powerdns / pdns Goto Github PK

When a slave (bind) nameserver tries to load a zone containing a '/' character from it's (PowerDNS) master, I get:

Bind says:
named[]: zone x/x.x.x.x.in-addr.arpa/IN: refresh: failure trying master x.x.x.x#53: timed out

PowerDNS says:
pdns[]: Received a malformed qdomain from x.x.x.x, 'x/x.x.x.x.in-addr.arpa': dropping

Not the '/' character in the zone name. This is used in classless in-addr.arpa delegation.

is it possible to have slave updates go to a differend backend server.

situation:
backend1, mysql master
backend2, mysql slave of backend1, running powerdns.

If the Slave zone is transfered, the local backend2 mysql gets updated.
Updates should be done only on the master mysql db to avoid duplicate keys etc.

Maybe a good feature request, or maybe already possible ?

I install PowerDNS. When I config the source code, i use following options:
LDFLAGS=-lz CXXFLAGS=-I/data/home/tdluong/src/boost_1_33_0 ./configure --with-modules="gmysql mysql geo pdns" --with-mysql=/usr/local/mysql-standard-4.1.14-sun-solaris2.8-sparc-64bit --with-mysql-lib=/usr/local/mysql-standard-4.1.14-sun-solaris2.8-sparc-64bit/lib --with-mysql-includes=/usr/local/mysql-standard-4.1.14-sun-solaris2.8-sparc-64bit/include --with-gnu-ld=yes
But, when I 'make', this error occurs:
/usr/ccs/bin/ld: skipping incompatible /usr/local/mysql-standard-4.1.14-sun-solaris2.8-sparc-64bit/lib/libmysqlclient.a when searching for -lmysqlclient
/usr/ccs/bin/ld: cannot find -lmysqlclient
collect2: ld returned 1 exit status

How can I fix this error? Thank you!

The error is:
if g++ -DHAVE_CONFIG_H -I. -I. -I.. -Ibackends/bind -DSYSCONFDIR="/usr/local/etc" -DLIBDIR="/usr/local/lib" -DLOCALSTATEDIR="/var/run" -Ibackends/bind -D_REENTRANT -I/data/home/tdluong/src/boost_1_33_0 -Wall -O2 -MT dnsparser.o -MD -MP -MF ".deps/dnsparser.Tpo" -c -o dnsparser.o dnsparser.cc;
then mv -f ".deps/dnsparser.Tpo" ".deps/dnsparser.Po"; else rm -f ".deps/dnsparser.Tpo"; exit 1; fi
dnsparser.cc:146: error: init_priority' attribute is not supported on this platform dnsparser.cc:147: error:init_priority' attribute is not supported on this platform
dnsparser.cc:148: error: `init_priority' attribute is not supported on this platform
make[3]: *** [dnsparser.o] Error 1

I don't know how to fix this. I googling many times but i have no effective solution.
Has PDNS's source code problem? Help me, plz! Thank you very much.

Add a configurable memory limit for pdns_recursor's cache; when this limit is reached, the oldest (least used?) cache entries are purged. This would be useful to prevent pdns_recursor from running away with all the memory on a system when it's being used by itself.

Dear,

PowerDNS returns a wrong SOA and wrong NS-records when a CNAME has been set for the domainname.

mysql> select id, domain_id, name, type, content from records where domain_id='329';
+------+-----------+--------------------+-------+-------------------------------------------------+
| id | domain_id | name | type | content |
+------+-----------+--------------------+-------+-------------------------------------------------+
| 2421 | 329 | mota.org | SOA | ns1.ns-1.be [email protected] 2005100201 |
| 2422 | 329 | mota.org | NS | ns1.ns-1.be |
| 2423 | 329 | mota.org | NS | ns2.ns-1.be |
| 2424 | 329 | mota.org | MX | mail.mota.org |
| 2425 | 329 | mota.org | CNAME | www.Studentenmuseum.be |
| 2426 | 329 | www.mota.org | CNAME | www.Studentenmuseum.be |
| 2427 | 329 | mail.mota.org | A | 83.217.84.218 |
| 2428 | 329 | localhost.mota.org | A | 127.0.0.1 |
+------+-----------+--------------------+-------+-------------------------------------------------+

In my opinion:
"dig NS mota.org" must result in the ns-servers listed above, however it is resulting in the ns servers of the CNAME-address: "www.Studentenmuseum.be".

Here is the result of a DIG command:

; <<>> DiG 9.3.0 <<>> ns mota.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44697
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mota.org. IN NS

;; ANSWER SECTION:
mota.org. 3600 IN CNAME www.Studentenmuseum.be.
www.Studentenmuseum.be. 3600 IN CNAME misspiggy.studiant.be.

;; AUTHORITY SECTION:
studiant.be. 3600 IN SOA ns1.ns-1.be. hostmaster.computools.be. 2005092400 10800 3600 604800 3600

Furthermore the SOA value is also incorrect. The above example is returning the soa record of "studiant.be". This causes that the domainname cannot be transfered (axfr) from the master to the slave: the slave cannot determe the soa-record for the domainname mota.org.

Can this issue be solved quickly, as some domains now give a HUGE failure if you look at a dns-report:
http://www.dnsreport.com/tools/dnsreport.ch?domain=mota.org

Hopefully this bug can be fixed quickly.

Kind Regards,

dhr. Kristof Van den Bergh

Now, i has a small problem: when I remove three lines: 146-148:
DNSRecordContent::typemap
DNSRecordContent::namemap
DNSRecordContent::zmakermap
Then, I reconfigure the source, following error occurs:
DNSRecordContent::typemap dnsparser.o
DNSRecordContent::namemap dnsreplay.o
DNSRecordContent::zmakermap dnsparser.o
ld: fatal: Symbol referencing errors. No output written to dnsreplay
collect2: ld returned 1 exit status

How can I remove init_priority attributes?Help me on this problem. Thanks!

I get the following error compiling 2.9.18. I have not had this issue with 2.9.16

In file included from lwres.cc:37:
sstuff.hh:16:32: boost/shared_ptr.hpp: No such file or directory
In file included from lwres.cc:37:
sstuff.hh:19: error: namespace boost' undeclared lwres.cc: In member functionint LWRes::asyncresolve(const std::string&, const
char_, int, bool)':
lwres.cc:125: warning: comparison between signed and unsigned integer
expressions
make[3]: *_* [lwres.o] Error 1

Could be great a integration with rrdtool, so the statistics can be easily analized.

The error is:
if g++ -DHAVE_CONFIG_H -I. -I. -I.. -Ibackends/bind -DSYSCONFDIR="/usr/local/etc" -DLIBDIR="/usr/local/lib" -DLOCALSTATEDIR="/var/run" -Ibackends/bind -D_REENTRANT -I/data/home/tdluong/src/boost_1_33_0 -Wall -O2 -MT dnsparser.o -MD -MP -MF ".deps/dnsparser.Tpo" -c -o dnsparser.o dnsparser.cc;
then mv -f ".deps/dnsparser.Tpo" ".deps/dnsparser.Po"; else rm -f ".deps/dnsparser.Tpo"; exit 1; fi
dnsparser.cc:146: error: init_priority' attribute is not supported on this platform dnsparser.cc:147: error:init_priority' attribute is not supported on this platform
dnsparser.cc:148: error: `init_priority' attribute is not supported on this platform
make[3]: *** [dnsparser.o] Error 1

I don't know how to fix this. I googling many times but i have no effective solution.
Has PDNS's source code problem? Help me, plz! Thank you very much.

The pdns process died when I accidentally ran "pdns_control notify ns.domain.tld" instead of "pdns_control notify ip". I don't have the debug info, but I thought I'd just give you a heads up.

Version: 2.9.18 (homebrewed RPM) / OS: CentOS 4.1 (Linux i386)

PowerDNS should do a release!

After writting most of a PHP control panel for PowerDNS for multiple users to use, I've noticed that if two domains are added with the same domain name (eg. www.domain.com), even if they have different domain id's, the records are overwritten.

Basically I had a domain1.com with domain id "1", and domain2.com with domain id "2". If I had "www.domain1.com" with domain id of "2" in the records table and pinged www.domain1.com, I would get the new IP. Clearly this shouldn't be.

Sorry if it's already been mentioned

Tests have shown that creating two PacketCache instances (one for dns packets, one for backend queries) can increase the number of handled requests by ca. 10%. Implementation is easy but statistics must have then to be queried from both instances.

I've recently encountered a bit of a chicken-and-egg situation. I'm using powerdns with the mysql backend. The problem I was having is that when mysql starts up, it checks dns on the connecting host. The dns server happens to be the host that is trying to connect, so it can connect to the dns server, but the dns server has no information, so mysql waits for the query to time out before allowing the connection.

There are, of course, three ways to fix this. 1) add the nameserver to /etc/hosts (this is the route I chose); 2) start mysql with --skip-name-resolve; or 3) delay listening for queries until all backends have connected, or a timeout (eg, 5 seconds) expires.

Running on SunOS 5.9 Generic_118558-04 sun4u sparc SUNW,Ultra-80

This causes our server to crash every couple of minutes.

bash-2.05$ sudo mdb /path/to/pdns_server core/core.pdns_server.9979.hostname.0.0.1126551082

Loading modules: [ libc.so.1 libthread.so.1 ld.so.1 ]

$?
no process
SIGBUS: Bus Error
%g0 = 0x00000000 %l0 = 0x00291800 pdns_server_ZTVSt15basic_stringbufIcSt11char_traitsIcESaIcEE+0x28 %g1 = 0x000ff000 net_real_write+0x1f0 %l1 = 0x00290fc0 pdns_server_ZZ4theLRKSsE1l+0x48
%g2 = 0x00000000 %l2 = 0xfe9fba78
%g3 = 0x00000000 %l3 = 0x00000000
%g4 = 0x00000000 %l4 = 0x00000000
%g5 = 0x00000000 %l5 = 0x00000000
%g6 = 0x00000000 %l6 = 0x00000000
%g7 = 0xff180a00 %l7 = 0x00000000
%o0 = 0x00000000 %i0 = 0x002b0086
%o1 = 0x0000001b %i1 = 0x00000010
%o2 = 0xfe9fba88 %i2 = 0x00291858 pdns_server`_ZNSs4_Rep20_S_empty_rep_storageE
%o3 = 0x002a9240 %i3 = 0xfe9fbb40
%o4 = 0x00000001 %i4 = 0x00000000
%o5 = 0x00000006 %i5 = 0x00000000
%o6 = 0xfe9fb9a0 %i6 = 0xfe9fbab0
%o7 = 0x000401e4 _ZN6LoggerlsERKSs+0x2d4 %i7 = 0x00097154 _ZN8DNSProxy12getID_lockedEv+0xe4

%psr = 0xfe401006 impl=0xf ver=0xe icc=nZvc
ec=0 ef=4096 pil=0 s=0 ps=0 et=0 cwp=0x6
%y = 0x00000000
%pc = 0x0006e178 _Z16sockAddrToStringP11sockaddr_inj+0x5c
%npc = 0x0006e17c _Z16sockAddrToStringP11sockaddr_inj+0x60
%sp = 0xfe9fb9a0
%fp = 0xfe9fbab0

%wim = 0x00000000
%tbr = 0x00000000

Running with monitor:

Sep 12 16:10:44 Received packet from recursor backend with id 2 which is a duplicate
Sep 12 16:10:44 Discarding untracked packet from recursor backend with id 5. Contrack table size=5
Sep 12 16:10:44 Discarding untracked packet from recursor backend with id 7. Contrack table size=5
Sep 12 16:10:44 Received packet from recursor backend with id 1 which is a duplicate
Sep 12 16:11:02 Received packet from recursor backend with id 0 which is a duplicate
Sep 12 16:11:06 Received packet from recursor backend with id 4 which is a duplicate
/path/to/startup/pdns: line 179: 4033 Bus Error (core dumped) $pdns_server --daemon=no --guardian=no --control-console --loglevel=9

The error is:
if g++ -DHAVE_CONFIG_H -I. -I. -I.. -Ibackends/bind -DSYSCONFDIR="/usr/local/etc" -DLIBDIR="/usr/local/lib" -DLOCALSTATEDIR="/var/run" -Ibackends/bind -D_REENTRANT -I/data/home/tdluong/src/boost_1_33_0 -Wall -O2 -MT dnsparser.o -MD -MP -MF ".deps/dnsparser.Tpo" -c -o dnsparser.o dnsparser.cc;
then mv -f ".deps/dnsparser.Tpo" ".deps/dnsparser.Po"; else rm -f ".deps/dnsparser.Tpo"; exit 1; fi
dnsparser.cc:146: error: init_priority' attribute is not supported on this platform dnsparser.cc:147: error:init_priority' attribute is not supported on this platform
dnsparser.cc:148: error: `init_priority' attribute is not supported on this platform
make[3]: *** [dnsparser.o] Error 1

I don't know how to fix this. I googling many times but i have no effective solution.
Has PDNS's source code problem? Help me, plz! Thank you very much.

I'm using svn to download Pdns Source. Follow the install instruction on PowerDNS'homepage, i use commands:
LDFLAGS=-lz CXXFLAGS=-I/data/home/tdluong/src/boost_1_33_0 ./configure --with-mysql=/usr/local/mysql --with-mysql-lib=/usr/local/mysql/lib --with-mysql-includes=/usr/local/mysql/include
---> That's Ok.

Then, I using make command. The system has error:
/bin/bash ../../../ylwrap bindlexer.l lex.yy.c bindlexer.c -- lex -s -i
lex: illegal option -- s
Usage: lex [-ewctvnVY] [-Q(y/n)] [file]

I think that there is some thing wrong with your source, the Lex command has no options: -s -i.
My OS: SunOS m41.vnn.vn 5.8 Generic_117350-05 sun4u sparc SUNW,Ultra-5_10

What's this problem? or Where's I wrong? Help me plz. Thank you!

Because the LDAP backend lacks the getDomainInfo backend, a manual notify via pdns_control does not work. However this is the only way atm to notify slave DNS servers of domains in LDAP changed.

See also: http://mailman.powerdns.com/pipermail/pdns-users/2005-August/002568.html

svn source checked out today 30/08/2005. Solaris 8, gcc 3.4.4 compiling with:
./configure --with-modules="ldap"

i get this error:

g++ -DHAVE_CONFIG_H -I. -I. -I../.. -I/usr/local/ssl/include -D_REENTRANT -Wall -O2 -MT powerldap.lo -MD -MP -MF .deps/powerldap.Tpo -c powerldap.cc -fPIC -DPIC -o .libs/powerldap.o
In file included from powerldap.cc:1:
powerldap.hh:72: error: u_int16_t' has not been declared powerldap.hh:72: error: ISO C++ forbids declaration ofport' with no type
powerldap.cc:5: error: u_int16_t' has not been declared powerldap.cc:6: error: ISO C++ forbids declaration ofport' with no type
make[3]: *** [powerldap.lo] Error 1
make[3]: Leaving directory `/opt/project.venus/buildtree/dns/pdns-svn/modules/ldapbackend'

I couldnt get 2.9.18 compiled either and failed at an earlier attempt this year of 2.9.17. i hate bind with a passion, please help me get this working ;)

i think i have found a bug in the latest win32 version... everything seems to work fine accept for when the server is queried for an "A" record it times out. it doesnt do anything. if someone can help me with this... please email me @ [email protected]

yet another test

• one
• two
• three

test

My Recursive query doesnt work, I have to restart the System to set it right ?

Below is the log
Sep 13 14:17:02 ns2 pdns[1711]: Recursive query for remote 196.45.148.18 with internal id 181 was not answered by backend within timeout, reusing id
Sep 13 14:17:02 ns2 pdns[1703]: Error receiving packet from recursor backend: Connection refused
Sep 13 14:17:02 ns2 pdns[1712]: Recursive query for remote 196.45.144.135 with internal id 1049 was not answered by backend within timeout, reusing id
Sep 13 14:17:02 ns2 pdns[1703]: Error receiving packet from recursor backend: Connection refused
Sep 13 14:17:02 ns2 pdns[1713]: Recursive query for remote 196.45.146.17 with internal id 1526 was not answered by backend within timeout, reusing id
Sep 13 14:17:02 ns2 pdns[1703]: Error receiving packet from recursor backend: Connection refused
Sep 13 14:17:02 ns2 pdns[1711]: Recursive query for remote 196.45.148.6 with internal id 1527 was not answered by backend within timeout, reusing id
Sep 13 14:17:02 ns2 pdns[1703]: Error receiving packet from recursor backend: Connection refused
Sep 13 14:17:02 ns2 pdns[1712]: Recursive query for remote 196.45.148.5 with internal id 1528 was not answered by backend within timeout, reusing id
Sep 13 14:17:02 ns2 pdns[1703]: Error receiving packet from recursor backend: Connection refused
Sep 13 14:17:02 ns2 pdns[1713]: Recursive query for remote 196.45.147.3 with internal id 1529 was not answered by backend within timeout, reusing id
Sep 13 14:17:02 ns2 pdns[1703]: Error receiving packet from recursor backend: Connection refused
Sep 13 14:17:02 ns2 pdns[1711]: Recursive query for remote 193.220.82.108 with internal id 1530 was not answered by backend within timeout, reusing id
Sep 13 14:17:02 ns2 pdns[1703]: Error receiving packet from recursor backend: Connection refused
Sep 13 14:17:02 ns2 pdns[1712]: Recursive query for remote 193.220.82.108 with internal id 1670 was not answered by backend within timeout, reusing id
Sep 13 14:17:02 ns2 pdns[1703]: Error receiving packet from recursor backend: Connection refused
Sep 13 14:17:03 ns2 pdns[1713]: Recursive query for remote 196.45.149.4 with internal id 182 was not answered by backend within timeout, reusing id

Dynamic DNS updates support according to RFC2136 would be really great. Maybe with transaction signatures support.

How to buil or config PowerDNS in a chroot jail?
Thanks,

I couldn't execute some command: host, dig, host...
My OS : SunOS vn 5.8 Generic_117350-05 sun4u sparc SUNW,Ultra-5_10
What's the problem? Is it a error?

Seeing how cool this will be for PowerDNS.

In the "inline bool LdapBackend::list_simple( const string& target, int domain_id )" function in "modules/ldapbackend/ldabpackend.cc" The target isn't escaped when passing it as filter.
This causes the ldap backend to disconnect from the LDAP server whenever a request for a name with a * or a \ is done. When receiving many of these requests this results in a DoS because ldap backends are shut down faster than powerdns can start new ones.

The SPF project has been granted its very own resource record type, number 99. See http://www.iana.org/assignments/dns-parameters

Its format is exactly like TXT records. Please add this RR to the list of supported RRs.

In case more information is desired on SPF: https://datatracker.ietf.org/public/idindex.cgi?command=id_detail&amp;filename+=draft-schlitt-spf-classic

if g++ -DHAVE_CONFIG_H -I. -I. -I.. -Ibackends/bind -DSYSCONFDIR="/usr/local/etc" -DLIBDIR="/usr/local/lib" -DLOCALSTATEDIR="/var/run" -Ibackends/bind -pthread -I/usr/local/include -Wall -O2 -MT syncres.o -MD -MP -MF ".deps/syncres.Tpo" -c -o syncres.o syncres.cc; then mv -f ".deps/syncres.Tpo" ".deps/syncres.Po"; else rm -f ".deps/syncres.Tpo"; exit 1; fi
if g++ -DHAVE_CONFIG_H -I. -I. -I.. -Ibackends/bind -DSYSCONFDIR="/usr/local/etc" -DLIBDIR="/usr/local/lib" -DLOCALSTATEDIR="/var/run" -Ibackends/bind -pthread -I/usr/local/include -Wall -O2 -MT lwres.o -MD -MP -MF ".deps/lwres.Tpo" -c -o lwres.o lwres.cc; then mv -f ".deps/lwres.Tpo" ".deps/lwres.Po"; else rm -f ".deps/lwres.Tpo"; exit 1; fi
if g++ -DHAVE_CONFIG_H -I. -I. -I.. -Ibackends/bind -DSYSCONFDIR="/usr/local/etc" -DLIBDIR="/usr/local/lib" -DLOCALSTATEDIR="/var/run" -Ibackends/bind -pthread -I/usr/local/include -Wall -O2 -MT pdns_recursor.o -MD -MP -MF ".deps/pdns_recursor.Tpo" -c -o pdns_recursor.o pdns_recursor.cc; then mv -f ".deps/pdns_recursor.Tpo" ".deps/pdns_recursor.Po"; else rm -f ".deps/pdns_recursor.Tpo"; exit 1; fi
pdns_recursor.cc: In function void doStats()': pdns_recursor.cc:505: error: 'class MemRecursorCache' has no member named 'bytes' pdns_recursor.cc: In functionint main(int, char*)':
pdns_recursor.cc:895: warning: comparison between signed and unsigned integer expressions
** Error code 1

Stop in /root/svn/pdns/pdns.
*** Error code 1

Stop in /root/svn/pdns/pdns.
*** Error code 1

Stop in /root/svn/pdns.
*** Error code 1

Stop in /root/svn/pdns.

Hi,

The recursor returns a incorrect exit status.

This bug is filed on the Bug tracker of debian:
http://bugs.debian.org/305527

Regards,

Matthijs Mohlmann

My secondairy server has been running .18 for a while now (on FreeBSD installed from ports)
I hardly change records so it took a while before I saw the problem.

All of my slave zones which where imported using the Supermaster feature suddenly fail to AXFR:

Aug 22 13:39:33 pdns[90566]: gmysql Connection succesful
Aug 22 13:39:33 pdns[90566]: No question section in packet from ::57, rcode=0
Aug 22 13:39:33 pdns[90566]: Unable to AXFR zone '.org': resolver: unable to parse packet of 87 bytes
Aug 22 13:39:33 /kernel: Aug 22 13:39:33 pdns[90566]: Unable to AXFR zone '.org': resolver: unable to parse packet of 87 bytes
Aug 22 13:39:33 pdns[90566]: gmysql Connection succesful
Aug 22 13:39:33 pdns[90566]: No question section in packet from ::72, rcode=0
Aug 22 13:39:33 pdns[90566]: Unable to AXFR zone '.nl': resolver: unable to parse packet of 114 bytes
Aug 22 13:39:33 /kernel: Aug 22 13:39:33 hera pdns[90566]: Unable to AXFR zone '.nl': resolver: unable to parse packet of 114 bytes

These zones have been working fine until now.

Any idea what's causing this?

I use Subversion to download PowerDNS source code. When i install, i receive the error: 'init_priority' attribute does not support on this platform (SunOS 5.8 SPARC). So, i want to remove this attribute from dnsparser.cc file (on line 148), but i don't know how to remove? Thank you for any help.

In some cases, i.e. if a zone is reloaded by Bind2Backend::queueReload(), the zones directory as parsed out of the named.conf - which should also be used as the current directory for $INCLUDEd files - is not set. Therefor, reloading of zones with $INCLUDE statements using

pdns_control reload

or

pdns_control bind2-reload-now

does not work.

pdns_control rediscover

works fine, as that goes through ::loadConfig().

It turns out that a

 ZP.setDirectory(BP.getDirectory());

statement is missing in queueReload().

Using PowerDNS 2.9.16 from Debian GNU/Linux 3.1 (Sarge)

When configured with "recursor" set to an external resolver, powerdns seems to be unable to return CNAMEs : it always does a recursive request for a "A" record or "ANY" question, and didn't find the domain on the Internet, and return the answer of the resolver (which came from TLD servers in my case).

But if skip-cname is set, an "ANY" request correctly return the CNAME record. (The "A" question still fail).

An explicit "CNAME" question always work.

Setting "allow-recursion-override" doesn't change anything.

If "recursor" is disabled, an "A" request return the "CNAME" record like BIND server, so does the "ANY".

Does any software which it use GUI to manage Power DNS? What's its name? Thank

I have

pipebackend-abi-version=2

set in my pdns.conf file for the pipe backend. But in my backend script I have to look for HELO\t1 as that is what is being sent to it. It should send HELO\t2 or whatever the version in the config file is. pipebackend.cc, line 52 has:

d_cp->send("HELO\t1");

I'm missing a (to me being an IPv6 guy very important) feature in pdns_recursor: IPv6 transport for DNS queries. This can actually be split up into two probably quite independent tasks:

• IPv6 transport from the client to the recursor
  This feature would allow clients to ask the recursor using IPv6 instead of IPv4 as transport media.
• IPv6 transport from the recursor to any server
  pdns_recursor should ask foreign nameservers using IPv6 transport as well. Due to possible performance issues (you need to ask AAAA and A for any specified nameserver, thus possibly doubling time) it should probably be made configurable to be switched off on IPv4-only servers.

Pdns binds to INADDR_ANY rather than the value of query-local-address for UDP queries. In rel-2-9-17 the query-local-address value is only applied to TCP queries such as AXFR. It is my theory that nobody has run into this issue before, because master servers put ACLs around which addresses can do an AXFR but an SOA query such as the one pdns does to see if the domain is up to date prior to the AXFR can come from any address. However, this problem became apparent in my environment because the majority of the configured interfaces on my server are routed internally on my network only. I have made a modification to makeSocket in resolver.cc which corrects this issue and I have tested it in my environment. I have also changed the value of sin.sin_port to 0 instead of using a pseudo-random routine to choose one. The following block of text can be applied with patch to correct this issue:[[BR]]
[[BR]]
David Levy[[BR]]
Manager, Systems Engineering[[BR]]
Register.com, Inc.

*** pdns-2.9.17/pdns/resolver.cc        2005-06-09 00:18:56.000000000 -0400
--- pdns-2.9.17/pdns/resolver.cc.final  2005-06-08 17:56:32.000000000 -0400
***************
*** 54,73 ****

    struct sockaddr_in sin;
    memset((char *)&sin,0, sizeof(sin));
-
-   sin.sin_family = AF_INET;
-   sin.sin_addr.s_addr = INADDR_ANY;

!   int tries=10;
!   while(--tries) {
!     sin.sin_port = htons(10000+(port_counter++)%10000); // should be random!
!
!     if (bind(d_sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
!       break;

    }
!   if(!tries)
!     throw AhuException("Resolver binding to local socket: "+stringerror());
  }

  Resolver::Resolver()
--- 54,84 ----

    struct sockaddr_in sin;
    memset((char *)&sin,0, sizeof(sin));

!   // Use query-local-address as source IP for queries, if specified.
!   string querylocaladdress(arg()["query-local-address"]);
!   if (querylocaladdress=="") {
!     sin.sin_addr.s_addr = INADDR_ANY;
!   }
!   else
!    {
!     struct sockaddr;
!     struct hostent *h=0;

+     h = gethostbyname(querylocaladdress.c_str());
+     if(!h) {
+       Utility::closesocket(d_sock);
+       d_sock=-1;
+       throw ResolverException("Unable to resolve query local address");
+     }
+       sin.sin_addr.s_addr = *(int*)h->h_addr;
    }
!
!   sin.sin_family = AF_INET;
!   sin.sin_port = 0;
!
!   if(bind(d_sock, (struct sockaddr *)&sin, sizeof(sin))<0)
!     throw AhuException("Binding to query-local-address for UDP queries: "+stringerror());
  }

  Resolver::Resolver()
***************
*** 258,264 ****
      if (bind(d_sock, (struct sockaddr *)&fromaddr, sizeof(fromaddr)) < 0) {
        Utility::closesocket(d_sock);
        d_sock=-1;
!       throw ResolverException("Binding to query-local-address: "+stringerror());
      }
    }

--- 269,275 ----
      if (bind(d_sock, (struct sockaddr *)&fromaddr, sizeof(fromaddr)) < 0) {
        Utility::closesocket(d_sock);
        d_sock=-1;
!       throw ResolverException("Binding to query-local-address for TCP queries: "+stringerror());
      }
    }

None

Version PDNDS 2.9.19 (C) 2001-2005 PowerDNS.COM BV (Oct 29 2005, 18:48:34, gcc 4.0.2)

when delegating a subdomain of a domain like:
test.example.com where PDNS is authoritative for example.com

the example.com. Zone holds following Entrys for the subdomain delegation (Bind Backend)
test.example.com. IN NS another.dnsserver.

PDNS doesnt delegate records within the subdomain SOA 'test.example.com' to the correct Nameserver. Putting an MX Record on 'another.dnsserver.' doesnt get resolved.
Only way to archive this is when putting the Record in the example.com. Domain File on the PDNS.

is this a bug ? will it be solved in the future ?

Kind regards
Michael Lang

converting djbdns file to powerdns mysql backend, writed in PHP. Where I have to send first version?

The recursor segfaults when a network is not 100% neatly configged.

I had a network where ping resulted in DUP answers (random intervals). recursor will segfault (random intervals). I solved the DUPs ans the recursor doesn't segault anymore.

OS: Centos 4.2
Platform: I386

The problem is repeatable.

This is with the Debian testing package of pdns. .17 IIRC It is nothing major, just cosmetic.

As reported by Mario Manno, launching one backend multiple times is broken.

The PDNS installation finished. I run /etc/init.d/pdns monitor, but that error occured.
What is that error? How do I fix? Thanks.

uname -a: SunOS www.example.com 5.8 Generic_117350-05 sun4u sparc SUNW,Ultra-5_10

Hi,

I discovered a "small" bug in pdns/dnspacket.cc which caused this behavior while trying to query any NAPTR record:

PowerDNS 2.9.18 (C) 2001-2005 PowerDNS.COM BV (Sep 28 2005, 19:02:15, gcc 4.0.2 (Debian 4.0.1-9)) starting up
PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Set effective group id to 106
Set effective user id to 105
Creating backend connection for TCP
gmysql Connection succesful
About to create 3 backend threads for UDP
gmysql Connection succesful
Got a signal 11, attempting to print trace:
/usr/local/sbin/pdns_server-instance [0x80d658c]
[0xffffe420]
/lib/tls/libc.so.6(memcpy+0x2f) [0xb7c565ef]Sep 28 21:07:23 voip01 pdns[24953]: /usr/lib/libstdc++.so.6(_ZNSs6appendERKSs+0x62) [0xb7df0cf2]
/usr/local/sbin/pdns_server-instance(_ZN9DNSPacket14addNAPTRRecordERKSsS1_j+0xb0a) [0x80810da]
/usr/local/sbin/pdns_server-instance(_ZN9DNSPacket14addNAPTRRecordERK17DNSResourceRecord+0x1e) [0x8081b5e]
/usr/local/sbin/pdns_server-instance(_ZN9DNSPacket6wrapupEv+0xc9d) [0x80843dd]
/usr/local/sbin/pdns_server-instance(_ZN13PacketHandler8questionEP9DNSPacket+0xf99) [0x80a36d9]
/usr/local/sbin/pdns_server-instance(_ZN11DistributorI9DNSPacketS0_13PacketHandlerE10makeThreadEPv+0x17d) [0x811106d]
/lib/tls/libpthread.so.0 [0xb7d24ccd]
/lib/tls/libc.so.6(__clone+0x5e) [0xb7cb8b0e]
Our pdns instance (24953) exited after signal 6
Respawning
.
.

I set the severity to critical, because it will silently destroy any pdns-setup after a system upgrade. I haven't tracked down which lib (probably stdc++ ?) or even the compiler is applying those stricter boundary checks.

This patch against the devel-tree should fix it (plus another similar bug):
By the way: someone who really knows about those dns packet formats should check if p[8] is the correct position for my fix (tests showed that it doesn't matter, but could be because my naptr records are smaller than 256 chars).

diff -Nur pdns-devel/pdns/dnspacket.cc pdns-devel-fixed/pdns/dnspacket.cc
--- pdns-devel/pdns/dnspacket.cc        2005-09-28 21:48:18.000000000 +0200
+++ pdns-devel-fixed/pdns/dnspacket.cc  2005-09-28 22:03:36.000000000 +0200
@@ -629,8 +629,8 @@
  string piece4;
  toqname(moreinfo,&piece4);

+ p[8]=(piece3.length()+piece4.length())/256;
  p[9]=(piece3.length()+piece4.length())%256;
- p[10]=(piece3.length()+piece4.length())/256;

  stringbuffer+=piece1;
  stringbuffer.append(p,10);
@@ -747,8 +747,8 @@
   string piece4;
   toqname(replacement,&piece4, false); // don't compress

+  p[8]=(piece3.length()+piece4.length())/256;
   p[9]=(piece3.length()+piece4.length())%256;
-  p[10]=(piece3.length()+piece4.length())/256;

   stringbuffer+=piece1;
   stringbuffer.append(p,10);

Hope to save someone a few hours finding out whats wrong,
Bernd Froemel

testing 1 2 3

This is a strange one. If you use cyberkit (http://www.networkingfiles.com/PingFinger/CyberKit.htm) and does a axfr several times (10 to be precise) to your dns-server, the powerdns stops answering. Normal requests (a, cname, mx etc.) works normally after the stop, but axfr doesn't work for ANY hosts at all after this. We have tried this to several hosts (not only our own, well known ns-servers that run powerdns also) and this sees to be consistant. Other dns-server products does not show this behavior.

Small patch against the current SVN version to get libldapbackend to compile without barfing, set to major as without it results in compile failure for this module.