How to notify only v4?

[bab5470]

• [ x] This is not a support question, I have read about opensource and will send support questions to the IRC channel, Github Discussions or the mailing list.
• [ x] I have read and understood the 'out in the open' support policy

• Program: Authoritative
• Issue type: Bug report

Short description

I am not sure if this is a bug or a support request. We have a set of powerdns servers in primary/secondary configuration. For a subset of our zones (around 10 of our 200 zones) we need to replicate with another third party DNS cloud provider (DNS Made Easy - but the provider is somewhat irrelevant).

We have our powerdns servers defined as name servers and also the DNS made easy name servers configured as such:

xtramagazine.com 3600 IN NS dns1.pinktriangle.ca.
xtramagazine.com 3600 IN NS dns1.ptp.media.
xtramagazine.com 3600 IN NS dns2.pinktriangle.ca.
xtramagazine.com 3600 IN NS dns2.ptp.media.
xtramagazine.com 3600 IN NS ns100.digicertdns.com.
xtramagazine.com 3600 IN NS ns101.digicertdns.com.
xtramagazine.com 3600 IN NS ns102.digicertdns.com.

Note that the digicertdns.com domains are DNS made easy.

When we modify our xtramagazine.com zone we see this:

Oct 17 15:26:50 DNS1 pdns_server[168301]: Error trying to resolve '[2600:1800:5::1:1f]:53' for notifying 'xtramagazine.com' to server: Unable to send notify to [2600:1800:5::1:1f]:53: Cannot assign requested address
Oct 17 15:26:50 DNS1 pdns_server[168301]: Error trying to resolve '[2600:1801:6::1:1f]:53' for notifying 'xtramagazine.com' to server: Unable to send notify to [2600:1801:6::1:1f]:53: Cannot assign requested address
Oct 17 15:26:50 DNS1 pdns_server[168301]: Error trying to resolve '[2600:1802:7::1:1f]:53' for notifying 'xtramagazine.com' to server: Unable to send notify to [2600:1802:7::1:1f]:53: Cannot assign requested address

DNS Made Easy/Digicert has AAAA (IPv6) records setup for their name servers ns100, ns101, ns102.

Our servers don't have IPv6 enabled so it can't connect to them over IPv6.

Is there a setting in PowerDNS to tell it not to try to resolve names using IPv6?

We've disabled IPv6 in the OS (Rocky Linux) already via this command:
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1

I also change powerdns not to listen over ipv6 via:
local-address=0.0.0.0

Environment

• Operating system: Rocky Linux 9.2 (RHEL compatible)
• Software version: PowerDNS Authoritative Server 4.8.1
• Software source: EPEL Repository

Steps to reproduce

1. Make sure your system does not support IPv6
2. Create a zone with a third party DNS server which has AAAA records for name servers
3. Make a modification to the zone/increment the zone serial number and check the logs

Config:

allow-axfr-ips=127.0.0.0/8,::1,10.42.11.11,158.106.84.11,66.46.118.139,63.219.151.12,208.80.120.32,208.80.120.39
api=yes
api-key=you-don-get-this
default-soa-content=dns1.ptp.media sysadmin.ptp.media. 0 10800 3600 604800 3600
default-ttl=3600
disable-axfr=no
expand-alias=yes
guardian=yes
launch=gmysql
gmysql-host=localhost
gmysql-user=pdns
gmysql-password=you-don-get-this-either
gmysql-dbname=pdns
gmysql-dnssec=yes
local-address=0.0.0.0
local-port=53
log-timestamp=yes
loglevel=4
master=yes
primary=yes
resolver=127.0.0.1
secondary=no
security-poll-suffix=
setgid=pdns
setuid=pdns
slave=no
version-string=anonymous
webserver=yes

Expected behaviour

I would expect that since the system isn't listening on IPv6 and IPv6 is disabled in the host OS it would not attempt to notify the secondary servers via IPv6 or it would at least attempt to notify over IPv4 as well.

Actual behaviour

The NOTIFY tries to get sent over IPv6 and fails.

Other information

We found this article with a similarish problem with powerdns recursor. But we're having the issue on the authoritative server: #10991

[mind04]

only-notify=0.0.0.0/0 should do the trick

[bab5470]

I just found that here: https://doc.powerdns.com/authoritative/settings.html#only-notify

Thank you!

I am still having an issue with NOTIFY not working but its no longer reporting an IPv6 address. So I guess that's forward progress. I'll close up this bug report for now.

Thanks Again