Hi Andy,
On 22/12/2021 15:26, Andy Smith wrote:
> How long are you pausing between inserting the record and checking
> for existence of the record?
Initially, 120 seconds but I incremented it to 300 seconds.
> Have you confirmed by command line usage of the "nsupdate" tool or
> equivalent that you are able to:
>
> 1. Add a record in your powerdns (any record, just some silly TXT
> record for debugging)
>
> 2. See AXFR take place to a.authns.bitfolk.co.uk
>
> 3. Query the record you just added, from a.authns.bitfolk.co.uk?
Using the ACME Plugin for PFSense, I was able to insert the TXT Record
and generate a certificate. I am not sure whether it queried ns1 or
bitfolk at the authoritative level to achieve this.
In my traefik configuration, I found it necessary to override my local
Unbound DNS instance included within PFSense and query an alternative
DNS resolver (1.1.1.1 in my case).
> When was the last time you tried an update? BitFolk last saw an
> update:
>
> 22-Dec-2021 14:05:29.575 general: info: zone m6wiq.uk/IN: Transfer started.
> 22-Dec-2021 14:05:29.576 xfer-in: info: transfer of 'm6wiq.uk/IN' from 85.119.82.174#53: connected using 85.119.80.222#47928
> 22-Dec-2021 14:05:29.590 general: info: zone m6wiq.uk/IN: transferred serial 2021121127
>
> So by 14:05:29.590 a.authns.bitfolk.co.uk should be seeing (and
> serving) whatever update it was you made in serial 2021121127.
>
> Something I find odd is that your powerdns server at 85.119.82.174 has serial
> number 2021121140 but all the BitFolk servers have only 2021121127.
> You also list ns6.gandi.net which I assume is taking an AXFR from
> somewhere; that also only has serial 2021121127. I don't know if
> this is a problem particularly.
I have removed the Gandi secondary name server from the configuration to
remove any potential complications. This has incremented the serial to
2021121141. The set of commands I have been using to notify secondary
servers are:
pdnsutil increase-serial m6wiq.uk
pdns_control notify m6wiq.uk
After running these commands, querying a.authns.bitfolk.co.uk returns:
dig m6wiq.uk @a.authns.bitfolk.co.uk SOA
; <<>> DiG 9.16.1-Ubuntu <<>> m6wiq.uk @a.authns.bitfolk.co.uk SOA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1864
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 8
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;m6wiq.uk. IN SOA
;; ANSWER SECTION:
m6wiq.uk. 3600 IN SOA ns1.m6wiq.uk. hostmaster.m6wiq.uk. 2021121127
10800 3600 604800 3600
However, on ns1.m6wiq.uk:
dig m6wiq.uk @ns1.m6wiq.uk SOA
; <<>> DiG 9.16.1-Ubuntu <<>> m6wiq.uk @ns1.m6wiq.uk SOA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48457
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;m6wiq.uk. IN SOA
;; ANSWER SECTION:
m6wiq.uk. 3600 IN SOA ns1.m6wiq.uk. hostmaster.m6wiq.uk. 2021121141
10800 3600 604800 3600
> I'm afraid that I lack experience with powerdns and dynamic DNS
> updates.
I have the same issue on my end. I wonder if there is a better method of
notifying the secondary DNS rather than "pdns_control notify"?
Cheers,
William
--
William Wright
Callsign: M6WIQ
Mail: william@???
