主页 / server / 问题 / 542806
Accepted
Tuinslak
Asked: 2013-10-01 14:26:15 +0800 CST

PowerDNS 从属服务器在收到通知后未更新

  • 772

我正在使用 PowerDNS 运行两台机器,一台是主机(SQL),一台是从机(绑定后端)。

在我修改域并碰撞序列后,我在日志中得到了这个:

Sep 30 22:13:20 localhost pdns[6884]: 1 domain for which we are master needs notifications
Sep 30 22:13:20 localhost pdns[6884]: Queued notification of domain 'netly.io' to 146.185.146.149
Sep 30 22:13:20 localhost pdns[6884]: Queued notification of domain 'netly.io' to 146.185.147.74
Sep 30 22:13:20 localhost pdns[6884]: Received NOTIFY for netly.io from 146.185.146.149 but slave support is disabled in the configuration
Sep 30 22:13:21 localhost pdns[6884]: Received unsuccessful notification report for 'netly.io' from 146.185.146.149:53, rcode: 4
Sep 30 22:13:21 localhost pdns[6884]: Removed from notification list: 'netly.io' to 146.185.146.149:53
Sep 30 22:13:23 localhost pdns[6884]: No master domains need notifications

我知道它正在通知自己(146.185.146.149),因为它被设置为名称服务器,并且可以忽略这些错误。它(看起来)也会通知其他服务器(146.185.147.74 或 162.243.29.199)。

但是,从服务器在该时间范围内的日志中没有显示任何内容,当我对域文件进行分类时,我可以看到旧的序列号和子域没有被更新。

dig @slave-server 还显示旧设置。

告诉它重新加载也不会更新绑定区域文件:

slave-server # pdns_control reload
Ok
slave-server # tail -f /var/log/daemon.log 
Sep 30 22:21:28 node-e31401 pdns[2259]: Zone 'netly.io' (/etc/powerdns/bind/netly.io.) needs reloading
Sep 30 22:21:28 node-e31401 pdns[2259]: Zone 'netly.io' (/etc/powerdns/bind/netly.io.) reloaded

但是,当我完全重新启动 PDNS 时,它最终发现它已过时并正确获取更新的区域:

slave-server # /etc/init.d/pdns restart
[ ok ] Restarting PowerDNS Authoritative Name Server: pdns.
slave-server # tail -f /var/log/daemon.log 
Sep 30 22:23:48 node-e31401 pdns[2911]: 2 slave domains need checking, 0 queued for AXFR
Sep 30 22:23:48 node-e31401 pdns[2911]: Received serial number updates for 2 zones, had 0 timeouts
Sep 30 22:23:48 node-e31401 pdns[2911]: Domain netly.io is stale, master serial 2013093004, our serial 2013093003
Sep 30 22:23:48 node-e31401 pdns[2911]: Domain titify.com is fresh (not presigned, no RRSIG check)
Sep 30 22:23:48 node-e31401 pdns[2911]: No master domains need notifications
Sep 30 22:23:48 node-e31401 pdns[2911]: Initiating transfer of 'netly.io' from remote '146.185.146.149'
Sep 30 22:23:48 node-e31401 pdns[2911]: AXFR started for 'netly.io', transaction started
Sep 30 22:23:48 node-e31401 pdns[2911]: Zone 'netly.io' (/etc/powerdns/bind/netly.io.) reloaded
Sep 30 22:23:48 node-e31401 pdns[2911]: AXFR done for 'netly.io', zone committed with serial number 2013093004
Sep 30 22:23:48 node-e31401 pdns[2911]: Done launching threads, ready to distribute questions

我在这里想念什么?是什么导致主服务器正确通知从服务器,但从服务器没有获取新区域?

编辑:

tcpdump:

node-fd1d01 ~ # tcpdump -n 'host 146.185.146.149 and port 53'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
09:51:38.042713 IP 146.185.146.149.42478 > 162.243.29.199.53: 61745 notify [b2&3=0x2400] SOA? netly.io. (26)
09:51:41.043323 IP 146.185.146.149.42478 > 162.243.29.199.53: 61745 notify [b2&3=0x2400] SOA? netly.io. (26)
09:51:46.044145 IP 146.185.146.149.42478 > 162.243.29.199.53: 61745 notify [b2&3=0x2400] SOA? netly.io. (26)
09:51:52.049533 IP 146.185.146.149.42478 > 162.243.29.199.53: 59408 notify [b2&3=0x2400] SOA? netly.io. (26)
09:51:55.050715 IP 146.185.146.149.42478 > 162.243.29.199.53: 61745 notify [b2&3=0x2400] SOA? netly.io. (26)
09:51:55.050753 IP 146.185.146.149.42478 > 162.243.29.199.53: 59408 notify [b2&3=0x2400] SOA? netly.io. (26)
09:52:00.053327 IP 146.185.146.149.42478 > 162.243.29.199.53: 59408 notify [b2&3=0x2400] SOA? netly.io. (26)
09:52:09.056321 IP 146.185.146.149.42478 > 162.243.29.199.53: 59408 notify [b2&3=0x2400] SOA? netly.io. (26)

日志没有显示任何新内容(最新于 09h48):

node-fd1d01 /etc/powerdns/bind # tail -f /var/log/daemon.log 
Oct  2 09:47:59 localhost pdns[2253]: Domain netly.io is fresh (not presigned, no RRSIG check)
Oct  2 09:47:59 localhost pdns[2253]: Domain titify.com is fresh (not presigned, no RRSIG check)
Oct  2 09:47:59 localhost pdns[2253]: No master domains need notifications
Oct  2 09:47:59 localhost pdns[2253]: Done launching threads, ready to distribute questions
Oct  2 09:48:00 localhost ntpd[2144]: Listen normally on 6 tun0 172.17.24.1 UDP 123
Oct  2 09:48:00 localhost ntpd[2144]: Listen normally on 7 tun1 172.17.16.1 UDP 123
Oct  2 09:48:00 localhost ntpd[2144]: peers refreshed
Oct  2 09:48:12 localhost dbus[2093]: [system] Activating service name='org.freedesktop.ConsoleKit' (using servicehelper)
Oct  2 09:48:12 localhost dbus[2093]: [system] Successfully activated service 'org.freedesktop.ConsoleKit'
Oct  2 09:48:59 localhost pdns[2253]: No new unfresh slave domains, 0 queued for AXFR already

但是当我 cat 区域文件(以绑定格式)时,它没有更新。

powerdns

3 个回答

  1. 我们遇到了这种情况,事实证明 DNS 通知消息的目标实际上是拒绝该消息。

    请注意下面的“通知拒绝”。替换了虚假的服务器和区域名称。

        # tcpdump -v -r notify.pcap
reading from file notify.pcap, link-type LINUX_SLL (Linux cooked)
00:00:33.210137 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 61) master.dns.server.46861 > slave.dns.server.domain: 49437 notify SOA? zoneinquestion.com. (33)
00:00:33.236488 IP (tos 0x0, ttl 55, id 17352, offset 0, flags [none], proto UDP (17), length 61) slave.dns.server.domain > master.dns.server.46861: 49437 notify Refused- 0/0/0 (33)
00:00:36.244057 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 61) master.dns.server.46861 > slave.dns.server.domain: 48449 notify SOA? zoneinquestion.com. (33)
00:00:36.269682 IP (tos 0x0, ttl 55, id 17353, offset 0, flags [none], proto UDP (17), length 61) slave.dns.server.domain > master.dns.server.46861: 48449 notify Refused- 0/0/0 (33)
00:00:36.519361 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 61) master.dns.server.46861 > slave.dns.server.domain: 65128 notify SOA? zoneinquestion.com. (33)
00:00:36.544391 IP (tos 0x0, ttl 55, id 17354, offset 0, flags [none], proto UDP (17), length 61) slave.dns.server.domain > master.dns.server.46861: 65128 notify Refused- 0/0/0 (33)

    使用以下内容在主设备上捕获此输出:

    tcpdump -U -i any -w notify.pcap -s 1600 host slave.dns.server
    • 2
  2. Best Answer

    问题是端口 53 从外部端口被防火墙,但不是在 localhost 或 VPN 接口上。我没有注意到,因为我通常尝试过dig @localhost

    如果我理解正确,master 会向 UDP/53(通过 Stefan)发送一条消息。因此,这被部分防火墙并导致了问题。

    掌握:

    Oct  3 18:56:25 localhost pdns[6884]: gmysql Connection successful
Oct  3 18:56:25 localhost pdns[6884]: AXFR of domain 'netly.io' initiated by 162.243.25.159
Oct  3 18:56:25 localhost pdns[6884]: AXFR of domain 'netly.io' allowed: client IP 162.243.25.159 is in allow-axfr-ips
Oct  3 18:56:25 localhost pdns[6884]: gmysql Connection successful
Oct  3 18:56:25 localhost pdns[6884]: gmysql Connection successful
Oct  3 18:56:25 localhost pdns[6884]: AXFR of domain 'netly.io' to 162.243.25.159 finished
Oct  3 18:56:25 localhost pdns[6884]: Received unsuccessful notification report for 'netly.io' from 146.185.146.149:53, rcode: 4
Oct  3 18:56:25 localhost pdns[6884]: Removed from notification list: 'netly.io' to 146.185.146.149:53
Oct  3 18:56:25 localhost pdns[6884]: Removed from notification list: 'netly.io' to 162.243.25.159:53 (was acknowledged)
Oct  3 18:56:27 localhost pdns[6884]: No master domains need notifications

    奴隶:

    Oct  3 18:56:25 localhost pdns[2263]: 1 slave domain needs checking, 0 queued for AXFR
Oct  3 18:56:25 localhost pdns[2263]: Received serial number updates for 1 zones, had 0 timeouts
Oct  3 18:56:25 localhost pdns[2263]: Domain netly.io is stale, master serial 2013100302, our serial 2013100301
Oct  3 18:56:25 localhost pdns[2263]: Initiating transfer of 'netly.io' from remote '146.185.146.149'
Oct  3 18:56:25 localhost pdns[2263]: AXFR started for 'netly.io', transaction started
Oct  3 18:56:25 localhost pdns[2263]: Zone 'netly.io' (/etc/powerdns/bind/netly.io.) reloaded
Oct  3 18:56:25 localhost pdns[2263]: AXFR done for 'netly.io', zone committed with serial number 2013100302
    • 1

  3. 不要忘记增加您的序列号。如果您没有增加主机上的序列号,则 AXFR 通知不会执行任何操作

    • 0

相关问题