search

PowerDNS / pdns

PowerDNS Authoritative, PowerDNS Recursor, dnsdist
https://www.powerdns.com/
GNU General Public License v2.0
3.61k stars 900 forks source link

geoipbackend+pdnsutil check-zone fails silently, should error clearly #12253

Open rumato163 opened 1 year ago

rumato163 commented 1 year ago

Short description

Getting an error "[Error] No NS record at zone apex in zone" while trying to check any zone via pdnsutil

Environment

Steps to reproduce

  1. Install and configure pdns with geoip backend 
    
cat /etc/powerdns/pdns-geo.conf
config-dir=/etc/powerdns
daemon=yes
setgid=pdns
setuid=pdns
socket-dir=/run
guardian=no

default-ttl=300 distributor-threads=5 receiver-threads=5

local-address=... local-address-nonexist-fail=no local-port=53 reuseport=yes

log-dns-details=yes log-dns-queries=no log-timestamp=yes loglevel=12

master=yes allow-axfr-ips=...

launch=geoip geoip-database-files=mmdb:/etc/powerdns/geo/GeoIP2-City.mmdb geoip-zones-file=/etc/powerdns/geo/geo.yml

2. create at least one zone in geo.yml

cat /etc/powerdns/geo/geo.yml domains:

  1. run "pdnsutil --config-name=geo check-zone domain.com"

Expected behaviour

Opened MMDB database /etc/powerdns/geo/GeoIP2-City.mmdb(type: GeoIP2-City version: 2.0) Checked 2 records of 'domain.com', 0 errors, 0 warnings.

Actual behaviour

Opened MMDB database /etc/powerdns/geo/GeoIP2-City.mmdb(type: GeoIP2-City version: 2.0) [Error] No NS record at zone apex in zone 'domain.com' Checked 0 records of 'domain.com', 1 errors, 0 warnings.

Other information

I was trying to update pdns up to 4.6.2. Still the same

Habbie commented 1 year ago

pdnsutil check-zone does not work at all for geoipbackend. It would be nice if pdnsutil told you this, though!

Habbie commented 1 year ago

I updated the issue title.

rumato163 commented 1 year ago

Hi Thanks a lot for clarification about pdnsutil. But in general I've another one problem with geoip backend regarding to XFR. ((( It fails every time than I'm trying to get zone list from my geoip backend with following log messages:

Nov 30 11:50:08 pdns-geo[28718]: AXFR of domain 'domain.com' initiated by 127.0.0.1:38593
Nov 30 11:50:08 pdns-geo[28718]: AXFR of domain 'domain.com' allowed: client IP 127.0.0.1:38593 is in allow-axfr-ips
Nov 30 11:50:08 pdns-geo[28718]: Backend signals error condition

I've used the exact same config for XFR tests.

Habbie commented 1 year ago

Nov 30 11:50:08 pdns-geo[28718]: Backend signals error condition

this is the exact thing pdnsutil is not noticing. The geoipbackend does not support listing zone contents, as the contents depend on who is asking. XFR is therefore not supported from geoipbackend.

rumato163 commented 1 year ago

Got it. Thank you once again!

rumato163 commented 1 year ago

Do you need me to close curent issue report or you will close it righ after some code changes (to fix error text or smf like that)?

Habbie commented 1 year ago

I changed the title to remind us that pdnsutil should give an error, so please leave it open. Thanks!