Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Try to improve freshness-check description #14905

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Try to improve freshness-check description #14905

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 14 additions & 3 deletions docs/modes-of-operation.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,8 @@ the primary server. In some conditions, some primary servers answer with
a truncated SOA response (indicating TCP is required), and the freshness
check will fail. As a workaround, the signature check and DO flag can be
turned off by disabling
:ref:`setting-secondary-check-signature-freshness`.
:ref:`setting-secondary-check-signature-freshness` (be warned, this can lead
to expired signatures if the primary server is PowerDNS).

When the freshness of a domain cannot be checked, e.g. because the
primary is offline, PowerDNS will retry the domain after
Expand All @@ -128,7 +129,10 @@ between checks. With default settings, this means that PowerDNS will
back off for 1, then 2, then 3, etc. minutes, to a maximum of 60 minutes
between checks. The same hold back algorithm is also applied if the zone
transfer fails due to problems on the primary, i.e. if zone transfer is
not allowed.
not allowed. Note: If the freshness check was triggered by a NOTIFY, but
the following zone transfer fails, the zone transfer will not automatically
be retried - only when a new NOTIFY is received or the refresh timer
triggers a freshness check.

Receiving a NOTIFY immediately clears the back-off period for the
respective domain to allow immediate freshness checks for this domain.
Expand Down Expand Up @@ -171,7 +175,14 @@ first in first out order.
PowerDNS supports multiple primaries. For the BIND backend, the native
BIND configuration language suffices to specify multiple primaries, for
SQL-based backends, list all primaries servers separated by commas in the
'master' field of the domains table.
'master' field of the domains table. For the freshness check PowerDNS will
randomly select one of the configured primaries. If the freshness checks fails
for that primary, the zone will be checked again in the next cycle, again
using randomly one of the configured primaries. Hence, even with multiple primaries
make sure that always all of them are available for fast zone updates. If
the zone refresh was triggered by a NOTIFY, PowerDNS will use the source of the
NOTIFY as target for the freshness check. Subsequent zone transfer will always
use the primary that was used for the freshness check.

Since version 4.0.0, PowerDNS requires that primaries sign their
notifications. During transition and interoperation with other
Expand Down