search

StackExchange / dnscontrol

Infrastructure as code for DNS!
https://dnscontrol.org/
MIT License
3.04k stars 381 forks source link

[axfrdns] Fails to initialize new zones due to servfail #2998

Open mweinelt opened 1 month ago

mweinelt commented 1 month ago

NOTE: Have a general question? You'll get a better response on the dnscontrol-discuss email list!

Describe the bug Using AXFR on a freshly configured zone, that does not have yet any zonedata expectedly fails with rcode2 (SERVFAIL), and therefore cannot be initialized from dnscontrol.

dnscontrol:
Error getting corrections (manda): [Error] AXFRDDNS: nameserver refused to transfer the zone 8.b.d.1.0.0.2.ip6.arpa: dns: bad xfr rcode: 2
knot:
# journalctl -u knot --grep=dnscontrol
knotd[1204]: debug: [8.b.d.1.0.0.2.ip6.arpa.] ACL, allowed, action transfer, remote 192.0.2.0@52766, key dnscontrol.

# knotc zone-status
[8.b.d.1.0.0.2.ip6.arpa.] role: master | serial: -

To Reproduce Steps to reproduce the behavior:

  1. Install and configure Knot
  2. Configure a new zone with ACLs for dnscontrol
  3. Run dnscontrol check or apply

Expected behavior A nameserver without zonedata will return SERVFAIL for the zone. Ideally dnscontrol would allow applying the initial zonedata.

DNS Provider

Additional context It starts working, once I create zonedata on the nameserver in any way:


knotc zone-begin 8.b.d.1.0.0.2.ip6.arpa.
knotc zone-set 8.b.d.1.0.0.2.ip6.arpa. @ 3600 SOA ns1.example.com. dns.example.com. 1 3600 600 604800 1440
knotc zone-commit 8.b.d.1.0.0.2.ip6.arpa.
cafferata commented 1 month ago

Ping @hnrgrgr, the maintainer of the AXFR+DDNS provider.