PowerDNS secondary servers receive empty SOA response for particular zone. Truncation issue?

Fri Nov 18 05:55:03 UTC 2022

The default EDNS0 buffer size has changed to 1232, how big is the response when you use dig?

Perhaps increasing the edns buffer sizes would be a way out?

Ondrej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 18. 11. 2022, at 2:47, Andy Smith <andy at strugglers.net> wrote:
> 
> On Fri, Nov 18, 2022 at 01:14:27AM +0000, Andy Smith wrote:
>> What happens is that a NOTIFY is sent out, PowerDNS sees it and queries
>> for SOA and logs this:
>> 
>> Nov 18 00:25:26 daiquiri pdns_server[32452]: While checking domain freshness: Query to '2001:ba8:1f1:f085::53' for SOA of 'f.4.1.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa' did not return a SOA
> 
> Well, hours of head scratching then I send this email and suddenly find
> something that is probably very relevant:
> 
>    "auth: slave zone soa check does not use tcp if udp answer was
>    truncated #10447"
>    https://github.com/PowerDNS/pdns/issues/10447
> 
> So, PowerDNS can't retry its SOA queries over TCP.
> 
> I assume that bind9's behaviour has changed to be more correct and
> there's nothing I can/should configure on that side to let this work
> again. So I'll see what the PDNS folks have to say but it looks like
> I'll have to upgrade all the PDNS servers and then make use of the
> "secondary-check-sgnature-freshness=no" option:
> 
>    https://doc.powerdns.com/authoritative/settings.html#secondary-check-signature-freshness
> 
> Thanks,
> Andy
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users