PowerDNS secondary servers receive empty SOA response for particular zone. Truncation issue?
Andy Smith
andy at strugglers.net
Fri Nov 18 01:46:30 UTC 2022
On Fri, Nov 18, 2022 at 01:14:27AM +0000, Andy Smith wrote:
> What happens is that a NOTIFY is sent out, PowerDNS sees it and queries
> for SOA and logs this:
>
> Nov 18 00:25:26 daiquiri pdns_server[32452]: While checking domain freshness: Query to '2001:ba8:1f1:f085::53' for SOA of 'f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa' did not return a SOA
Well, hours of head scratching then I send this email and suddenly find
something that is probably very relevant:
"auth: slave zone soa check does not use tcp if udp answer was
truncated #10447"
https://github.com/PowerDNS/pdns/issues/10447
So, PowerDNS can't retry its SOA queries over TCP.
I assume that bind9's behaviour has changed to be more correct and
there's nothing I can/should configure on that side to let this work
again. So I'll see what the PDNS folks have to say but it looks like
I'll have to upgrade all the PDNS servers and then make use of the
"secondary-check-sgnature-freshness=no" option:
https://doc.powerdns.com/authoritative/settings.html#secondary-check-signature-freshness
Thanks,
Andy
More information about the bind-users
mailing list