Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Problem with powerdns(master) -> bind(slave)

434 views
Skip to first unread message

Anton - Valqk

unread,
Jan 21, 2008, 11:00:30 AM1/21/08
to
Hello there to everyone!

I'm having a hard time using bind as slave along with my master powerdns
2.9.20 compiled from freebsd ports.
I use postgresql backend and want to have a slave that do not needs the
postgres database to be up and running,
that's why I've setuped the common bind 9.3.3 that comes with freebsd as
a slave one.

Everything worked fine until a client of mine didn't requested a CNAME
record... ok I said and did it.
Few days later I saw that my bind has stopped updating the domain that
I've inserted the cname for.

here is a record for the cname in db:
id | domain_id | name | type | content | ttl | prio | change_date |
clients_id
2767 | 45 | www.f-utils.org | CNAME | sitekreator.bg. | 600 | 0 |
1194444091 | 227


the powerdns itself works just fine, but here is what I'm getting at the
bind ns:
Dec 29 11:29:54 ns1 named[84184]: transfer of 'f-utils.org/IN' from
XXX.XXX.XXX.XXX#53: failed while receiving responses: CNAME and other data


and the domain is not updated ad the bind end.
is this a known bug?
what whould you recomend?
Another thing is that I wasn't able to setup a slave that automatically
adds a domain name to the list with domains when the master reqest to
sync it. is this possible so I don't add the domains by hand/script like
now?


I'm posting to the both lists (powerdns and bind), hope someone's able
to help!

Cheers,
valqk.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


Anton - Valqk

unread,
Jan 21, 2008, 11:15:55 AM1/21/08
to
Hello there to everyone!

Cheers,
valqk.

_______________________________________________
Pdns-users mailing list
Pdns-...@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users


John Hascall

unread,
Jan 21, 2008, 11:34:39 AM1/21/08
to

> the powerdns itself works just fine, but here is what I'm getting at the
> bind ns:
> Dec 29 11:29:54 ns1 named[84184]: transfer of 'f-utils.org/IN' from
> XXX.XXX.XXX.XXX#53: failed while receiving responses: CNAME and other data

It is not legal to have a name have any other record type
if it has a CNAME record.

For example, not legal:

www.example.com. CNAME fubar.example.com.
www.example.com. A 172.17.2.172

Perhaps whatever this 'powerdns' thing is, it is letting
this error slide by.

John


Matt Pounsett

unread,
Jan 21, 2008, 11:38:30 AM1/21/08
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 2008-Jan-21, at 11:15, Anton - Valqk wrote:

> the powerdns itself works just fine, but here is what I'm getting
> at the
> bind ns:
> Dec 29 11:29:54 ns1 named[84184]: transfer of 'f-utils.org/IN' from
> XXX.XXX.XXX.XXX#53: failed while receiving responses: CNAME and
> other data

This indicates to me that PowerDNS let you do something you're not
supposed to do. This error from bind generally indicates you've got
zone data in this form:

foo.org. IN NS ns1.foo.org.
foo.org. IN NS ns2.foo.org.
foo.org. IN CNAME www.foo.org.
www.foo.org. IN A 192.0.2.10

You can't mix a CNAME with other data. If you want this effect, you
should probably change the CNAME to be another A record for the same
address that the CNAME's RDATA points to. So, something like this:

foo.org. IN NS ns1.foo.org.
foo.org IN NS ns2.foo.org.
foo.org. IN A 192.0.2.10
www.foo.org. IN A 192.0.2.10

HTH,
Matt


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFHlMqJmFeRJ0tjIxERAnTiAJ0W4HBz1BhEumPmBXkeenbPFFrb6QCcC461
5vJ3IUNTZI+KCeCMi/CsudM=
=yzL+
-----END PGP SIGNATURE-----


Peter Dambier

unread,
Jan 21, 2008, 2:20:48 PM1/21/08
to
Just for curiousity - or maybe related?

I did create a zone file all capital letters. On bind? Probably not.

I could "dig axfr" but bind 9.4.2 complained:

zone ALLCAPS/IN: refresh: unexpected rcode (REFUSED) from master ...

After deleting and recreating with only lowercase letters it worked
without problems.

It did not make a difference whether I digged or slaved with caps
or lowercase but the CAPS in the zone did make a difference.

Kind regards
Peter


Anton - Valqk wrote:
> Hello there to everyone!
>
> I'm having a hard time using bind as slave along with my master powerdns
> 2.9.20 compiled from freebsd ports.
> I use postgresql backend and want to have a slave that do not needs the
> postgres database to be up and running,
> that's why I've setuped the common bind 9.3.3 that comes with freebsd as
> a slave one.
>
> Everything worked fine until a client of mine didn't requested a CNAME
> record... ok I said and did it.
> Few days later I saw that my bind has stopped updating the domain that
> I've inserted the cname for.
>
> here is a record for the cname in db:
> id | domain_id | name | type | content | ttl | prio | change_date |
> clients_id
> 2767 | 45 | www.f-utils.org | CNAME | sitekreator.bg. | 600 | 0 |
> 1194444091 | 227
>
>

> the powerdns itself works just fine, but here is what I'm getting at the
> bind ns:
> Dec 29 11:29:54 ns1 named[84184]: transfer of 'f-utils.org/IN' from
> XXX.XXX.XXX.XXX#53: failed while receiving responses: CNAME and other data
>
>

> and the domain is not updated ad the bind end.
> is this a known bug?
> what whould you recomend?
> Another thing is that I wasn't able to setup a slave that automatically
> adds a domain name to the list with domains when the master reqest to
> sync it. is this possible so I don't add the domains by hand/script like
> now?
>
>
> I'm posting to the both lists (powerdns and bind), hope someone's able
> to help!
>
> Cheers,
> valqk.
>


--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: pe...@peter-dambier.de
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/


Stephane Bortzmeyer

unread,
Jan 22, 2008, 3:30:39 AM1/22/08
to
On Mon, Jan 21, 2008 at 11:38:30AM -0500,
Matt Pounsett <ma...@conundrum.com> wrote
a message of 43 lines which said:

> You can't mix a CNAME with other data.

Other persons said so but it should be noted that it is no longer
completely true. RFC 4034 (published in march 2005) says:

Because every authoritative RRset in a zone must be protected by a
digital signature, RRSIG RRs must be present for names containing a
CNAME RR. This is a change to the traditional DNS specification
[RFC1034], which stated that if a CNAME is present for a name, it is
the only type allowed at that name.

Mixing CNAME and A is still forbidden but you cannot say "Never use
CNAME with other types" any more.

Stephane Bortzmeyer

unread,
Jan 22, 2008, 3:26:53 AM1/22/08
to

Paul Vixie

unread,
Jan 22, 2008, 9:05:42 AM1/22/08
to
Stephane Bortzmeyer <bortz...@nic.fr> writes:

> > You can't mix a CNAME with other data.
>
> Other persons said so but it should be noted that it is no longer
> completely true. RFC 4034 (published in march 2005) says:
>
> Because every authoritative RRset in a zone must be protected by a
> digital signature, RRSIG RRs must be present for names containing a
> CNAME RR. This is a change to the traditional DNS specification
> [RFC1034], which stated that if a CNAME is present for a name, it is
> the only type allowed at that name.
>
> Mixing CNAME and A is still forbidden but you cannot say "Never use
> CNAME with other types" any more.

in this sense the rrsig rr sharing a node with a cname rr, and the ds rr
sharing a node with a zone-bottom ns rr, should be thought of as metadata
attached to those rrsets, rather than as data in their own right.
--
Paul Vixie


0 new messages