[knot-dns-users] AXFR - RFC1912

Filipe Cifali cifali.filipe at gmail.com
Tue Jul 7 21:26:03 CEST 2015


Oh I made it work after debugging enough I could get the info needed.

Without debug is very hard to understand why AXFR fails, it only returns
"connection refused".

Thanks for the attention anyway :)

On Tue, Jul 7, 2015 at 3:10 PM, Ondřej Surý <ondrej.sury at nic.cz> wrote:

> Also what does the Knot DNS logs say at debug level?
>
> We definitely have a user with similar setup (I'm Bccing him, so he can
> respond at his will) - PowerDNS as a primary and Knot DNS as a secondary.
>
> If you are into a deeper debugging, could you capture the packets between
> Knot secondary and PowerDNS primary?
>
> Cheers,
> Ondrej
> --
>  Ondřej Surý -- Chief Science Officer
>  --------------------------------------------
>  CZ.NIC, z.s.p.o.    --     Laboratoře CZ.NIC
>  Milesovska 5, 130 00 Praha 3, Czech Republic
>  mailto:ondrej.sury at nic.cz    https://nic.cz/
>  --------------------------------------------
>
> ------------------------------
>
> *From: *"Filipe Cifali" <cifali.filipe at gmail.com>
> *Cc: *knot-dns-users at lists.nic.cz
> *Sent: *Tuesday, July 7, 2015 5:41:17 PM
> *Subject: *Re: [knot-dns-users] AXFR - RFC1912
>
> Yes, w/ aa flag and all the SOA record
>
>
> On Tue, Jul 7, 2015 at 12:12 PM, Jan Včelák <jan.vcelak at nic.cz> wrote:
>
>> Hello Filipe,
>>
>> does the PowerDNS server respond to SOA queries over TCP?
>>
>> $ dig +tcp @127.0.0.1 zone.name SOA
>>
>> Cheers,
>>
>> Jan
>>
>> On Tuesday, July 07, 2015 11:59:00 AM Filipe Cifali wrote:
>> > Thanks, I finished fixing all the zones now, finally.
>> >
>> > Anyone has ever used PowerDNS as master of a Knotd slave? I'm missing
>> > something since PowerDNS returns connection refused after the initial
>> > transfer, like it's not responding correctly to PowerDNS.
>> >
>> > Since I can dig AXFR @127.0.0.1 (which has PowerDNS running) I don't
>> see
>> > how he can be wrong.
>> >
>> > I'm not sure where to go looking for the problem here.
>> >
>> > Best Regards,
>> >
>> > [ ]'s
>> >
>> > On Thu, Jul 2, 2015 at 8:49 AM, Jan Včelák <jan.vcelak at nic.cz> wrote:
>> > > Hello Filipe,
>> > >
>> > > On Thursday, July 02, 2015 07:57:46 AM Filipe Cifali wrote:
>> > > > it's only failing for the zones w/ problems w/ CNAMEs, ignoring the
>> > > > semantic-check off on the config.
>> > >
>> > > I have just taken a look to make sure: This particular check is
>> mandatory
>> > > and
>> > > cannot be disabled. And I'm quite sure I want to keep it that way. The
>> > > CNAME
>> > > in apex is not allowed. And we would have to define some behavior how
>> to
>> > > answer when this happens, which makes a little sense.
>> > >
>> > > You should rather urge your clients to fix their zones because this
>> > > problem
>> > > can lead to random resolution failures.
>> > >
>> > > Cheers,
>> > >
>> > > Jan
>> > > _______________________________________________
>> > > knot-dns-users mailing list
>> > > knot-dns-users at lists.nic.cz
>> > > https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
>>
>> _______________________________________________
>> knot-dns-users mailing list
>> knot-dns-users at lists.nic.cz
>> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
>>
>
>
>
> --
> [ ]'s
>
> Filipe Cifali Stangler
>
> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users at lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
>
>


-- 
[ ]'s

Filipe Cifali Stangler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nic.cz/pipermail/knot-dns-users/attachments/20150707/fa031115/attachment-0001.html>


More information about the knot-dns-users mailing list