I have installed PowerDNS on 2 VPS servers:
ns1 - 10.0.0.1
ns2 - 10.0.0.2
The Problem is the records/zones are not getting synced from Master to Slave. Here are the configurations:
Master Server:
allow-axfr-ips=10.0.0.2/32
daemon=yes
disable-axfr=no
include-dir=/etc/powerdns/pdns.d
master=yes
setgid=pdns
setuid=pdns
Slave Server:
daemon=yes
disable-axfr=yes
include-dir=/etc/powerdns/pdns.d
setgid=pdns
setuid=pdns
slave=yes
slave-cycle-interval=60
Database on Slave Server
MariaDB [powerdns]> select * from supermasters;
+-------------+------------------+---------+
| ip | nameserver | account |
+-------------+------------------+---------+
| 10.0.0.1 | ns2.example.com | admin |
+-------------+------------------+---------+
1 row in set (0.000 sec)
Both servers are running on MySQL database backend. Master is serving all records as expected but Slave server is giving this:
root#vps10:~# dig example.com #localhost
; <<>> DiG 9.16.1-Ubuntu <<>> example.com #localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 22750
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;example.com. IN A
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 04 22:11:39 UTC 2022
;; MSG SIZE rcvd: 45
I have also checked the Slave server and it does not have any zones from Master. Also tried this on the master server:
root#vps06:~# pdns_control notify example.com
Added to queue
Surfed the internet for any solutions but nothing was available. Can anyone guide me or point out what is wrong with my configuration?
You'll need to enable superslave and make sure your primary sends the correct notifications (NS records, ALSO-NOTIFY metadata (https://doc.powerdns.com/authoritative/domainmetadata.html?#also-notify) etc)
Related
I setup test cluster which contains 3 servers. Consul, dnsmask and NetworkManager are installed on all machines under CentOS 7.
I'd like to test simple round robin procedure:
Expected: ping consul.service.consul must send icmp requests to one of three servers.
Actual: ping always send requests to one IP address (10.82.5.6)
However ip order is changed in answer section of dig command:
[vagrant#localhost ~]$ dig consul.service.consul
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.1 <<>> consul.service.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23466
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;consul.service.consul. IN A
;; ANSWER SECTION:
consul.service.consul. 0 IN A 10.82.5.5
consul.service.consul. 0 IN A 10.82.5.4
consul.service.consul. 0 IN A 10.82.5.6
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Dec 13 13:40:20 UTC 2017
;; MSG SIZE rcvd: 98
If I reboot 10.82.5.6 node, dig returns 2 nodes and ping begins properly work - with round robin. But when I have my node 10.82.5.6 rebooted, only this node again responds to ping commands
according to https://www.consul.io/docs/agent/dns.html the DNS interface randomizes the returned nodes so it'll never be round robin.
there's also DNS caching https://www.consul.io/docs/guides/dns-cache.html the default TTL is 0, but you may have something different and/or results are cached somewhere else..
dig redhat.com
;; QUESTION SECTION:
;redhat.com. IN A
;; ANSWER SECTION:
redhat.com. 3600 IN A 209.132.183.105
We get the ip address 209.132.183.105----the A record of domain redhat.com.
Now i want to get the domain name from the ip--209.132.183.105.
Maybe you introduce two ways to get it.
nslookup 209.132.183.105
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
105.183.132.209.in-addr.arpa name = redirect.redhat.com.
Authoritative answers can be found from:
dig -x 209.132.183.105
; <<>> DiG 9.9.5-9+deb8u7-Debian <<>> -x 209.132.183.105
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62599
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;105.183.132.209.in-addr.arpa. IN PTR
;; ANSWER SECTION:
105.183.132.209.in-addr.arpa. 519 IN PTR redirect.redhat.com.
;; Query time: 1 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Nov 19 15:11:33 CST 2016
;; MSG SIZE rcvd: 90
It is unlucky taht the result is not redhat.com and redirect.redhat.com is a PTR record with 209.132.183.105.
Could i draw a conclusion that no way to get a domain name from the IP address in condition of that the ip is A record of domain name?
You are correct in that there is no way to get the info reliably.
Anyone who owns a domain name can point any A, AAAA or CNAME to whatever IP address they like irrespective if they control that IP address.
It gets even more complex in that if you have the reverse delegation set up for your IP address(es) you can set whatever PTR record you like - even stuff that's invalid or none existent.
If you owned the domain rubber-chickens.com there is nothing stopping you creating the following;
google.rubber-chickens.com A 216.58.210.36 - Which points to google or
200.200.120.11 PTR msn.microsoft.com. - Which when you did a traceroute or dig would appear to show the hostname msn.microsoft.com
IP's and domains are just made up in this example.
As part of a project I've written a very simplistic DNS server whose only purpose is to resolve queries for the zone it serves, and to store the IP addresses of the server that made the query.
I've noticed that if I use dig, my DNS server gets queried multiple times - sometimes from the same IP address. Why does this happen? Is it due to the unreliable nature of UDP?
For example, here's a dig reply I made:
C:\Data>dig xyz.dns.example.com
; <<>> DiG 9.10.4-P2 <<>> xyz.dns.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2539
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xyz.dns.example.com. IN A
;; ANSWER SECTION:
xyz.dns.example.com. 12321 IN A 50.16.166.175
;; Query time: 224 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Aug 11 15:07:42 Eastern Daylight Time 2016
;; MSG SIZE rcvd: 77
In this example, the zone file for example.com has an NS record for dns.example.com which is where my simplistic DNS server runs. Fror this one query, my server was called 4 times from 2 different IP addresses.
I also noticed that I'm supposedly returning an "Additional" record, but the data I return in bytes 10 and 11 are clearly 0. Could this be causing a problem?
Try dig's +trace option:
dig example.com +trace
I'm trying to create a home automation system that watches my dog during the day while I'm at work. My goals for this project are to learn a bit about DNS, file serving, and the RaspberryPi.
My hardware setup is as so:
1 RaspberryPi (camera enabled, and planning to use this as the web server behind my home router).
1 digital ocean mini instance (ubuntu12.04 with DNS provided via BIND).
1 macbook (testing DNS with this for now, but will later be using iPhones most commonly).
I'd like to use bubby.com as the domain name. This works when I query from my digital ocean server. However, if I try from my laptop, I get back a different ip.
Tests from digital ocean instance:
dns settings (contents of /etc/resolv.conf)
nameserver x.x.x.x
nameserver 8.8.8.8
nameserver 8.8.4.4
nslookup of bubby.com
nslookup bubby.com
Server: x.x.x.x
Address: x.x.x.x#53
Name: bubby.com
Address: y.y.y.y
(1 and 2 are correct as far as I can tell)
Tests from macbook
DNS settings from wifi (retrieved from Network Preferences):
nameservers x.x.x.x, 8.8.8.8
nslookup of bubby.com
nslookup bubby.com
Server: x.x.x.x
Address: x.x.x.x#53
Non-authoritative answer:
Name: bubby.com
Address: 216.21.239.197
Could someone help me explain why I get different results from the same dns server that are showing different addresses, even though the server/address is correct for the dns server?
Update 1: Reran test of nslookup
date && nslookup bubby.com
Sat Aug 20 05:57:01 PDT 2016
Server: x.x.x.x
Address: x.x.x.x#53
Non-authoritative answer:
Name: bubby.com
Address: 216.21.239.197
Dig bubby.com from laptop
date && dig bubby.com #192.241.227.149
Sat Aug 20 06:06:27 PDT 2016
; <<>> DiG 9.8.3-P1 <<>> bubby.com #x.x.x.x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18813
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bubby.com. IN A
;; ANSWER SECTION:
bubby.com. 3600 IN A 216.21.239.197
;; Query time: 132 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Sat Aug 20 06:06:27 2016
;; MSG SIZE rcvd: 43
Dig hubby.com from digital ocean server with dns
date && dig bubby.com #x.x.x.x
Sat Aug 20 13:12:36 UTC 2016
; <<>> DiG 9.8.1-P1 <<>> bubby.com #x.x.x.x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38404
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;bubby.com. IN A
;; ANSWER SECTION:
bubby.com. 604800 IN A y.y.y.y
;; AUTHORITY SECTION:
bubby.com. 604800 IN NS ns.bubby.com.
;; ADDITIONAL SECTION:
ns.bubby.com. 604800 IN A y.y.y.y
;; Query time: 2 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Sat Aug 20 13:12:36 2016
;; MSG SIZE rcvd: 76
Update 2: DNS lookup from laptop while specifying another DNS server
date && nslookup ip.smartydns.com 87.117.205.40
Sat Aug 20 09:12:09 PDT 2016
Server: 87.117.205.40
Address: 87.117.205.40#53
Non-authoritative answer:
Name: ip.smartydns.com
Address: 82.196.5.38
Look at the dig output from your laptop, notice the AUTHORITY: 0. The reason for this is because this answer is not coming form your Digital Ocean instance (I have tested form several different locations, and I always get the same results as you get when you test from the instance itself), but from some other DNS server that is not authoritative for bubby.com.
The final smartyDNS test confirmed it: someone/something between you and and the rest of the internet (most probably your ISP or compromised home router) is acting as 'Transparent DNS proxy', intercepting your DNS queries and redirecting them to their own DNS server.
If you want to be sure, since probably only UDP/TCP port 53 is intercepted, you can try changing BIND to listen at some other port, then test from both digital Ocean instance and your laptop with dig querying that new port:
dig bubby.com #192.241.227.149 -p 5555
You should this time get the same results.
I have some DNS issues and I am trying to figure out if this is a correct I should get when I run this on VPS
getent hosts test.com
69.xx.xx.xxx server.test.com server www.test.com www test.com test testuser
for other sites the answer looks like this
getent hosts justhost.com
74.220.195.132 justhost.com
Are the first result ok? where are the values taken from?
Update:
If it helps
nslookup test.com 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
server can't find test.com: NXDOMAIN
dig #localhost test.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56197
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;test.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 24 14:32:24 2015
;; MSG SIZE rcvd: 41
Pinging the ns1 gives me the correct server ip
Pinging the domain name gives me the old server ip
Is this usual?
From an analysis on intoDNS (http://www.intodns.com/blackcatadvertising.com) it seems that the nameserver are not setted properly. Check both on your DNS provider (if it's not you) and on cPanel how they are setted. If you are sure that they are right as they are right now I would ask when did you created the domain? Sometime is required after the creation in order to let the DNS spread
fixed via How to fix a dig command with status: REFUSED?, basically I had to edit names.conf to have allow-query to any, and restart names