So I’m using a server with a DNS only license. The main server shows as an authoritative nameserver, but the DNS only server does not.
I set everything up to use AXFR-based clustering, found in the documentation.
So how do I remedy this?
Thanks
I’d need to see what configuration you have and what the topology looks like. There are too many variables at play here.
I’ll take a shot in the dark with the information given so far. It sounds like you’re using default configuration which specifies 127.0.0.1 as the nameserver. Once you add a DNS-only server, designate which server is authoritative and which will be slave.
If you’ve done this already, then update the NS records on your hosting server with the new NS records. NS records must be hostnames to be valid.
Yes. I have them set standard as ns1 and ns2. The first is the master and the second is slave. The first shows authoritative, the second doesn’t.
Isn’t it required that both answer authoritatively?
Yes unless the domain hasn’t be provisioned on the slave.
On the slave,
pdnsutil list-all-zones
On master
# Must report same as on slave
pdnsutil list-all-zones
# Must report same as above
pdnsutil list-all-zones slave
PowerDNS will provision the domain on each NS in a zone when added in supermaster/autoprimary mode.
That is the default mode of operation when setting up PowerDNS following docs.apiscp.com.
Beyond this, it may be worthwhile to add a new dummy domain,
AddDomain -c siteinfo,domain=testdomain.test -c siteinfo,admin_user=testadmin123 -c dns,provider=powerdns
Check the logs on both master and slave to see what communication errors there are if any.
journalctl -n 100 -u pdns
Okay. Thank you
I’ll post back after I do this
Okay
So my slave server didn’t return any zones. However they are listed in the control panel under DNS.
Everytime I add one on the main server, I check the second to see if it shows up
So how can that be?
Check the slave configuration and master configuration as well as journalctl when restarting pdns service on both master and slave. You’ve got a configuration mistake somewhere.
Okay thanks
I’ll post back later
I still haven’t figured this out. I’ve even started over since I only had a few personal domains on the server. Domains, including the test domain show up in the DNS manager of the control panel for the slave server, but don’t in ssh when running pdnsutil list-all-zones, and it’s not authoritative.
I followed all the steps in the documentation so I don’t know what I’m doing wrong
That’s querying the master directly as defined in config/auth.yaml.
I’d need to see what the pdns
service logs look like on restart and when adding a domain (journalctl -n 100 -u pdns
) as well as the configuration, /etc/pdns/pdns.conf (grep '^[a-z]' /etc/pdns/pdns.conf | grep -v api-key
), for both. Additionally pdnsutil list-zone DOMAIN
on master to dump the zone contents on a recently added test domain.
grep ‘^[a-z]’ /etc/pdns/pdns.conf | grep -v api-key
Master:
daemon=no
guardian=no
setgid=pdns
setuid=pdns
cache-ttl=20
local-address=83.229.112.41, ::
launch=gpgsql
webserver-port=8081
webserver-allow-from=127.0.0.1,::1
expand-alias=yes
webserver=True
api=True
include-dir=/etc/pdns/local.d
resolver=1.1.1.1:53,1.0.0.1:53
version-string=anonymous
webserver-address=127.0.0.1
gpgsql-host=localhost
gpgsql-password=X
gpgsql-user=powerdns
gpgsql-dbname=powerdns
allow-axfr-ips=78.138.0.109
master=yes
also-notify=78.138.0.109
slave=yes
superslave=yes
allow-notify-from=83.229.112.41
Slave:
daemon=no
guardian=no
setgid=pdns
setuid=pdns
cache-ttl=20
local-address=0.0.0.0, ::
slave=yes
launch=gmysql
superslave=yes
webserver-port=8081
webserver-allow-from=127.0.0.1,::1
expand-alias=no
webserver=False
api=True
include-dir=/etc/pdns/local.d
resolver=no
allow-notify-from=83.229.112.41
version-string=anonymous
webserver-address=127.0.0.1
gmysql-host=localhost
gmysql-password=x
gmysql-user=powerdns
gmysql-dbname=powerdns
allow-axfr-ips=78.138.0.109
master=yes
also-notify=78.138.0.109
Please format code output using code fences.
```
… paste code …
```
It’s much easier to read. Look over your master configuration. You’ve defined it as both a master and a slave. At once point you defined the master as a slave, then flipped it around.
Referring back to the guide, master has 3 additional configuration keys: allow-axfr-ips, also-notify, master.
Slave servers have 3 additional configuration keys: allow-notify-from, slave, and superslave.
Your master nameserver is going through an identity crisis, it has both configurations. Edit pdns.conf, remove slave/superslave/allow-notify-from directives. Likewise your slave is also having its own identity crisis. Remove allow-axfr-ips/master/also-notify. Once rectified, restart pdns
service on both servers.
You may also consider offloading your DNS to Cloudflare. Place the configuration token in config/auth.yaml and update the default driver to cloudflare
. All zones will be under your CF account.
Okay
Thank you. I had noticed that it looked like it was showing as both master and slave but I wasn’t sure. And didn’t know how to fix it.
Thanks again
Also, sorry for the mess. It looked fine before I hit enter
Update:
I’m still not sure how I ended up giving both my servers identity issues, must have been an issue with my editing and copying and pasting commands.
But I finally discovered a typo which was causing an issue with communication between the two.
In thefollowing code I had an invalid domain name:
cpcmd scope:set cp.bootstrapper powerdns_supermaster '[ip:1.2.3.3,nameserver:ns1.domain.com,account:master]'
ns1.domain.com was, for example, ns1.domainx.com.
Now both servers are authoritative.
Thanks for all of your help Matt. I really appreciate it