Gargabe records on slave

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Gargabe records on slave

Bjoern Franke
Hi,

we are running Powerdns 3.4.5-1 on 2 Debian Jessie systems. The master
uses MySQL, the slave sqlite.

After axfering one zone, the slave gets some garbage records:

150|1|_domainkey.ffnw.de||||||0||1
151|1|_domainkey.lists.ffnw.de||||||0||1
152|1|lists.ffnw.de||||||0||1

So the slave eg. anwers for lists.ffnw.de nothing.

I have no idea where these records come from, they do not exist in the
records table on the master.

Now I'm confused how to fix this besides creating the whole zone new.

Regards
Bjoern Franke

--
xmpp [hidden email]




_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: Gargabe records on slave

bert hubert-3
On Sat, Aug 01, 2015 at 09:51:59PM +0200, Bjoern Franke wrote:
> Hi,
>
> we are running Powerdns 3.4.5-1 on 2 Debian Jessie systems. The master
> uses MySQL, the slave sqlite.
>
> After axfering one zone, the slave gets some garbage records:

These are empty non terminal records, needed to generate correct answers. So
you probably do have a something._domainkey.ffnw.de record and a ffnwe.de
record. This empty record is there to generate the proper DNS response for
_domainkey.ffnw.de.

> Now I'm confused how to fix this besides creating the whole zone new.

If you run 'pdnssec rectify-zone ffnw.de' they will appear on the master
too.

In practice, this all does not matter too much.

https://doc.powerdns.com/md/authoritative/dnssec/#rules-for-filling-out-fields-in-database-backends
has a bit on 'empty non terminals'.

I hope this helps!

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: Gargabe records on slave

Bjoern Franke
Hi,

> In practice, this all does not matter too much.
>

I disabled dnssec now, but lists.ffnw.de still produces problems on our
slave |1|lists.ffnw.de||||||0||1 exists.

host lists.ffnw.de srv02.ffnw.de
Using domain server:
Name: srv02.ffnw.de
Address: 2a00:1ca8:a7::1d2#53
Aliases:


host lists.ffnw.de srv01.ffnw.de
Using domain server:
Name: srv01.ffnw.de
Address: 2a03:4000:6:8025::1#53
Aliases:

lists.ffnw.de has address 37.120.176.207
lists.ffnw.de has IPv6 address 2a03:4000:6:8025::1
lists.ffnw.de mail is handled by 10 srv01.ffnw.de.
lists.ffnw.de mail is handled by 20 srv02.ffnw.de.

So if a user asks srv02.ffnw.de, he/she cannot connect to
lists.ffnw.de. The issue does not occur for ffnw.de which also has a
_domainkey.ffnw.de record.

Regards
Bjoern

--
xmpp [hidden email]




_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: Gargabe records on slave

Peter van Dijk
Hello Bjoern,

On 3 Aug 2015, at 12:39, Bjoern Franke wrote:

> I disabled dnssec now, but lists.ffnw.de still produces problems on
> our
> slave |1|lists.ffnw.de||||||0||1 exists.

This is not about DNSSEC - the empty non-terminals are a requirement of
DNS itself. PowerDNS did not honour this requirement in the past.

> lists.ffnw.de has address 37.120.176.207
> lists.ffnw.de has IPv6 address 2a03:4000:6:8025::1
> lists.ffnw.de mail is handled by 10 srv01.ffnw.de.
> lists.ffnw.de mail is handled by 20 srv02.ffnw.de.
>
> So if a user asks srv02.ffnw.de, he/she cannot connect to
> lists.ffnw.de. The issue does not occur for ffnw.de which also has a
> _domainkey.ffnw.de record.

If I understand this right, your problem is that ‘lists.ffnw.de’
stops matching your wildcard because of the empty non-terminal? If that
is the issue, just put ‘lists.ffnw.de’ with A/AAAA/MX like the
wildcard, into your zone.

Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users