PowerDNS Slave Refused to receive notification notify Refused-*

Question

Hello I got the Error : notify Refused- on the Slave server that waiting for updating record from the Master.

I have installed PowerDNS on a fresh server using the both official PowerDNS ansible and by bare hand (test on this two method really! :D)

Here is the configuration and detailed info.

Specification
PowerDNS version : 4.5.2
Ubuntu 20.04 Backend : mysql

Master Configuration
pdns.conf

launch=
allow-axfr-ips=159.223.76.221/32
config-dir=/etc/powerdns
daemon=yes
disable-axfr=no
guardian=yes
local-address=0.0.0.0
local-port=53
log-dns-details=on
loglevel=3
master=yes
slave=no
setgid=pdns
setuid=pdns
socket-dir=/var/pdns
version-string=powerdns
include-dir=/etc/powerdns/pdns.d
api=yes
api-key=24xd

I can add any records on Master Server without any problem.

Slave Configuration
pdns.conf

launch=
#guardian=yes
daemon=on
log-dns-details=on
slave=yes
slave-cycle-interval=60
logging-facility=0
log-dns-queries=yes
loglevel=5
include-dir=/etc/powerdns/pdns.d

On the notify command on Master Server :

 pdns_control notify gogon.xyz

Upon command on Slave DNS:

 tcpdump -n 'host 128.199.220.234 and port 53' -v

Here what I got :

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 08:06:08.926420 IP (tos 0x0, ttl 60, id 24776, offset 0, flags [DF], proto UDP (17), length 55)128.199.220.234.11643 > 159.223.76.221.53: 10150 notify [b2&3=0x2400] SOA? gogon.xyz. (27) 08:06:08.928383 IP (tos 0x0, ttl 64, id 20439, offset 0, flags [none], proto UDP (17), length 55) 159.223.76.221.53 > 128.199.220.234.11643: 10150 notify Refused*- 0/0/0 (27)

Some of the online resources suggest me to allow the port 53/UDP to be opened. Here is my UFW status :


53/tcp	ALLOW	Anywhere
53/udp	ALLOW	Anywhere
53/tcp(v6)	ALLOW	Anywhere(v6)
53/udp (v6)	ALLOW	Anywhere(v6)

On Slave the record in the database also added :

+-----------------+----------------------+---------+
| ip              | nameserver           | account |
+-----------------+----------------------+---------+
| 128.199.220.234 | ns2.share-system.com | admin   |
+-----------------+----------------------+---------+

Record on Master for the domain

--+
| id | domain_id | name      | type | content                                                                             | ttl   | prio | disabled | ordername | auth |
+----+-----------+-----------+------+-------------------------------------------------------------------------------------+-------+------+----------+-----------+------+
|  1 |         1 | gogon.xyz | SOA  | ns1.share-system.com hostmaster.share-system.com 2022011603 28800 7200 604800 86400 | 86400 |    0 |        0 | NULL      |    1 |
|  2 |         1 | gogon.xyz | NS   | ns1.share-system.com                                                                | 86400 |    0 |        0 | NULL      |    1 |
|  3 |         1 | gogon.xyz | NS   | ns2.share-system.com                                                                | 86400 |    0 |        0 | NULL      |    1 |
|  4 |         1 | gogon.xyz | A    | 128.199.220.234                                                                     | 86400 |    0 |        0 | NULL      |    1 |
+----+-----------+-----------+------+-------------------------------------------------------------------------------------+-------+------+----------+-----------+----

ns1.share-sytem.com and ns2.share-system.com record A has added to the Domain control and its nameserver record based on the master and slave IP (ns1 -> master, ns2 -> slave)

The test domain gogon.xyz also added to the respective ns1 and ns2

I have already changed the slave to secondary and master to primary to the pnds.conf without any success.

On checking the Listening port :

udp    UNCONN   0        0          159.223.76.221:53             0.0.0.0:*      users:(("pdns_server",pid=9966,fd=5))
tcp    LISTEN   0        128        159.223.76.221:53             0.0.0.0:*      users:(("pdns_server",pid=9966,fd=6))

ping between two server is working without any issue.

Any suggestions for solving this issue are appreciated.

Thank you.

What do the logs on the secondary say? – Habbie Jan 15 '22 at 15:21 — Habbie, Jan 15 '22 at 15:21
Can you tell me how to show the logs for pdns ? – navotera Jan 15 '22 at 23:55 — navotera, Jan 15 '22 at 23:55

score 1 · Answer 1 · answered Jan 15 '22 at 11:15

1

"notify Refused" suggests that the slave server actively decides to ignore the notify. Try with the following setting on the slave:

allow-notify-from=<master ip>

answered Jan 15 '22 at 11:15

Sgaduuw

1,833
12
16

The default is `0.0.0.0,::/0` so this should not be necessary. – Habbie Jan 15 '22 at 15:21
Thank you for your suggestion. I have already add this on my desperated try and problem is not getting solved – navotera Jan 15 '22 at 23:54

score 0 · Accepted Answer · answered Jan 17 '22 at 03:00

0

Seem like it need additional configuration on Slave by adding this line :

autosecondary=yes
local-address=159.223.76.221
master=no
secondary=yes

I hope it can help others.

answered Jan 17 '22 at 03:00

navotera

101
5

PowerDNS Slave Refused to receive notification notify Refused-*

2 Answers2