``example.net``, it will resolve the A record for
``mywebapp.paas-provider.net`` and serve an answer for ``example.net``
with that A record.
+If the ALIAS target can not be resolved (SERVFAIL) or does not exist
+(NXDOMAIN) the authoritative server will answer SERVFAIL.
When a zone containing ALIAS records is transferred over AXFR, the
:ref:`setting-outgoing-axfr-expand-alias`
the RDATA) in the AXFR. When set to 'yes', PowerDNS will lookup the A
and AAAA records of the name in the ALIAS-record and send the results in
the AXFR.
+If the ALIAS target can not be resolved during AXFR the AXFR will fail.
+To allow outgoing AXFR also if the ALIAS targets are broken you can set
+:ref:`setting-outgoing-axfr-expand-alias` to 'ignore-errors', but
+be warned, this will lead to inconsistent zones between the Primary and
+Secondary name servers.
Set ``outgoing-axfr-expand-alias`` to 'yes' if your slaves don't
understand ALIAS or should not look up the addresses themselves. Note
of ALIAS records is supported on AXFR (**not** on live-signing). Set
``outgoing-axfr-expand-alias`` to 'yes' and enable DNSSEC for the zone
on the master. PowerDNS will sign the A/AAAA records during the AXFR.
-
-
``outgoing-axfr-expand-alias``
------------------------------
-- Boolean
+- One of ``no``, ``yes``, or ``ignore-errors``, String
- Default: no
+.. versionchanged:: 4.9.0
+ Option `ignore-errors` added.
+
If this is enabled, ALIAS records are expanded (synthesized to their
A/AAAA) during outgoing AXFR. This means slaves will not automatically
follow changes in those A/AAAA records unless you AXFR regularly!
during outgoing AXFR. Note that if your slaves do not support ALIAS,
they will return NODATA for A/AAAA queries for such names.
+If the ALIAS target can not be resolved during AXFR the AXFR will fail.
+To allow outgoing AXFR also if the ALIAS targets are broken set this
+setting to `ignore-errors`.
+Be warned, this will lead to inconsistent zones between Primary and
+Secondary name servers.
+
.. _setting-overload-queue-length:
``overload-queue-length``
::arg().set("security-poll-suffix", "Zone name from which to query security update notifications") = "secpoll.powerdns.com.";
::arg().setSwitch("expand-alias", "Expand ALIAS records") = "no";
- ::arg().setSwitch("outgoing-axfr-expand-alias", "Expand ALIAS records during outgoing AXFR") = "no";
+ ::arg().set("outgoing-axfr-expand-alias", "Expand ALIAS records during outgoing AXFR") = "no";
::arg().setSwitch("8bit-dns", "Allow 8bit dns queries") = "no";
#ifdef HAVE_LUA_RECORDS
::arg().setSwitch("enable-lua-records", "Process LUA records for all zones (metadata overrides this)") = "no";
}
zrr.dr.d_name.makeUsLowerCase();
if(zrr.dr.d_name.isPartOf(target)) {
- if (zrr.dr.d_type == QType::ALIAS && ::arg().mustDo("outgoing-axfr-expand-alias")) {
+ if (zrr.dr.d_type == QType::ALIAS && (::arg().mustDo("outgoing-axfr-expand-alias") || ::arg()["outgoing-axfr-expand-alias"] == "ignore-errors")) {
vector<DNSZoneRecord> ips;
int ret1 = stubDoResolve(getRR<ALIASRecordContent>(zrr.dr)->getContent(), QType::A, ips);
int ret2 = stubDoResolve(getRR<ALIASRecordContent>(zrr.dr)->getContent(), QType::AAAA, ips);
- if(ret1 != RCode::NoError || ret2 != RCode::NoError) {
- g_log<<Logger::Warning<<logPrefix<<"error resolving for ALIAS "<<zrr.dr.getContent()->getZoneRepresentation()<<", aborting AXFR"<<endl;
- outpacket->setRcode(RCode::ServFail);
- sendPacket(outpacket,outsock);
- return 0;
+ if (ret1 != RCode::NoError || ret2 != RCode::NoError) {
+ if (::arg()["outgoing-axfr-expand-alias"] != "ignore-errors") {
+ g_log<<Logger::Warning<<logPrefix<<zrr.dr.d_name.toLogString()<<": error resolving for ALIAS "<<zrr.dr.getContent()->getZoneRepresentation()<<", aborting AXFR"<<endl;
+ outpacket->setRcode(RCode::ServFail);
+ sendPacket(outpacket,outsock);
+ return 0;
+ } else {
+ if (ret1 != RCode::NoError) {
+ g_log<<Logger::Warning<<logPrefix<<zrr.dr.d_name.toLogString()<<": error resolving A record for ALIAS target "<<zrr.dr.getContent()->getZoneRepresentation()<<", continuing AXFR"<<endl;
+ }
+ if (ret2 != RCode::NoError) {
+ g_log<<Logger::Warning<<logPrefix<<zrr.dr.d_name.toLogString()<<": error resolving AAAA record for ALIAS target "<<zrr.dr.getContent()->getZoneRepresentation()<<", continuing AXFR"<<endl;
+ }
+ }
}
for (auto& ip: ips) {
zrr.dr.d_type = ip.dr.d_type;
projects / thirdparty / pdns.git / commitdiff
