TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
4.42k stars 430 forks source link

RFC 2136 Unable To Delete Entries on Conditional Forwarding Zone #933

Closed driftlessdev closed 1 month ago

driftlessdev commented 5 months ago

For a project, I was setting up dynamic updates onto a Forwarder zone. It's able to add new records, but unable to delete them.

Records can be added & updated, but no record can be removed.. The logs shows an error about not being authoritative for the zone.

[2024-05-24 05:35:49 UTC] [XX.XX.XX.57:25240] [TCP] DNS Server refused a zone transfer request since the DNS server is not authoritative for zone: example.com
[2024-05-24 05:35:49 UTC] [XX.XX.XX.57:4052] [TCP] DNS Server received a zone UPDATE request for zone: example.com
[2024-05-24 05:35:49 UTC] Saved zone file for domain: example.com
[2024-05-24 05:35:49 UTC] [XX.XX.XX.95:41300] [TCP] DNS Server successfully processed a zone UPDATE request for zone: example.com

If I flip the zone to being a Primary, everything works as expected. However I only want this as a Forwarder to override parts of my domain to the local IP for that service, and keep the external DNS for the public address.

Currently running 12.1.

ShreyasZare commented 5 months ago

Thanks for the feedback. I tried it on my local setup and was able to add, update, and delete records from forwarder zone with Dynamic Updates using nsupdate command.

The error log entry you mention is regarding zone transfer and not related to dynamic updates. The error log is since forwarder zones do not support zone transfer and are not authoritative for that zone. The other entries say that the dynamic update request was successfully processed.

If you still have the issue then let me know how this issue can be reproduced so that I can understand your config and test it locally.

driftlessdev commented 5 months ago

DNS is being updated using ExternalDNS, and that might be the problem.

ExternalDNS is using transfer commands, I think, to get a list of all the records. It's logging which entries are being managed in TXT records, and wants to get a list of those TXT records to know what it's needs to delete.

It's not even getting to the delete commands as it can't get a list to know what do delete.

Overall then, it's not a bug rather an enhancement or some way to allow forwarding zones to allow some of the transfer functions to fake being authoritative, which it's kinda acting like by overriding some DNS entries for the zone.

ShreyasZare commented 5 months ago

That explains the issue. The current implementation with forwarder does not support zone transfer since zone transfer requires having SOA record which the zone lacks which makes it not authoritative.

There is however a plan to add support for zone transfer mechanism in some form for forwarder zones too so that it can be used with the planned clustering support that will be implementing catalog zones feature.

ShreyasZare commented 1 month ago

Technitium DNS Server v13 is now available that adds support for zone transfer and notify in Conditional Forwarder zones. Do update and let me know your feedback.