Hi Jan, I completely understand NDAs and myself (and numerous other PowerDNS Certified Consultants on this list) are happy to sign them, as part of a professional engagement. Please reach out to me off-list to discuss your options.
However, this also means that on this list, we can't help you much... As per your questions: first we need to know what happens. The trace should tell us. Options to look at: (yes this list is long and some won't apply, but please reread the first sentence of this mail) * https://doc.powerdns.com/recursor/settings.html#network-timeout <https://doc.powerdns.com/recursor/settings.html#network-timeout> * https://doc.powerdns.com/recursor/settings.html#non-resolving-ns-max-fails <https://doc.powerdns.com/recursor/settings.html#non-resolving-ns-max-fails> * https://doc.powerdns.com/recursor/settings.html#non-resolving-ns-max-throttle-time <https://doc.powerdns.com/recursor/settings.html#non-resolving-ns-max-throttle-time> * https://doc.powerdns.com/recursor/settings.html#dont-throttle-names <https://doc.powerdns.com/recursor/settings.html#dont-throttle-names> * https://doc.powerdns.com/recursor/settings.html#dont-throttle-netmasks <https://doc.powerdns.com/recursor/settings.html#dont-throttle-netmasks> * https://doc.powerdns.com/recursor/settings.html#server-down-max-fails <https://doc.powerdns.com/recursor/settings.html#server-down-max-fails> * https://doc.powerdns.com/recursor/settings.html#server-down-throttle-time <https://doc.powerdns.com/recursor/settings.html#server-down-throttle-time> Frank Frank Louwers PowerDNS Certified Consultant @ Kiwazo.be > On 1 Jun 2022, at 12:32, Jan Huijsmans via Pdns-users > <pdns-users@mailman.powerdns.com> wrote: > > Hi Frank, > > On Wed, 1 Jun 2022 11:23:16 +0200 > "fr...@tembo.be" <fr...@tembo.be> wrote: >> When this fails, could you run a dig command for a domain after >> activating trace for that domain? (See >> https://doc.powerdns.com/recursor/manpages/rec_control.1.html?highlight=trace-regex >> <https://doc.powerdns.com/recursor/manpages/rec_control.1.html?highlight=trace-regex>) >> >> I'd like to see the full trace, but my guess would be all the >> upstream / root name servers have been marked as too slow to be >> reliable by PowerDNS. > > I'm not allowed to give a full trace, NDA and stuff. The rec_control > command can help though. I'll see what I can dig up from the > environment when I'm able to access it again. > > The slow speed could be the cause, as there are low speed high latency > links between the recursor and the root servers. How do I disable that > speed check in PowerDNS? > >> Also, I would recommend upgrading to a more recent version, >> especially as 4.5 adds goodies such as >> https://doc.powerdns.com/recursor/settings.html#non-resolving-ns-max-fails >> <https://doc.powerdns.com/recursor/settings.html#non-resolving-ns-max-fails>. > > Alas, upgrading is not an option, as the environment is 'frozen'. The > environment needs to work as-is for at least 1.5 years. All we can do > is tweak settings. I'm already happy we could abandon 4.0 last year. > > -- > > Jan Huijsmans b...@koffie.nu > > ... cannot activate /dev/brain, no response from main coffee server > > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
