search

chrisss404 / powerdns

PowerDNS dnsdist, recursor, authoritative, and admin interface. Supports DNSCrypt, DoH, and DoT.
https://hub.docker.com/r/chrisss404/powerdns
MIT License
53 stars 20 forks source link

chrisss404/powerdns:latest-dnsdist is failing #4

Closed ghost closed 4 years ago

ghost commented 4 years ago

Can you help with that error (exit 127):

Error loading shared library liblmdb.so.0: No such file or directory (needed by /usr/bin/dnsdist)
Error relocating /usr/bin/dnsdist: mdb_env_create: symbol not found
Error relocating /usr/bin/dnsdist: mdb_txn_commit: symbol not found
Error relocating /usr/bin/dnsdist: mdb_txn_begin: symbol not found
Error relocating /usr/bin/dnsdist: mdb_drop: symbol not found
Error relocating /usr/bin/dnsdist: mdb_dbi_open: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_get_flags: symbol not found
Error relocating /usr/bin/dnsdist: mdb_get: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_set_mapsize: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_set_maxdbs: symbol not found
Error relocating /usr/bin/dnsdist: mdb_txn_abort: symbol not found
Error relocating /usr/bin/dnsdist: mdb_cursor_open: symbol not found
Error relocating /usr/bin/dnsdist: mdb_cursor_close: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_close: symbol not found
Error relocating /usr/bin/dnsdist: mdb_env_open: symbol not found
Error relocating /usr/bin/dnsdist: mdb_strerror: symbol not found
chrisss404 commented 4 years ago

Thanks for reporting. Should be fixed with the next build.

BR Christian.

ghost commented 4 years ago

Thanks for reporting. Should be fixed with the next build.

BR Christian.

Thank you.

I ve added lmbd so everything is running fine now:

docker-compose ps
           Name                          Command                  State                                                        Ports
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
dns-test_admin-db_1           docker-entrypoint.sh postgres    Up             5432/tcp
dns-test_admin_1              docker-entrypoint.sh gunic ...   Up (healthy)   0.0.0.0:80->3031/tcp
dns-test_authoritative-db_1   docker-entrypoint.sh postgres    Up             5432/tcp
dns-test_authoritative_1      docker-entrypoint.sh pdns_ ...   Up (healthy)   53/tcp, 53/udp, 0.0.0.0:8081->8081/tcp
dns-test_dnsdist_1            docker-entrypoint.sh dnsdi ...   Up (healthy)   443/tcp, 0.0.0.0:1053->53/tcp, 0.0.0.0:1053->53/udp, 0.0.0.0:8083->8083/tcp, 8443/tcp, 8443/udp, 853/tcp
dns-test_recursor_1           docker-entrypoint.sh pdns_ ...   Up (healthy)   53/tcp, 53/udp, 0.0.0.0:8082->8082/tcp

However, I still cant figure out why I cant use dns server even though I dont have any fw rules implemented. Added "wcl-internal.host" domain in web ui.

dig -p 1053 example.com

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> -p 1053 example.com
;; global options: +cmd
;; connection timed out; no servers could be reached
root@services:/tempr/dns-test# dig -p 1053 google.com

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> -p 1053 google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
root@services:/tempr/dns-test# dig -p 1053 wcl-internal.host

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> -p 1053 wcl-internal.host
;; global options: +cmd
;; connection timed out; no servers could be reached
root@services:/tempr/dns-test# dig -p 1053 localhost

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> -p 1053 localhost
;; global options: +cmd
;; connection timed out; no servers could be reached
root@services:/tempr/dns-test# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:232             0.0.0.0:*               LISTEN      451/sshd
tcp6       0      0 :::80                   :::*                    LISTEN      17150/docker-proxy
tcp6       0      0 :::8081                 :::*                    LISTEN      16935/docker-proxy
tcp6       0      0 :::8082                 :::*                    LISTEN      16736/docker-proxy
tcp6       0      0 :::8083                 :::*                    LISTEN      16506/docker-proxy
tcp6       0      0 :::1053                 :::*                    LISTEN      16519/docker-proxy
tcp6       0      0 :::232                  :::*                    LISTEN      451/sshd
chrisss404 commented 4 years ago

Not sure. You can try specifying the server as follows:

dig @127.0.0.1 -p 1053 example.com

HTH

ghost commented 4 years ago

Not sure. You can try specifying the server as follows:

dig @127.0.0.1 -p 1053 example.com

HTH

If I use authorative host, its working fine and I can dig my domain

root@services:~# docker-compose ps
         Name                        Command                  State                                                        Ports
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
root_admin-db_1           docker-entrypoint.sh postgres    Up             5432/tcp
root_admin_1              docker-entrypoint.sh gunic ...   Up (healthy)   0.0.0.0:80->3031/tcp
root_authoritative-db_1   docker-entrypoint.sh postgres    Up             5432/tcp
root_authoritative_1      docker-entrypoint.sh pdns_ ...   Up (healthy)   53/tcp, 53/udp, 0.0.0.0:8081->8081/tcp
root_dnsdist_1            docker-entrypoint.sh dnsdi ...   Up (healthy)   443/tcp, 0.0.0.0:1053->53/tcp, 0.0.0.0:1053->53/udp, 0.0.0.0:8083->8083/tcp, 8443/tcp, 8443/udp, 853/tcp
root_recursor_1           docker-entrypoint.sh pdns_ ...   Up (healthy)   53/tcp, 53/udp, 0.0.0.0:8082->8082/tcp
root@services:~# dig @172.31.118.118 px.wclint.net

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> @172.31.118.118 px.wclint.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36388
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;px.wclint.net.                 IN      A

;; ANSWER SECTION:
px.wclint.net.          60      IN      A       10.0.0.50

;; Query time: 6 msec
;; SERVER: 172.31.118.118#53(172.31.118.118)
;; WHEN: Fri Aug 07 11:08:04 BST 2020
;; MSG SIZE  rcvd: 58

However, if I want to use dnsdist its not working

root@services:~# dig @172.31.118.118 -p 1053 px.wclint.net

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> @172.31.118.118 -p 1053 px.wclint.net
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Then I tried to use dnsdist host (using inspect), no success:

root@services:~# dig @172.31.117.2 -p 1053 px.wclint.net

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> @172.31.117.2 -p 1053 px.wclint.net
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
chrisss404 commented 4 years ago

Hmm. That's hard to tell. My guess is that your recursor does not forward the wclint.net. zone to your authoritative server, see RECURSOR_FORWARD_ZONES and RECURSOR_TRUST_ANCHORS.