pdns icon indicating copy to clipboard operation
pdns copied to clipboard
verified publisher icon PowerDNS

Feature Request: auth: outgoing IXFR support

Open m-barthelemy opened this issue 7 years ago • 12 comments

  • Program: Authoritative
  • Issue type: Feature request

Short description

After receiving a notification, a slave may want to ask a PowerDNS master for zone changes using IXFR. As of 4.2.3, PowerDNS can only emit AXFR responses, according to the doc and confirmed after a few quick tests with an Unbound slave.

Usecase

Maintaining slaves up to date almost in real time using NOTIFY is great. However:

  • If the zone becomes big, any update potentially requires transferring (and then updating) a lot of information on the salves.
  • If the slave expects an IXFR response from the master (Unbound 1.7.1 with auth-zone, allow-notify and master configured) if fails. Well, I guess Unbound should be able to accept an AXFR response, and its current behavior is a limitation or a bug.

m-barthelemy avatar May 27 '18 12:05 m-barthelemy

有没有可能查询都送到6553端口了

PikuZheng avatar Oct 07 '25 08:10 PikuZheng

代码是正常的,你没开IPV6优选吧! root@ImmortalWrt:~# nslookup example.com 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1:53

Non-authoritative answer: Name: example.com Address: 23.215.0.136 Name: example.com Address: 23.220.75.245 Name: example.com Address: 23.192.228.80 Name: example.com Address: 23.220.75.232

Non-authoritative answer: Name: example.com Address: 2600:1406:5e00:6::17ce:bc1b Name: example.com Address: 2600:1406:5e00:6::17ce:bc12 Name: example.com Address: 2600:1408:ec00:36::1736:7f24 Name: example.com Address: 2600:1406:bc00:53::b81e:94ce

root@ImmortalWrt:~#

xiaobaishu1 avatar Oct 08 '25 01:10 xiaobaishu1

有没有可能查询都送到6553端口了

dig命令调试,都尝试6053,6553,53,查看审计日志,依然是没有返回ipv6,即使dualstack-ip-selection yes,dualstack-ip-selection-threshold 50这两个ip优选打开,一样不行。

kevin-312 avatar Oct 08 '25 03:10 kevin-312

代码是正常的,你没开IPV6优选吧! root@ImmortalWrt:~# nslookup example.com 127.0.0.1 Server: 127.0.0.1 Address: 127.0.0.1:53

Non-authoritative answer: Name: example.com Address: 23.215.0.136 Name: example.com Address: 23.220.75.245 Name: example.com Address: 23.192.228.80 Name: example.com Address: 23.220.75.232

Non-authoritative answer: Name: example.com Address: 2600:1406:5e00:6::17ce:bc1b Name: example.com Address: 2600:1406:5e00:6::17ce:bc12 Name: example.com Address: 2600:1408:ec00:36::1736:7f24 Name: example.com Address: 2600:1406:bc00:53::b81e:94ce

root@ImmortalWrt:~#

#dualstack-ip-selection yes #dualstack-ip-selection-threshold 50,这两行ip优选取消注释也不行。如果你用我的代码,可以的话。那就是其他网络问题。

kevin-312 avatar Oct 08 '25 03:10 kevin-312

连接到运行日志流.... 已连接到运行日志流。 连接到审计日志流.... 已断开与运行日志流的连接。 已连接到审计日志流。 [2025-10-08 12:09:33,337] 127.0.0.1 query www.kernel.org, type 28, time 225ms, speed: 139.9ms, group default, result 2a04:4e42:8c::311 [2025-10-08 12:09:33,338] API query www.kernel.org, type 28, time 218ms, speed: 139.9ms, group default, result 2a04:4e42:8c::311 [2025-10-08 12:09:33,338] 127.0.0.1 query www.kernel.org, type 1, time 225ms, speed: 136.9ms, group default, result 146.75.113.55 [2025-10-08 12:09:33,338] API query www.kernel.org, type 1, time 222ms, speed: 136.9ms, group default, result 146.75.113.55

没开任何代理的情况下测试的 有IPV6返回,运行日志里面也拿看到有IPV6查询跟返回!代码是没问题的!要么你自己的配置有问题要么就是网络问题!

xiaobaishu1 avatar Oct 08 '25 04:10 xiaobaishu1

dualstack-ip-selection 这个默认值是yes,要设成no才行

PikuZheng avatar Oct 08 '25 05:10 PikuZheng

另外你用的dig完整的命令是什么

PikuZheng avatar Oct 08 '25 05:10 PikuZheng

另外你用的dig完整的命令是什么

smartdns服务端地址192.168.68.15,端口53,6053,6553.windows用dig @192.168.68.15 -p53/6053/6553 aliyun.com。一样不行,感觉真奇怪的。

kevin-312 avatar Oct 08 '25 10:10 kevin-312

另外你用的dig完整的命令是什么

smartdns服务端地址192.168.68.15,端口53,6053,6553.windows用dig @192.168.68.15 -p53/6053/6553 aliyun.com。一样不行,感觉真奇怪的。

有没有可能这个命令只查询ipv4,不查询ipv6的

PikuZheng avatar Oct 08 '25 10:10 PikuZheng

dig aaaa @192.168.68.15 -p 53/6053/6553 aliyun.com 试试

cqcw123123 avatar Oct 15 '25 01:10 cqcw123123