Reverse doesn't work in this config, so I figure on giving up on recursor. An auth ns was my goal, so I am happy that pdns works forward and reverse, and poweradmin makes it easy to manage.
I can either use my router's recursor, or perhaps set up a pdns- recursor on a different VM to keep it clean. Wouldn't that be the same/better than the router's? That's it for now. Thanks, if you read these emails. Stan On Thu, 2017-02-16 at 23:10 -0700, stancs3 wrote: > OK, I managed to get DiG to respond with A records, but only by > specifying the hostname in from of the domain name. This is OK, but > when the servers where reversed, a simple DiG NS would return the NS > records, *and* the A records. > > Again not a showstopper unless it points to config still broken. > > I won't send any more emails tonight unless I have a major breakthru. > > stna > > > On Thu, 2017-02-16 at 22:56 -0700, stancs3 wrote: > > > > Well, I managed to reverse the servers, and get them working. > > > > DiG now works for +trace. > > > > The auth server also seems to be working. > > > > One new quirk: > > > > DiG to my domain NS sends back the NS records but not the A > > records, > > whereas all records came back when the auth server was on top. > > > > But the auth nameserver seems to still work, as I can ping at the > > client level using the host name that is defined in the A record in > > the > > auth server. > > > > Not sure if this is pointing to another problem, or it is simply > > working. > > > > > > Stan > > > > > > On Thu, 2017-02-16 at 21:40 -0700, stancs3 wrote: > > > > > > > > > Thanks for the quick reply. > > > > > > Yes, I did see this info at one point, and so I tried briefly to > > > run > > > the recursor in front on its own, but I have not got it working > > > yet. > > > > > > Also,I did try the auth pdns as a recursor itself as I figured it > > > should work as an integrated server. But, I got the exact same > > > results > > > - i.e. zero response to +trace. > > > > > > ------------------------------------------------- > > > > > > Stepping back, is it not a doable config to have a private auth > > > server, > > > that hands off to a recursor, all internal, private? > > > > > > If not, then at least I do need the auth server, so I can get > > > basic > > > name serving for my internal network. > > > > > > Would I then simply send all my recursive queries to my router's > > > dns, > > > as is now the case? i.e. more nameservers listed in resov.conf of > > > clients. > > > > > > Clearly neophyte questions re dns. Feel free to point me > > > somewhere, > > > but > > > so far all 'tutorials' have led me here. > > > > > > The frustrating part is that most comprehensive dns documentation > > > is > > > releative to BIND. I have been close to taking a break from pdns > > > and > > > start over with BIND to learn things better. But, then pdns > > > begins > > > to > > > work so nicely it seems...... :). I hope to hear back .... > > > > > > > > > Stan > > > > > > > > > > > > > > > > > > On Thu, 2017-02-16 at 21:04 -0700, David wrote: > > > > > > > > > > > > > > > > On 2017-02-16 6:29 PM, stancs3 wrote: > > > > > > > > > > > > > > > > > > > > > > > > > I have seen this problem posted in various places over the > > > > > years. > > > > > It is > > > > > not clear if it is a bug, a bad config, or just non- > > > > > functional. > > > > https://github.com/PowerDNS/pdns/issues/4353 > > > > > > > > In your case (auth pointing to recursor) is a fairly broken > > > > config > > > > to > > > > begin with, so this may be unlikely for you to get working. In > > > > order > > > > for > > > > auth to respond to "NS ." without recursion you'd have to host > > > > the > > > > root > > > > zone on there. > > > > > > > > Recursor in front and forwarding your internal zones to auth > > > > would work > > > > (most) of the time unless your cache doesn't have the root > > > > primed > > > > already. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > My set up: > > > > > > > > > > VM running Centos 7, up to date. > > > > > pdns install using postgresql db. > > > > > pdns-recursor install. > > > > > > > > > > pdns is running as an authoritive ns, standalone, replicated > > > > > via > > > > > postgresql to a second VM, pretty much identical. > > > > > > > > > > > > > > > pdns is set with recursor=local-address:5300 > > > > > > > > > > pdns-recursor is set with local-address equal to pdns local- > > > > > address > > > > > above > > > > > > > > > > pdns-recursor is set with local-port equal to pdns 5300 > > > > > above. > > > > > > > > > > It all seems to work. > > > > > > > > > > The authoritive nameserver is private, and is populated with > > > > > a > > > > > few > > > > > records which work. > > > > > > > > > > The recursor is being tested with DiG. (and with typical > > > > > surfing). > > > > > I have verified that the VM has no other dns function working > > > > > in > > > > > parallel. > > > > > > > > > > All DiG commands so far work with the exception of +trace. > > > > > > > > > > I have logs running, and can easily see logs generated for > > > > > DiG > > > > > commands that work. > > > > > > > > > > I have attached a console example. The logs and console > > > > > indicate > > > > > that the DiG command with +trace doesn't fail; it just > > > > > doesn't > > > > > even > > > > > respond. > > > > > > > > > > If I target the same DiG +trace command at my router's > > > > > dnsmasq, > > > > > it > > > > > responds as expected with a whole bunch of trace info. > > > > > > > > > > I have tried for days/hours with all variations I can think > > > > > of > > > > > and > > > > > all manner of surfing for solutions. If there were failure > > > > > logs > > > > > it > > > > > would help, but absolutely zero logs with the +trace command > > > > > is > > > > > issued to pdns. > > > > > > > > > > I have also dumped my cache and it has many NS records. > > > > > > > > > > I am tempted to simply ignore this and just use the thing as > > > > > it > > > > > seems to work. I only tried DiG +trace to see how it all > > > > > works...... > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > Pdns-users mailing list > > > > > Pdns-users@mailman.powerdns.com > > > > > https://mailman.powerdns.com/mailman/listinfo/pdns-users > > > > > > > > > _______________________________________________ > > > > Pdns-users mailing list > > > > Pdns-users@mailman.powerdns.com > > > > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
