Re: [Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

Thu, 22 Sep 2022 01:02:15 -0700 

On Thu, Sep 22, 2022 at 09:41:57AM +0200, abang--- via Pdns-users wrote:

> The "NSEC3 proving non-existence" of this zone is broken. See
>  https://dnsviz.net/d/riecis.nl/dnssec/?rr=all&a=all&ds=all&doe=on&ta=.&tk=
> 
> You can workaround this issue by setting a NTA for it on your Recursors. It 
> is recommended to inform the owner of the zone in order to fix the root cause.
> 
> Winfried 

Agreed, but given my findings in the other post I'm not convinced it
will solve *all* issues with that domain.

        -Otto

> 
> 
> 
> Am 22. September 2022 09:27:20 MESZ schrieb Leeflangetje via Pdns-users 
> <pdns-users@mailman.powerdns.com>:
> >Hi,
> >
> >Since we upgraded to pdns-recursor 4.6 we sometimes experience some
> >weird behaviour with queries via pdns-recursor.
> >
> >Sometimes, when a previously queried record expires through it's TTL,
> >the recursor does not provide an answer anymore, until it's restarted.
> >
> >Unfortunately I am not able to reproduce this. It happens occasionally.
> >When it happens, we see this: 
> >
> >Faulty server:
> >
> >dig @ns1 riecis.nl A
> >
> >; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @ns1 riecis.nl A
> >; (1 server found)
> >;; global options: +cmd
> >;; Got answer:
> >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27148
> >;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> >
> >;; OPT PSEUDOSECTION:
> >; EDNS: version: 0, flags:; udp: 512
> >;; QUESTION SECTION:
> >;riecis.nl.         IN  A
> >
> >;; AUTHORITY SECTION:
> >riecis.nl.      2828    IN  SOA ns1.minvenj.nl. hostmaster.solvinity.com. 
> >2022010301 1800 300 604800 3600
> >
> >;; Query time: 2 msec
> >;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
> >;; WHEN: Tue Sep 20 12:16:55 CEST 2022
> >;; MSG SIZE  rcvd: 110
> >
> >other server:
> >
> >dig @ns2  riecis.nl A
> >
> >; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @ns2 riecis.nl A
> >; (1 server found)
> >;; global options: +cmd
> >;; Got answer:
> >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61517
> >;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> >
> >;; OPT PSEUDOSECTION:
> >; EDNS: version: 0, flags:; udp: 512
> >;; QUESTION SECTION:
> >;riecis.nl.         IN  A
> >
> >;; ANSWER SECTION:
> >riecis.nl.      224 IN  A   159.46.204.40
> >
> >;; Query time: 1 msec
> >;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
> >;; WHEN: Tue Sep 20 12:17:03 CEST 2022
> >;; MSG SIZE  rcvd: 54
> >
> >
> >We have a fairly simple configuration, just on what address and port to
> > listen on, to use the same address for outgoing queries, en a short li
> >st of addresses that are allowed to query.
> >
> >I have confirmed this problem upto and including version 4.6.3
> >
> >Anyone an idea on how to approach this matter?
> >
> >Regards
> >
> >
> >

> _______________________________________________
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to