Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC 2136 Unable To Delete Entries on Conditional Forwarding Zone #933

Open
driftlessdev opened this issue May 24, 2024 · 3 comments
Open

RFC 2136 Unable To Delete Entries on Conditional Forwarding Zone #933

driftlessdev opened this issue May 24, 2024 · 3 comments

Comments

@driftlessdev
Copy link

For a project, I was setting up dynamic updates onto a Forwarder zone. It's able to add new records, but unable to delete them.

Records can be added & updated, but no record can be removed.. The logs shows an error about not being authoritative for the zone.

[2024-05-24 05:35:49 UTC] [XX.XX.XX.57:25240] [TCP] DNS Server refused a zone transfer request since the DNS server is not authoritative for zone: example.com
[2024-05-24 05:35:49 UTC] [XX.XX.XX.57:4052] [TCP] DNS Server received a zone UPDATE request for zone: example.com
[2024-05-24 05:35:49 UTC] Saved zone file for domain: example.com
[2024-05-24 05:35:49 UTC] [XX.XX.XX.95:41300] [TCP] DNS Server successfully processed a zone UPDATE request for zone: example.com

If I flip the zone to being a Primary, everything works as expected. However I only want this as a Forwarder to override parts of my domain to the local IP for that service, and keep the external DNS for the public address.

Currently running 12.1.
@ShreyasZare
Copy link
Member

Thanks for the feedback. I tried it on my local setup and was able to add, update, and delete records from forwarder zone with Dynamic Updates using nsupdate command.

The error log entry you mention is regarding zone transfer and not related to dynamic updates. The error log is since forwarder zones do not support zone transfer and are not authoritative for that zone. The other entries say that the dynamic update request was successfully processed.

If you still have the issue then let me know how this issue can be reproduced so that I can understand your config and test it locally.

@driftlessdev
Copy link
Author

DNS is being updated using ExternalDNS, and that might be the problem.

ExternalDNS is using transfer commands, I think, to get a list of all the records. It's logging which entries are being managed in TXT records, and wants to get a list of those TXT records to know what it's needs to delete.

It's not even getting to the delete commands as it can't get a list to know what do delete.

Overall then, it's not a bug rather an enhancement or some way to allow forwarding zones to allow some of the transfer functions to fake being authoritative, which it's kinda acting like by overriding some DNS entries for the zone.

@ShreyasZare
Copy link
Member

That explains the issue. The current implementation with forwarder does not support zone transfer since zone transfer requires having SOA record which the zone lacks which makes it not authoritative.

There is however a plan to add support for zone transfer mechanism in some form for forwarder zones too so that it can be used with the planned clustering support that will be implementing catalog zones feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@driftlessdev @ShreyasZare