powerdns status refused

[leslieDD]

• Program: Authoritative
• Issue type: run pdns by remote type, backend is python scripts, a record search, response refused

Short description

Environment

• Operating system: Centos8 stream
• Software version: PowerDNS Authoritative Server 4.6.2
• Software source: PowerDNS repository

Steps to reproduce

1. install polaris-gslb (https://github.com/polaris-gslb/polaris-gslb)
2. install pdns from PowerDNS repository
3. dig search: dig @10.10.0.2 video.diandian.com +short
4. response refused (it is work if pdns version is "PowerDNS Authoritative Server 4.1.14")

Expected behaviour

it can response a A recode with some ip address

Actual behaviour

but it response refused

tcpdump

[root@r1 pdns]# tcpdump -i any -nn port 53 -nn
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
19:23:05.149715 IP 10.10.0.1.34465 > 10.10.0.2.53: 4080+ [1au] A? video.diandian.com. (59)
19:23:05.150338 IP 10.10.0.2.53 > 10.10.0.1.34465: 4080 Refused- 0/0/1 (47)

pdns log:

[root@r1 pdns]# /usr/sbin/pdns_server
Jul 13 19:16:55 Loading '/usr/lib64/pdns/libremotebackend.so'
Jul 13 19:16:55 [RemoteBackend] This is the remote backend version 4.6.2 (Apr 12 2022 07:43:15) reporting
Jul 13 19:16:55 This is a standalone pdns
Jul 13 19:16:55 [remotebackend]: Polaris Remote Backend initialized request: {"method": "initialize", "parameters": {"command": "/opt/polaris/bin/polaris-pdns", "timeout": "2000"}} result: True pid: 3375 time taken: 0.000031
Jul 13 19:16:55 [remotebackend]: warning: method "do_getAllDomains" is not implemented request: {"method": "getAllDomains", "parameters": {"include_disabled": true}} result: False pid: 3375 time taken: 0.000045
Jul 13 19:16:55 UDP server bound to 0.0.0.0:53
Jul 13 19:16:55 UDP server bound to [::]:53
Jul 13 19:16:55 TCP server bound to 0.0.0.0:53
Jul 13 19:16:55 TCP server bound to [::]:53
Jul 13 19:16:55 PowerDNS Authoritative Server 4.6.2 (C) 2001-2022 PowerDNS.COM BV
Jul 13 19:16:55 Using 64-bits mode. Built using gcc 8.5.0 20210514 (Red Hat 8.5.0-4.0.2) on Apr 12 2022 07:54:36 by root@localhost.
Jul 13 19:16:55 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Jul 13 19:16:55 Packet cache disabled, logging queries without HIT/MISS
Jul 13 19:16:55 Set effective group id to 985
Jul 13 19:16:55 Set effective user id to 989
Jul 13 19:16:55 [stub-resolver] Doing stub resolving for 'auth-4.6.2.security-status.secpoll.powerdns.com.|TXT', using resolvers: 192.168.112.2, 192.168.111.2
Jul 13 19:16:55 [stub-resolver] Question for 'auth-4.6.2.security-status.secpoll.powerdns.com.|TXT' got answered by 192.168.112.2
Jul 13 19:16:55 Polled security status of version 4.6.2 at startup, no known issues reported: OK
Jul 13 19:16:55 Creating backend connection for TCP
% Jul 13 19:16:55 About to create 3 backend threads for UDP
Jul 13 19:16:55 Done launching threads, ready to distribute questions
Jul 13 19:21:55 [remotebackend]: Polaris Remote Backend initialized request: {"method": "initialize", "parameters": {"command": "/opt/polaris/bin/polaris-pdns", "timeout": "2000"}} result: True pid: 3386 time taken: 0.000029
Jul 13 19:21:55 [remotebackend]: warning: method "do_getAllDomains" is not implemented request: {"method": "getAllDomains", "parameters": {"include_disabled": true}} result: False pid: 3386 time taken: 0.000065
Jul 13 19:23:05 Remote 10.10.0.1 wants 'video.diandian.com|A', do = 0, bufsize = 1232 (4096)
Jul 13 19:26:55 [remotebackend]: Polaris Remote Backend initialized request: {"method": "initialize", "parameters": {"command": "/opt/polaris/bin/polaris-pdns", "timeout": "2000"}} result: True pid: 3391 time taken: 0.000030
Jul 13 19:26:55 [remotebackend]: warning: method "do_getAllDomains" is not implemented request: {"method": "getAllDomains", "parameters": {"include_disabled": true}} result: False pid: 3391 time taken: 0.000046
Jul 13 19:31:56 [remotebackend]: Polaris Remote Backend initialized request: {"method": "initialize", "parameters": {"command": "/opt/polaris/bin/polaris-pdns", "timeout": "2000"}} result: True pid: 3395 time taken: 0.000030
Jul 13 19:31:56 [remotebackend]: warning: method "do_getAllDomains" is not implemented request: {"method": "getAllDomains", "parameters": {"include_disabled": true}} result: False pid: 3395 time taken: 0.000048
Jul 13 19:36:56 [remotebackend]: Polaris Remote Backend initialized request: {"method": "initialize", "parameters": {"command": "/opt/polaris/bin/polaris-pdns", "timeout": "2000"}} result: True pid: 3399 time taken: 0.000029
Jul 13 19:36:56 [remotebackend]: warning: method "do_getAllDomains" is not implemented request: {"method": "getAllDomains", "parameters": {"include_disabled": true}} result: False pid: 3399 time taken: 0.000067

Other information

[tofazzz]

Unfortunately this project looks abandoned as no commit since 4 years ago, so I am not sure if you will ever get a response from the main dev.
Anyway, the only reason I can think of is that PowerDNS is blocking all queries by default unless a domain exists with valid SOA and NS records. So I would check if your configured domain and records are really existing within PowerDNS zone.
My guess is that a new PowerDNS update might have changed something and PolarisGSLB is not able to create/update zones anymore.

I've used this solution for past projects and was bummed that there is no development anymore. So I took this as an opportunity to learn programming and started my own GSLB in Python, then C and landed in GO. I've learned a lot but unfortunately I had to leave it half baked as I don't have much free time anymore :)

[caribbeantiger]

same issue is reported in PDNS, its a new API they need the remote backend to call when there is zone caching enabled

PowerDNS/pdns#10614

you can workaround it via the configuration in the post above