[knot-dns-users] AXFR - RFC1912

Ondřej Surý ondrej.sury at nic.cz
Tue Jul 7 20:10:24 CEST 2015


Also what does the Knot DNS logs say at debug level? 

We definitely have a user with similar setup (I'm Bccing him, so he can respond at his will) - PowerDNS as a primary and Knot DNS as a secondary. 

If you are into a deeper debugging, could you capture the packets between Knot secondary and PowerDNS primary? 

Cheers, 
Ondrej 
-- 
Ondřej Surý -- Chief Science Officer 
-------------------------------------------- 
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC 
Milesovska 5, 130 00 Praha 3, Czech Republic 
mailto:ondrej.sury at nic.cz https://nic.cz/ 
-------------------------------------------- 

> From: "Filipe Cifali" <cifali.filipe at gmail.com>
> Cc: knot-dns-users at lists.nic.cz
> Sent: Tuesday, July 7, 2015 5:41:17 PM
> Subject: Re: [knot-dns-users] AXFR - RFC1912

> Yes, w/ aa flag and all the SOA record

> On Tue, Jul 7, 2015 at 12:12 PM, Jan Včelák < jan.vcelak at nic.cz > wrote:

>> Hello Filipe,

>> does the PowerDNS server respond to SOA queries over TCP?

>> $ dig +tcp @ 127.0.0.1 zone.name SOA

>> Cheers,

>> Jan

>> On Tuesday, July 07, 2015 11:59:00 AM Filipe Cifali wrote:
>> > Thanks, I finished fixing all the zones now, finally.

>> > Anyone has ever used PowerDNS as master of a Knotd slave? I'm missing
>> > something since PowerDNS returns connection refused after the initial
>> > transfer, like it's not responding correctly to PowerDNS.

>> > Since I can dig AXFR @ 127.0.0.1 (which has PowerDNS running) I don't see
>> > how he can be wrong.

>> > I'm not sure where to go looking for the problem here.

>> > Best Regards,

>> > [ ]'s

>> > On Thu, Jul 2, 2015 at 8:49 AM, Jan Včelák < jan.vcelak at nic.cz > wrote:
>> > > Hello Filipe,

>> > > On Thursday, July 02, 2015 07:57:46 AM Filipe Cifali wrote:
>> > > > it's only failing for the zones w/ problems w/ CNAMEs, ignoring the
>> > > > semantic-check off on the config.

>> > > I have just taken a look to make sure: This particular check is mandatory
>> > > and
>> > > cannot be disabled. And I'm quite sure I want to keep it that way. The
>> > > CNAME
>> > > in apex is not allowed. And we would have to define some behavior how to
>> > > answer when this happens, which makes a little sense.

>> > > You should rather urge your clients to fix their zones because this
>> > > problem
>> > > can lead to random resolution failures.

>> > > Cheers,

>> > > Jan
>> > > _______________________________________________
>> > > knot-dns-users mailing list
>> > > knot-dns-users at lists.nic.cz
>> > > https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users

>> _______________________________________________
>> knot-dns-users mailing list
>> knot-dns-users at lists.nic.cz
>> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users

> --
> [ ]'s

> Filipe Cifali Stangler

> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users at lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nic.cz/pipermail/knot-dns-users/attachments/20150707/3c8c6b8d/attachment.html>


More information about the knot-dns-users mailing list