Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth: listZone on geoip backend should fail less quietly #15006

Open
thibmac opened this issue Jan 2, 2025 · 1 comment
Open

auth: listZone on geoip backend should fail less quietly #15006

thibmac opened this issue Jan 2, 2025 · 1 comment
Labels
auth enhancement
Milestone
auth-5

Comments

@thibmac
Copy link

thibmac commented Jan 2, 2025
edited
Loading

  • Program: Authoritative 4.9.3
  • Issue type: Bug report

Short description

First, apologies if it's just me using it wrong but here's my issue :
pdnsutil does not seem to be able to see zone RRs when the zones are loaded with geoip backend

Environment

Debian 12, pdns 4.9.

Steps to reproduce

I'm using a pretty basic configuration setup , it can be reproduced even without using any geoip specific records, with the simplest kind of zones:

# pdns.conf
launch=geoip
geoip-database-files=mmdb:/etc/powerdns/geoip/GeoLite2-Country.mmdb
geoip-zones-file=/etc/powerdns/geoip/zones/zones.yml

# /etc/powerdns/geoip/zones/zones.yml
domains:
- domain: localhost
  ttl: 86400
  records:
    localhost:
      - soa: localhost. root.localhost. 2025010201 7200 3600 1209600 3600
      - a: 127.0.0.1
      - aaaa: ::1
      - ns: localhost.

Expected behaviour

pdnsutil list-zone localhost

I'm expecting to see some RRs here

pdnsutil check-zone localhost

Should be correct

Actual behaviour

# pdnsutil check-all-zones                
[Error] No SOA record present, or active, in zone 'localhost'
Checked 0 records of 'localhost', 1 errors, 0 warnings.
Checked 1 zones, 1 had errors.

# pdnsutil list-zone localhost                                                                                                             
$ORIGIN .

# dig query seems to work though

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49931
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;localhost.			IN	NS

;; ANSWER SECTION:
localhost.		86400	IN	NS	localhost.

;; ADDITIONAL SECTION:
localhost.		86400	IN	AAAA	::1
localhost.		86400	IN	A	127.0.0.1

Whatever I do, it keeps saying "$ORIGIN .".
I have also tried loading different zone from your examples and other online examples and I am always ending up with the same results.

Other information

For context, I have tried using GEOIP through LUA records but the performance is not great, down to 10% of what a normal bind backend is able to achieve.
I have also tested with the stable debian version (4.7.3)

This issue was edited since I accidentally posted too early, before noticing the zones were actually loaded and reachable.
@thibmac thibmac changed the title auth: check-z auth: check-zone for geoip backend Jan 2, 2025
@thibmac thibmac mentioned this issue Jan 3, 2025
Closed
@Habbie
Copy link
Member

Habbie commented Jan 6, 2025

because much of what can be expressed in a geoip config cannot be expressed in a zone file, listing is not supported.

perhaps this should give an error instead of silently giving you an empty zone though!

@Habbie Habbie changed the title auth: check-zone for geoip backend auth: listZone on geoip backend should fail less quietly Jan 6, 2025
@Habbie Habbie added this to the auth-5 milestone Jan 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth enhancement
Projects
None yet
Milestone
auth-5
Development

No branches or pull requests
2 participants
@Habbie @thibmac