  
 Sent with Airmail  
  
 On December 13, 2013 at 10:18:10 AM, Michael Loftis (mlof...@wgops.com)  
 wrote:  
  
 labisilon.lab.example.com  



--  

Genius might be described as a supreme capacity for getting its possessors  
into trouble of all kinds.  
-- Samuel Butler  
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-13 Thread Michael Loftis

Ah...You actually *may* have hit a bug.  What version of powerdns and
what backend?  There's an issue on github, number 49, fixed in commit
number 549 according to the bug where PDNS was behaving similar to
this...if you dig for things *under* that subdomain eg
test.labisilon.lab.domain.com you get the correct response (NS and A
records w/ no AA bit indicating you must chase the delegation) -- but
when querying for the delegated domain, it returns the SOA and an AA
bit w/ NXDOMAIN indicating no such record.
https://github.com/PowerDNS/pdns/issues/49

Might actually be that bug you're seeing!  Sorry for the run around if
so, I didn't even know the bug existed until now.

This of course assumes correct records and all...which is why I had
you run all those digs...

On Fri, Dec 13, 2013 at 10:22 AM, Drew Decker drewrocksh...@gmail.com wrote:
 Michael,

 the PowerDNS server IS the main recursor resolver and the IP of the PowerDNS
 server is actually in /etc/resolv.conf for all of the platform servers.  We
 no longer have any BIND servers in our infrastructure.

 Here are the dig outputs:

 $ dig @pdns01 NS labisilon.lab.domain.com

 ;  DiG 9.8.3-P1  @pdns01 NS labisilon.lab.domain.com
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 9680
 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

 ;; QUESTION SECTION:
 ;labisilon.lab.domain.com. IN NS

 ;; AUTHORITY SECTION:
 lab.domain.com. 900 IN SOA pdns01.lab.domain.com. linuxadmins.domain.com.
 2013073047 86400 7200 604800 3600

 ;; Query time: 1 msec

 [~]
 ddecker$ dig @pdns01 A labisilon.lab.domain.com

 ;  DiG 9.8.3-P1  @pdns01 A labisilon.lab.domain.com
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 1337
 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

 ;; QUESTION SECTION:
 ;labisilon.lab.domain.com. IN A

 ;; AUTHORITY SECTION:
 lab.domain.com. 900 IN SOA pdns01.lab.domain.com. linuxadmins.domain.com.
 2013073047 86400 7200 604800 3600

 ;; Query time: 0 msec


 --
 Drew Decker
 Sent with Airmail

 On December 13, 2013 at 12:08:35 PM, Michael Loftis (mlof...@wgops.com)
 wrote:

 No you definitely do not want to add an A record for
 labisilon.lab.domain.com to the powerdns server, that would cause it
 to always serve the A record. From the response information I take it
 the powerdns server isn't your recursive resolver (IE it's not whats
 in the /etc/resolv.conf or equivalent for your platform) - but from
 the output you've shown me the first half of the delegation is fine.
 The second half of the delegation must also exist or BIND in
 particular won't count it as valid (though the validation is lazy so
 you'll sometimes get an answer, but most of the time not) -- and hte
 second half is the matching NS record on the isilon, and the SOA
 (though the SOA is less important) -- you'll want to do the same dig
 @x.x.x.x NS labisilon.lab.domain.com and dig @x.x.x.x A
 labisilon.lab.domain.com - this is all part of diagnosing what
 actually *is* happening with this delegation. If the NS records aren't
 being returned from the isilon or the A or SOA isn't I can't really
 help you out there if those aren't there as I've never used the
 smartconnect product though there's a small chance I can get some
 information since we used their storage boxes at my present day job
 years back before I started (We literally have a couple racks worth of
 them sitting around after being decommissioned).


 ... reading a bit in...is securustech.net the actual domain? It has
 wild cards which would be causing all manner of hell for you, if the A
 record you're getting back is the same as I'm seeing from the outside
 - 69.43.161.163 - then that would explain your problems. Your
 recursive resolver is getting the wildcard answers from your outside
 nameservers.

 On Fri, Dec 13, 2013 at 8:23 AM, Drew Decker drewrocksh...@gmail.com
 wrote:
 Same output -

 dig @psl-pdns01 A pslisilon.lab.securustech.net

 ;  DiG 9.8.3-P1  @pdns01 A labisilon.lab.domain.com
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; -HEADER- opcode: QUERY, status: NOERROR, id: 24930
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

 ;; QUESTION SECTION:
 ;labisilon.lab.domain.com. IN A

 ;; AUTHORITY SECTION:
 labisilon.lab.domain.com 900 IN NS lab-isilon.lab.domain.com.

 ;; ADDITIONAL SECTION:
 lab-isilon.lab.domain.com. 900 IN A x.x.x.x

 ;; Query time: 2 msec

 Do I need to specifically add an “A” record of labisilon.lab.domain.com -
 x.x.x.x?
 --
 Drew Decker
 Sent with Airmail

 On December 13, 2013 at 10:18:10 AM, Michael Loftis (mlof...@wgops.com)
 wrote:

 labisilon.lab.example.com



 --

 Genius might be described as a supreme capacity for getting its possessors
 into trouble of all kinds.
 -- Samuel Butler



-- 

Genius might be described as a supreme capacity for getting its possessors
into

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-12 Thread Drew Decker

Does anyone else know of a way to do this, or could give me some
recommendations on how we could do this in or current configuration?  We
just  need to be able to create a delegation in PowerDNS to  use a
different Nameserver on the actual isilon.  We are basically delegating to
the Isilon for a specific subdomain.

Thanks!


On Wed, Dec 4, 2013 at 2:06 PM, k...@rice.edu k...@rice.edu wrote:

 On Wed, Dec 04, 2013 at 02:03:57PM -0600, Drew Decker wrote:
  Ken,
 
  Yea - I don't think this will work for us.  Our domain is shared with the
  Isilon, so it would be lab.domain.com, and I don't want to forward the
  entire zone over to the Isilon.
 
  thanks!
 

 Yes, we put our Isilon in its own (sub)domain for exactly that reason. It
 made this easy. You could roll-your-own with lua in the recursor if a
 separate
 domain is not possible.

 Regards,
 Ken




-- 
Best Regards,
Drew Decker
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-12 Thread Drew Decker

Michael,

When you state If the A records that the NS points to are in the
subdomain, glue records must be created in the parent domain/zone. - can
you elaborate on how to do this?  Everything else that you mentioned is DNS
101 and has already been done.  Explain to me how and what I need to do
about the DNS glue records in PowerDNS and I'll give it a try.

Thanks!


On Thu, Dec 12, 2013 at 6:36 PM, Michael Loftis mlof...@wgops.com wrote:

 I must be missing something because this is DNS 101.  Just create NS
 records in the domain on the PDNS server that points at the isilon.
 If the A records that the NS points to are in the subdomain, glue
 records must be created in the parent domain/zone.  There's no magic,
 insert the two records into your PowerDNS authoratitive servers
 records table, make sure that the clients can contact the isilon's UDP
 and TCP port 53 (where the A record points to)

 If you're still having issues I suggest using dig +trace to see whats
 going on, and dig in general to see if the isilon is even responding -
 it really sounds like you've got a firewall issue that's keeping
 anything from being able to contact the delegated-to nameserver.

 On Thu, Dec 12, 2013 at 4:17 PM, Drew Decker drewrocksh...@gmail.com
 wrote:
  Does anyone else know of a way to do this, or could give me some
  recommendations on how we could do this in or current configuration?  We
  just  need to be able to create a delegation in PowerDNS to  use a
 different
  Nameserver on the actual isilon.  We are basically delegating to the
 Isilon
  for a specific subdomain.
 
  Thanks!
 
 
  On Wed, Dec 4, 2013 at 2:06 PM, k...@rice.edu k...@rice.edu wrote:
 
  On Wed, Dec 04, 2013 at 02:03:57PM -0600, Drew Decker wrote:
   Ken,
  
   Yea - I don't think this will work for us.  Our domain is shared with
   the
   Isilon, so it would be lab.domain.com, and I don't want to forward
 the
   entire zone over to the Isilon.
  
   thanks!
  
 
  Yes, we put our Isilon in its own (sub)domain for exactly that reason.
 It
  made this easy. You could roll-your-own with lua in the recursor if a
  separate
  domain is not possible.
 
  Regards,
  Ken
 
 
 
 
  --
  Best Regards,
  Drew Decker
 
  ___
  Pdns-users mailing list
  Pdns-users@mailman.powerdns.com
  http://mailman.powerdns.com/mailman/listinfo/pdns-users
 



 --

 Genius might be described as a supreme capacity for getting its possessors
 into trouble of all kinds.
 -- Samuel Butler




-- 
Best Regards,
Drew Decker
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-12 Thread Drew Decker

Michael,

I think  you only read a few posts on this thread, so I’ll give you some 
details of what had/has been done up to this point, as I read your entire email 
and from what you are saying, I’ve already done (which is why I’m reaching out 
to the community) - correct me if I’m wrong.

I have a single zone: lab.example.com

The isilon needs a delegated zone for it to use, so we simply chose 
isilon.lab.example.com

From a PowerDNS perspective, lab.example.com lives on a single server pdns01 
and the database server runs on its own dedicated hardware pdnsdb01.

A single zone was created - lab.example.com

We added the following DNS records to PowerDNS (in the lab.example.com zone):
labisilon.lab.example.com. 900 IN NS lab-isilon.lab.example.com.
lab-isilon.lab.example.com. 900 IN A x.x.x.x
Once we added this, it still does not work; when we ping 
labisilon.lab.example.com, it returns the IP from lab-isilon.lab.example.com, 
which would be as expected, but since the “x.x.x.x” IP is a SmartConnect IP on 
the Isilon, it actually takes that IP gives a random IP (depends on how the 
Isilon is configured) back to the client.  So, in our case, we basically 
round-robin it, so each new request to the isilon should give us a new IP, 
until we get to the end, and then we start over.  
I just need to know if I’m missing something here, and if not, maybe it is an 
issue with the Isilon, in this case.  I just want to make sure that I’m setting 
up DNS delegation correctly in PowerDNS, or if I’m missing something PowerDNS 
specific.
Thanks for your continued input.

-- 
Drew Decker


On December 12, 2013 at 9:32:33 PM, Michael Loftis (mlof...@wgops.com) wrote:

The most common and obvious example of glue is when you have a TLD  
such as GOV, COM, or EDU delegate your domain, your NS records usually  
exist within your domain so glue must exist higher up, exact same  
principal applies at every level where a delegation occurs. Say  
isil.lab.example.com is served by the isilon. This is the delegated  
subdomain. lab.example.com is served by other nameservers. The A  
record you're using could be ns1.isil.lab.example.com, and so must  
exist in both the isil.lab.example.com domain, AND the lab.example.com  
domain, in two seperate nameservers.  

You must have on BOTH the lab.example.com and the isil.lab.example.com  
domains and nameservers A records for out of zone nameservers in  
subdomains are called glue. Nothing magical. Everyone has some in  
COM, GOV, EDU, ORG, etc. If you take a look at google.com, you'll see  
ns1 through ns4.google.com -- those four A records exist in the COM  
zone as glue. Likewise, all four of those A records served by the COM  
nameservers are identical to the ones served by google.com  
nameservers. Same thing has to happen on subdomains if the A record  
points to something that exists inside the delegated domain.  

ns1.isil.lab.example.com IN A 127.1.1.2  
isil.lab.example.com IN NS ns1.isil.lab.example.com  

And that leads into yet another pitfall, if those records are  
mismatched, BIND and most other resolvers will decide someone is  
trying to poison their cache and refuse to serve results for that  
domain (or subdomain, there is not any distinction to BIND and  
PowerDNS)  




On Thu, Dec 12, 2013 at 4:48 PM, Drew Decker drewrocksh...@gmail.com wrote:  
 Michael,  
  
 When you state If the A records that the NS points to are in the subdomain,  
 glue records must be created in the parent domain/zone. - can you elaborate  
 on how to do this? Everything else that you mentioned is DNS 101 and has  
 already been done. Explain to me how and what I need to do about the DNS  
 glue records in PowerDNS and I'll give it a try.  
  
 Thanks!  
  
  
 On Thu, Dec 12, 2013 at 6:36 PM, Michael Loftis mlof...@wgops.com wrote:  
  
 I must be missing something because this is DNS 101. Just create NS  
 records in the domain on the PDNS server that points at the isilon.  
 If the A records that the NS points to are in the subdomain, glue  
 records must be created in the parent domain/zone. There's no magic,  
 insert the two records into your PowerDNS authoratitive servers  
 records table, make sure that the clients can contact the isilon's UDP  
 and TCP port 53 (where the A record points to)  
  
 If you're still having issues I suggest using dig +trace to see whats  
 going on, and dig in general to see if the isilon is even responding -  
 it really sounds like you've got a firewall issue that's keeping  
 anything from being able to contact the delegated-to nameserver.  
  
 On Thu, Dec 12, 2013 at 4:17 PM, Drew Decker drewrocksh...@gmail.com  
 wrote:  
  Does anyone else know of a way to do this, or could give me some  
  recommendations on how we could do this in or current configuration? We  
  just need to be able to create a delegation in PowerDNS to use a  
  different  
  Nameserver on the actual isilon. We are basically delegating to the  
  Isilon  
  for a specific

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-12 Thread Drew Decker

Michael,

You are correct - my typo - it is labisilon (not simply isilon).

When I do “dig @pdns01 NS labisilon.lab.example.com I get the following:

$ dig @psl-pdns01 ns pslisilon.lab.securustech.net

;  DiG 9.8.3-P1  @psl-pdns01 ns pslisilon.lab.securustech.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 53684
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;labisilon.lab.example.com. IN  NS

;; AUTHORITY SECTION:
labisilon.lab.example.com. 900 IN   NS  lab-isilon.lab.example.com.

;; ADDITIONAL SECTION:
lab-isilon.lab.example.com. 900 IN  A   x.x.x.x

;; Query time: 59 msec

I don’t believe the records are overlapping according to this output but please 
correct me if I’m wrong on this.  

-- 
Drew Decker
Sent with Airmail

On December 13, 2013 at 12:35:02 AM, Michael Loftis (mlof...@wgops.com) wrote:

Is the delegated zone isilon or labisilon? I think you need to check the A, and 
NS records as you've mixed them up even in the email there. I would delegate a 
completely different sub domain than I would name the A record just to avoid 
such confusion, it sounds like you've got an NS and A records for the same 
name, which is why you're getting the static A record from powerdns. 

In your typed example you are using labisilon as the sub domain and lab-isilon 
as the A record and NS delegation...  What does dig NS 
labisilon.lab.example.com @1.2.3.4 give you? (Replace 1.2.3.4 with the pdns 
auth server ip address) you should get back two records, one NS type pointing 
to lab-isilon and one A type giving the address to send UDP/TCP queries to.

Sounds like that's where the problem is still. Your delegation shouldn't have 
any overlapping A records labisilon should be just an NS which points to 
lab-isilon, otherwise you get the behavior you described. Which is a broken 
delegation.

On Dec 12, 2013 9:54 PM, Drew Decker drewrocksh...@gmail.com wrote:
Michael,

I think  you only read a few posts on this thread, so I’ll give you some 
details of what had/has been done up to this point, as I read your entire email 
and from what you are saying, I’ve already done (which is why I’m reaching out 
to the community) - correct me if I’m wrong.

I have a single zone: lab.example.com

The isilon needs a delegated zone for it to use, so we simply chose 
isilon.lab.example.com

From a PowerDNS perspective, lab.example.com lives on a single server pdns01 
and the database server runs on its own dedicated hardware pdnsdb01.

A single zone was created - lab.example.com

We added the following DNS records to PowerDNS (in the lab.example.com zone):
labisilon.lab.example.com. 900 IN NS lab-isilon.lab.example.com.
lab-isilon.lab.example.com. 900 IN A x.x.x.x
Once we added this, it still does not work; when we ping 
labisilon.lab.example.com, it returns the IP from lab-isilon.lab.example.com, 
which would be as expected, but since the “x.x.x.x” IP is a SmartConnect IP on 
the Isilon, it actually takes that IP gives a random IP (depends on how the 
Isilon is configured) back to the client. So, in our case, we basically 
round-robin it, so each new request to the isilon should give us a new IP, 
until we get to the end, and then we start over.   
I just need to know if I’m missing something here, and if not, maybe it is an 
issue with the Isilon, in this case. I just want to make sure that I’m setting 
up DNS delegation correctly in PowerDNS, or if I’m missing something PowerDNS 
specific.
Thanks for your continued input.

-- 
Drew Decker


On December 12, 2013 at 9:32:33 PM, Michael Loftis (mlof...@wgops.com) wrote:

The most common and obvious example of glue is when you have a TLD
such as GOV, COM, or EDU delegate your domain, your NS records usually
exist within your domain so glue must exist higher up, exact same
principal applies at every level where a delegation occurs. Say
isil.lab.example.com is served by the isilon. This is the delegated
subdomain. lab.example.com is served by other nameservers. The A
record you're using could be ns1.isil.lab.example.com, and so must
exist in both the isil.lab.example.com domain, AND the lab.example.com
domain, in two seperate nameservers.

You must have on BOTH the lab.example.com and the isil.lab.example.com
domains and nameservers A records for out of zone nameservers in
subdomains are called glue. Nothing magical. Everyone has some in
COM, GOV, EDU, ORG, etc. If you take a look at google.com, you'll see
ns1 through ns4.google.com -- those four A records exist in the COM
zone as glue. Likewise, all four of those A records served by the COM
nameservers are identical to the ones served by google.com
nameservers. Same thing has to happen on subdomains if the A record
points to something that exists inside the delegated domain.

ns1.isil.lab.example.com IN A 127.1.1.2
isil.lab.example.com IN NS ns1.isil.lab.example.com

And that leads into yet another

[Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-04 Thread Drew Decker

We are currently wanting to implement Isilon's SmartConnect features, which
requres a delegation (NS) record to the Isilon.  Unfortunately, their
documentation only covers BIND and Microsoft DNS products.  Is there a way
to do the same thing in PowerDNS?  If so, what is the correct way?

Per the documentation, it shows the following for BIND:

-
BIND server:
In BIND, a new name server (NS) record needs to be added to the existing
authoritative DNS zone specifying the server of authority for the new
sub-zone. For
that, an A record must be added, specified in the NS record that points to
the SIP
address of the cluster. For example, if the SmartConnect zone name is
cluster.example.com, the DNS entries would looks like:

 cluster.example.com IN NS sip.example.com
 sip.example.com IN A {IPaddress}
-

Unfortunately, it doesn't appear to work on our end - it says hostname not
found - but all other DNS records work for the parent domain on our end -
it is just this one that is not working.  Please let me know if you'd like
me to provide more information on the setup of our PowerDNS servers.


-- 
Best Regards,
Drew Decker
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-04 Thread John Miller


Hi Drew,

If all you need are an NS record and an A record, PowerDNS will work 
just fine.


If you've already created your records, please post your config, how to 
reproduce the problem, and any records you've already created.  That way 
we can query your nameservers and see what's what.


John



On 12/04/2013 02:18 PM, Drew Decker wrote:

We are currently wanting to implement Isilon's SmartConnect features,
which requres a delegation (NS) record to the Isilon.  Unfortunately,
their documentation only covers BIND and Microsoft DNS products.  Is
there a way to do the same thing in PowerDNS?  If so, what is the
correct way?

Per the documentation, it shows the following for BIND:

-
BIND server:
In BIND, a new name server (NS) record needs to be added to the existing
authoritative DNS zone specifying the server of authority for the new
sub-zone. For
that, an A record must be added, specified in the NS record that points
to the SIP
address of the cluster. For example, if the SmartConnect zone name is
cluster.example.com http://cluster.example.com, the DNS entries would
looks like:

  cluster.example.com http://cluster.example.com IN NS
sip.example.com http://sip.example.com
  sip.example.com http://sip.example.com IN A {IPaddress}
-

Unfortunately, it doesn't appear to work on our end - it says hostname
not found - but all other DNS records work for the parent domain on our
end - it is just this one that is not working.  Please let me know if
you'd like me to provide more information on the setup of our PowerDNS
servers.


--
Best Regards,
Drew Decker



___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users



___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-04 Thread Drew Decker

** This time I'm replying to all - sorry **

John,

Thanks for the response.  They are internal nameservers, so you won't be
able to query them. Let me send you some configuration data:

allow-recursion=0.0.0.0/0
launch=gmysql
gmysql-host=z.z.z.z
gmysql-user=pdns
gmysql-password=pdns
gmysql-dbname=pdns
local-address=x.x.x.x
log-dns-queries=yes
logging-facility=0
loglevel=9
recursor=y.y.y.y
module-dir=/usr/lib64
socket-dir=/var/run/pdns-server
setuid=powerdns
setgid=powerdns

As for the items created - our main zone is lab.domain.com

dig @pdns01 lab.domain.com axfr
 filtered out for just the two items 
labisilon.lab.domain.com. 900 IN NS lab-isilon.lab.domain.com.
lab-isilon.lab.domain.com. 900 IN A w.w.w.w

The above output is from the axfr from dig.  As for the MySQL records:

id domain_id name type content ttl prio change_date
75732 261 labisilon.lab.domain.com NS lab-isilon.lab.domain.com 900 NULL
1386183853
75733 261 lab-isilon.lab.domain.com A w.w.w.w 900 NULL 1386183853

And when I try to ping the record:

ping labisilon.lab.securustech.net
ping: unknown host labisilon.lab.domain.com

Let me know your thoughts.


On Wed, Dec 4, 2013 at 1:26 PM, John Miller johnm...@brandeis.edu wrote:

 Hi Drew,

 If all you need are an NS record and an A record, PowerDNS will work just
 fine.

 If you've already created your records, please post your config, how to
 reproduce the problem, and any records you've already created.  That way we
 can query your nameservers and see what's what.

 John




 On 12/04/2013 02:18 PM, Drew Decker wrote:

 We are currently wanting to implement Isilon's SmartConnect features,
 which requres a delegation (NS) record to the Isilon.  Unfortunately,
 their documentation only covers BIND and Microsoft DNS products.  Is
 there a way to do the same thing in PowerDNS?  If so, what is the
 correct way?

 Per the documentation, it shows the following for BIND:

 -
 BIND server:
 In BIND, a new name server (NS) record needs to be added to the existing
 authoritative DNS zone specifying the server of authority for the new
 sub-zone. For
 that, an A record must be added, specified in the NS record that points
 to the SIP
 address of the cluster. For example, if the SmartConnect zone name is
 cluster.example.com http://cluster.example.com, the DNS entries would
 looks like:

   cluster.example.com http://cluster.example.com IN NS
 sip.example.com http://sip.example.com
   sip.example.com http://sip.example.com IN A {IPaddress}

 -

 Unfortunately, it doesn't appear to work on our end - it says hostname
 not found - but all other DNS records work for the parent domain on our
 end - it is just this one that is not working.  Please let me know if
 you'd like me to provide more information on the setup of our PowerDNS
 servers.


 --
 Best Regards,
 Drew Decker



 ___
 Pdns-users mailing list
 Pdns-users@mailman.powerdns.com
 http://mailman.powerdns.com/mailman/listinfo/pdns-users




-- 
Best Regards,
Drew Decker
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-04 Thread k...@rice.edu

On Wed, Dec 04, 2013 at 01:18:40PM -0600, Drew Decker wrote:
 We are currently wanting to implement Isilon's SmartConnect features, which
 requres a delegation (NS) record to the Isilon.  Unfortunately, their
 documentation only covers BIND and Microsoft DNS products.  Is there a way
 to do the same thing in PowerDNS?  If so, what is the correct way?
 
 Per the documentation, it shows the following for BIND:
 
 -
 BIND server:
 In BIND, a new name server (NS) record needs to be added to the existing
 authoritative DNS zone specifying the server of authority for the new
 sub-zone. For
 that, an A record must be added, specified in the NS record that points to
 the SIP
 address of the cluster. For example, if the SmartConnect zone name is
 cluster.example.com, the DNS entries would looks like:
 
  cluster.example.com IN NS sip.example.com
  sip.example.com IN A {IPaddress}
 -
 
 Unfortunately, it doesn't appear to work on our end - it says hostname not
 found - but all other DNS records work for the parent domain on our end -
 it is just this one that is not working.  Please let me know if you'd like
 me to provide more information on the setup of our PowerDNS servers.
 
 
 -- 
 Best Regards,
 Drew Decker

Hi Drew,

We do this in the recursor, not in the authoritative server, with pdns-recursor
using the forward-zones option. For your example, it would be a line something
like this:

forward-zones=cluster.example.com={IP address}

Regards,
Ken

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-04 Thread Drew Decker

Ken,

Yea - I don't think this will work for us.  Our domain is shared with the
Isilon, so it would be lab.domain.com, and I don't want to forward the
entire zone over to the Isilon.

thanks!


On Wed, Dec 4, 2013 at 1:57 PM, k...@rice.edu k...@rice.edu wrote:

 On Wed, Dec 04, 2013 at 01:18:40PM -0600, Drew Decker wrote:
  We are currently wanting to implement Isilon's SmartConnect features,
 which
  requres a delegation (NS) record to the Isilon.  Unfortunately, their
  documentation only covers BIND and Microsoft DNS products.  Is there a
 way
  to do the same thing in PowerDNS?  If so, what is the correct way?
 
  Per the documentation, it shows the following for BIND:
 
  -
  BIND server:
  In BIND, a new name server (NS) record needs to be added to the existing
  authoritative DNS zone specifying the server of authority for the new
  sub-zone. For
  that, an A record must be added, specified in the NS record that points
 to
  the SIP
  address of the cluster. For example, if the SmartConnect zone name is
  cluster.example.com, the DNS entries would looks like:
 
   cluster.example.com IN NS sip.example.com
   sip.example.com IN A {IPaddress}
  -
 
  Unfortunately, it doesn't appear to work on our end - it says hostname
 not
  found - but all other DNS records work for the parent domain on our end
 -
  it is just this one that is not working.  Please let me know if you'd
 like
  me to provide more information on the setup of our PowerDNS servers.
 
 
  --
  Best Regards,
  Drew Decker

 Hi Drew,

 We do this in the recursor, not in the authoritative server, with
 pdns-recursor
 using the forward-zones option. For your example, it would be a line
 something
 like this:

 forward-zones=cluster.example.com={IP address}

 Regards,
 Ken




-- 
Best Regards,
Drew Decker
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

2013-12-04 Thread k...@rice.edu

On Wed, Dec 04, 2013 at 02:03:57PM -0600, Drew Decker wrote:
 Ken,
 
 Yea - I don't think this will work for us.  Our domain is shared with the
 Isilon, so it would be lab.domain.com, and I don't want to forward the
 entire zone over to the Isilon.
 
 thanks!
 

Yes, we put our Isilon in its own (sub)domain for exactly that reason. It
made this easy. You could roll-your-own with lua in the recursor if a separate
domain is not possible.

Regards,
Ken

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

[Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Re: [Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

21 matches

Site Navigation

Mail list logo

Footer information