When trying to check this domain I get an occasinal error:
$ dig @1.1.1.1 riecis.nl
; <<>> dig 9.10.8-P1 <<>> @1.1.1.1 riecis.nl
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30228
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 3 (Stale Answer)
; EDE: 22 (No Reachable Authority): 74 69 6d 65 20 6c 69 6d 69 74 20
65 78 63 65 65 64 65 64 ("time limit exceeded")
;; QUESTION SECTION:
;riecis.nl. IN A
;; ANSWER SECTION:
riecis.nl. 0 IN A 159.46.204.40
;; Query time: 859 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Sep 22 09:46:26 CEST 2022
;; MSG SIZE rcvd: 85
Same for 8.8.8.8
Also zonemaster.net not 100% happy with it.
Lookint at a --trace run I see:
Sep 22 09:51:02 [2] Nameserver ns2.minvenj.nl IPs:
159.46.194.12(0.00ms), 2a04:9a04:18ad:8a04::3:0(0.00ms)
Sep 22 09:51:02 [2] riecis.nl: Resolved 'riecis.nl' NS ns2.minvenj.nl
to: 159.46.194.12, 2a04:9a04:18ad:8a04::3:0
Sep 22 09:51:02 [2] riecis.nl: Trying IP 159.46.194.12:53, asking 'riecis.nl|A'
Sep 22 09:51:02 [2] riecis.nl: truncated bit set, over UDP
Sep 22 09:51:02 [2] riecis.nl: using TCP with 159.46.194.12:53
Sep 22 09:51:03 [1] riecis.nl: timeout resolving after 1857.92msec
over TCP
Sep 22 09:51:03 [1] riecis.nl: Trying IP 159.46.194.12:53, asking 'riecis.nl|A'
Sep 22 09:51:03 [2] riecis.nl: timeout resolving after 1538.18msec
over TCP
Sep 22 09:51:03 [2] riecis.nl: Trying IP
[2a04:9a04:18ad:8a04::3:0]:53, asking 'riecis.nl|A'
Sep 22 09:51:03 [2] riecis.nl: query throttled
2a04:9a04:18ad:8a04::3:0, riecis.nl; A
Sep 22 09:51:03 [2] riecis.nl: Trying to resolve NS 'ns1.minvenj.nl' (2/2)
Sep 22 09:51:03 [2] Nameserver ns1.minvenj.nl IPs:
2a04:9a04:18ad:8a04::2:0(920.59ms), 159.46.194.11(920.59ms)
Sep 22 09:51:03 [2] riecis.nl: Resolved 'riecis.nl' NS ns1.minvenj.nl
to: 2a04:9a04:18ad:8a04::2:0, 159.46.194.11
Sep 22 09:51:03 [2] riecis.nl: Trying IP
[2a04:9a04:18ad:8a04::2:0]:53, asking 'riecis.nl|A'
Sep 22 09:51:03 [2] riecis.nl: query throttled
2a04:9a04:18ad:8a04::2:0, riecis.nl; A
Sep 22 09:51:03 [2] riecis.nl: Trying IP 159.46.194.11:53, asking 'riecis.nl|A'
Sep 22 09:51:03 [2] riecis.nl: query throttled 159.46.194.11,
riecis.nl; A
Sep 22 09:51:03 [2] riecis.nl: Failed to resolve via any of the 2
offered NS at level 'riecis.nl'
Which confirms zonemaster's finding.
NOte that this does not happen all the time, but often enough.
Conclusion: the auths for riecis.nl are flakey. They (sometimes) respond with
TC=1 but fail to do TCP.
-Otto
On Thu, Sep 22, 2022 at 09:27:20AM +0200, Leeflangetje via Pdns-users wrote:
> Hi,
>
> Since we upgraded to pdns-recursor 4.6 we sometimes experience some
> weird behaviour with queries via pdns-recursor.
>
> Sometimes, when a previously queried record expires through it's TTL,
> the recursor does not provide an answer anymore, until it's restarted.
>
> Unfortunately I am not able to reproduce this. It happens occasionally.
> When it happens, we see this:
>
> Faulty server:
>
> dig @ns1 riecis.nl A
>
> ; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @ns1 riecis.nl A
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27148
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;riecis.nl. IN A
>
> ;; AUTHORITY SECTION:
> riecis.nl. 2828 IN SOA ns1.minvenj.nl. hostmaster.solvinity.com.
> 2022010301 1800 300 604800 3600
>
> ;; Query time: 2 msec
> ;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
> ;; WHEN: Tue Sep 20 12:16:55 CEST 2022
> ;; MSG SIZE rcvd: 110
>
> other server:
>
> dig @ns2 riecis.nl A
>
> ; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @ns2 riecis.nl A
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61517
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;riecis.nl. IN A
>
> ;; ANSWER SECTION:
> riecis.nl. 224 IN A 159.46.204.40
>
> ;; Query time: 1 msec
> ;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
> ;; WHEN: Tue Sep 20 12:17:03 CEST 2022
> ;; MSG SIZE rcvd: 54
>
>
> We have a fairly simple configuration, just on what address and port to
> listen on, to use the same address for outgoing queries, en a short li
> st of addresses that are allowed to query.
>
> I have confirmed this problem upto and including version 4.6.3
>
> Anyone an idea on how to approach this matter?
>
> Regards
>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
