PowerDNS – SOA serial mismatch on slaves

I am using PowerDNS with the PostgreSQL backend on three different servers, in native mode, all replication is done at the PostgreSQL backend. No server is set as master, pdns.conf is almost in default settings.

When I create a new zone using the PowerDNS API on the first server, I can see the zone and records in all three databases. And when using dig SOA example.com @SERVER.IP I receive a response from all servers, but with different SOA serials:

The first server which is the “primary” server and configured as such in the SOA record, has the SOA record 2020081503, the two others 2020081505.

When making changes to the zone, the serial is increasing, but the offset of 2 stays the same.

All servers are configured the same, except that the first one has the API and web server enabled in pdns.conf, and that it is mentioned in the SOA record.

Any idea where the offset comes from and how it can be synced?

Thank you!

Go to Source
Author: Daniel

Authoritative DNS for subdomain with dynamic IP

Is it possible to have an authoritative dns server that I host on my server that has a dynamic IP?

I use a dynamic dns client to update my IP with namecheap but want to have a DNS server I control as well. Is it possible for my subdomain ns1.sub.example.com to be on my server?

I would use the dynamic dns client to update ns1.sub.example.com

Looks like it works.
Dynamic DNS updates A record for main.example.com
NS points to subdomain and the name is the A record main.example.com
all queries are being forwarded to my dns server.

Go to Source
Author: uid500

What does “localhost name resolution is handled within DNS itself” mean?

I know that the Windows hosts file maps host names to IP addresses. But there is no mapping for localhost. Instead it has a comment that says this:

# localhost name resolution is handled within DNS itself.
#       localhost

I don’t understand this. Where is this “DNS” that handles this resolution? Is it a program somewhere in Windows OS? Is it outside of Windows? Does it have a config file? How is this being done?

Go to Source
Author: Liga

DNS DDOS Attack – would like to understand log

DNS DDOS Attack – would like to understand log

As part of a DOOS attack (largely inefectual) I am currently seeing log messages of the form:

<DATE> client <EXTERNAL-IP>#3074 (<NAME>): query: <SAME-NAME> IN RRSIG + (<ONE-OF-MY-IPs>)

My reading of the DNS log suggests that this is a query coming from < EXTERNAL-IP >, with the result to be sent to < ONE-OF-MY-IPs >. Is that correct?

We are running an older BIND, soon to be upgraded, but I was hoping to understand what this query is actually doing (many are sent).

Edit: Also, would be nice to know how they are able to structure it to send the result to another IP.

Go to Source
Author: RabidMutant