Search | Sailfish OS | Running | PineTime | All Posts

Making PowerDNS send notifies to Secondaries

February 14, 2024 — Nico Cartron

Context

I was playing with a DNS zone and doing some tests, when I realised that notifies were not being sent, resulting in my Secondary DNS taking ages to get updated.

Things I tried

  • I checked the Secondary DNS server configuration (a Knot Authoritative DNS server) and it looked good.
    • This was confirmed by issuing a pdns_control notify <ZONE>, which correctly triggered the zone transfer from Knot
  • I added a specific NOTIFY to that zone using PowerDNS' metadata, with a pdnsutil set-meta <ZONE> ALSO-NOTIFY = 46.23.92.100 - but no luck
  • I even added a only-notify=0.0.0.0/0 to pdns.conf to specifically tell PowerDNS to send updates to the servers listed as NS for the zone (that should be the default but I wanted to be 100% sure) - still no luck

Dawning on me

Then all of a sudden, I remembered that by default, PowerDNS created a zone as "Native", i.e. you can leverage e.g. SQL replications.

As noted in the documentation, it is clear that no notification are sent out in that mode:

Native replication means that PowerDNS will not send out DNS update notifications, nor will it react to them.

Fixing it

Just issuing a:

pdnsutil set-kind <ZONE> primary

fixed the issue, which was confirmed both by a manual dig against the Secondary, and also the Knot DNS logs:

Feb 14 07:32:39 mx knot[31175]: info: [ZONE] notify, incoming, remote 193.200.42.231@12138, serial none
Feb 14 07:32:39 mx knot[31175]: info: [ZONE] refresh, remote 193.200.42.231@53, remote serial 2024020809, zone is outdated
Feb 14 07:32:40 mx knot[31175]: info: [ZONE] IXFR, incoming, remote 193.200.42.231@53, receiving AXFR-style IXFR
Feb 14 07:32:40 mx knot[31175]: info: [ZONE] AXFR, incoming, remote 193.200.42.231@53, started
Feb 14 07:32:40 mx knot[31175]: info: [ZONE] AXFR, incoming, remote 193.200.42.231@53, finished, 0.23 seconds, 3 messages, 1906 bytes
Feb 14 07:32:40 mx knot[31175]: info: [ZONE] refresh, remote 193.200.42.231@53, zone updated, 0.32 seconds, serial 2024020808 -> 2024020809, expires in 604800 seconds
Feb 14 07:32:40 mx knot[31175]: info: [ZONE] zone file updated, serial 2024020808 -> 2024020809

Tags: DNS

I don't have any commenting system, but email me (nicolas at ncartron dot org) your comments!
If you like my work, you can buy me a coffee!