search

pschiffe / docker-pdns

Docker images for PowerDNS
MIT License
270 stars 80 forks source link

etc/pdns-recursor/recursor.conf #131

Closed hpcmtint closed 7 months ago

hpcmtint commented 7 months ago

Hello Peter


  pdns-recursor-mysql:
    image: pschiffe/pdns-recursor:${RECURSOR_TAG:-latest}
    networks:
      - pdns-mysql
    environment:
     - AUTH_ZONES=globe.local
     - FORWARD_ZONES=.=172.30.110.5,172.30.115.2    
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /srv/data/recursor.conf:/etc/pdns-recursor/recursor.conf
    ulimits:
      nofile:
        soft: 5000
        hard: 5000

above is modified version of your recursor, i am unable to get it working and also - /srv/data/recursor.conf:/etc/pdns-recursor/recursor.conf is being over written and if do 'ro' the container wont start.

forward-zones=.=172.30.110.5,172.30.115.2

pschiffe commented 7 months ago

Hi @hpcmtint, I recommend to not bind mount the config file - it's a template that can be completely configured via env vars, source is here - https://github.com/pschiffe/docker-pdns/blob/master/pdns-recursor/recursor.conf.tpl

To configure the requested settings, use env vars like this:

    environment:
     - PDNS_auth_zones=globe.local
     - PDNS_forward_zones=.=172.30.110.5,172.30.115.2
hpcmtint commented 7 months ago

Hi Peter,

thanks for the quick respond. I've added as advised - seeing errors and the container wont start/.

services:

  pdns-recursor-mysql:
    image: pschiffe/pdns-recursor:${RECURSOR_TAG:-latest}
    networks:
      - pdns-mysql
    environment:
      - PDNS_forward_zones=.=172.30.110.5,172.30.115.2
    volumes:
      - /etc/localtime:/etc/localtime:ro
    ulimits:
      nofile:
        soft: 5000
        hard: 5000
Feb 06 17:11:45 PowerDNS Recursor 4.9.2 (C) 2001-2022 PowerDNS.COM BV

Feb 06 17:11:45 Using 64-bits mode. Built using gcc 13.2.1 20231011 (Red Hat 13.2.1-4).

Feb 06 17:11:45 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.

Feb 06 17:11:45 msg="Enabling IPv4 transport for outgoing queries" subsystem="config" level="0" prio="Notice" tid="0" ts="1707239505.943"

Feb 06 17:11:45 msg="NOT using IPv6 for outgoing queries - add an IPv6 address (like '::') to query-local-address to enable" subsystem="config" level="0" prio="Warning" tid="0" ts="1707239505.943"

Feb 06 17:11:45 msg="Setting access control" subsystem="config" level="0" prio="Info" tid="0" ts="1707239505.946" acl="allow-from" addresses="0.0.0.0/0"

Feb 06 17:11:45 msg="Will not send queries to" subsystem="config" level="0" prio="Notice" tid="0" ts="1707239505.958" addresses="127.0.0.0/8 10.0.0.0/8 100.64.0.0/10 169.254.0.0/16 192.168.0.0/16 172.16.0.0/12 ::1/128 fc00::/7 fe80::/10 0.0.0.0/8 192.0.0.0/24 192.0.2.0/24 198.51.100.0/24 203.0.113.0/24 240.0.0.0/4 ::/96 ::ffff:0:0/96 100::/64 2001:db8::/32 0.0.0.0 ::"

Feb 06 17:11:45 msg="Redirecting queries" subsystem="config" level="0" prio="Info" tid="0" ts="1707239505.959" addresses="172.30.110.5:53" recursion="0" zone="."

Feb 06 17:11:45 msg="Fatal error" error="Error parsing '172.30.115.2', missing =" subsystem="config" level="0" prio="Critical" tid="0" ts="1707239505.959" exception="PDNSException"

Feb 06 17:11:52 PowerDNS Recursor 4.9.2 (C) 2001-2022 PowerDNS.COM BV

Feb 06 17:11:52 Using 64-bits mode. Built using gcc 13.2.1 20231011 (Red Hat 13.2.1-4).

Feb 06 17:11:52 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.

Feb 06 17:11:52 msg="Enabling IPv4 transport for outgoing queries" subsystem="config" level="0" prio="Notice" tid="0" ts="1707239512.304"

Feb 06 17:11:52 msg="NOT using IPv6 for outgoing queries - add an IPv6 address (like '::') to query-local-address to enable" subsystem="config" level="0" prio="Warning" tid="0" ts="1707239512.304"

Feb 06 17:11:52 msg="Setting access control" subsystem="config" level="0" prio="Info" tid="0" ts="1707239512.309" acl="allow-from" addresses="0.0.0.0/0"

Feb 06 17:11:52 msg="Will not send queries to" subsystem="config" level="0" prio="Notice" tid="0" ts="1707239512.321" addresses="127.0.0.0/8 10.0.0.0/8 100.64.0.0/10 169.254.0.0/16 192.168.0.0/16 172.16.0.0/12 ::1/128 fc00::/7 fe80::/10 0.0.0.0/8 192.0.0.0/24 192.0.2.0/24 198.51.100.0/24 203.0.113.0/24 240.0.0.0/4 ::/96 ::ffff:0:0/96 100::/64 2001:db8::/32 0.0.0.0 ::"

Feb 06 17:11:52 msg="Redirecting queries" subsystem="config" level="0" prio="Info" tid="0" ts="1707239512.322" addresses="172.30.110.5:53" recursion="0" zone="."
pschiffe commented 7 months ago

The error is Feb 06 17:11:45 msg="Fatal error" error="Error parsing '172.30.115.2', missing =" subsystem="config" level="0" prio="Critical" tid="0" ts="1707239505.959" exception="PDNSException"

I'm not sure how docker-compose handles that equal sign, maybe try with quotes?

    environment:
      - PDNS_forward_zones=".=172.30.110.5,172.30.115.2"
hpcmtint commented 7 months ago 
  pdns-recursor-mysql:
    image: pschiffe/pdns-recursor:${RECURSOR_TAG:-latest}
    networks:
      - pdns-mysql
    ports:
      - "53:53"
      - "53:53/udp"
    environment:
      PDNS_forward_zones:
"globe.local=172.22.0.20,dmz.globe.local=72.22.0.20,.=172.30.110.5"
    volumes:
      - /etc/localtime:/etc/localtime:ro
    ulimits:
      nofile:
        soft: 5000
        hard: 5000

seemed to have worked but not forwarding dns query of www.apple.com . to 172.30.110.5

172.22.0.4 = dns-recursor-mysql

***@***.***:~$ nslookup portainer.globe.local 172.22.0.4
Server:         172.22.0.4
Address:        172.22.0.4#53

Non-authoritative answer:
Name:   portainer.globe.local
Address: 172.21.0.2

***@***.***:~$ nslookup www.apple.com  172.22.0.4
;; communications error to 172.22.0.4#53: timed out
;; communications error to 172.22.0.4#53: timed out
Server:         172.22.0.4
Address:        172.22.0.4#53

** server can't find www.apple.com: SERVFAIL

On Tue, 6 Feb 2024 at 17:48, Peter Schiffer @.***> wrote:

The error is Feb 06 17:11:45 msg="Fatal error" error="Error parsing '172.30.115.2', missing =" subsystem="config" level="0" prio="Critical" tid="0" ts="1707239505.959" exception="PDNSException"

I'm not sure how docker-compose handles that equal sign, maybe try with quotes?

environment:
  - PDNS_forward_zones=".=172.30.110.5,172.30.115.2"

— Reply to this email directly, view it on GitHub https://github.com/pschiffe/docker-pdns/issues/131#issuecomment-1930462532, or unsubscribe https://github.com/notifications/unsubscribe-auth/BB6MERYKAF3F5BYZHCPNEUTYSJUGJAVCNFSM6AAAAABC4J37SSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZQGQ3DENJTGI . You are receiving this because you were mentioned.Message ID: @.***>

hpcmtint commented 7 months ago 
working now 

  pdns-recursor-mysql:
    image: pschiffe/pdns-recursor:${RECURSOR_TAG:-latest}
    networks:
      - pdns-mysql
    ports:
      - "53:53"
      - "53:53/udp"
    environment:
      PDNS_forward_zones: "globe.local=172.22.0.20,dmz.globe.local=172.22.0.20"
      PDNS_forward_zones_recurse: ".=172.30.110.5"
    volumes:
      - /etc/localtime:/etc/localtime:ro
    ulimits:
      nofile:
        soft: 5000
        hard: 5000
pschiffe commented 7 months ago

Glad you were able to make it work.