True, TCP is broken as well.
Am 22. September 2022 10:01:58 MESZ schrieb Otto Moerbeek <o...@drijf.net>: >On Thu, Sep 22, 2022 at 09:41:57AM +0200, abang--- via Pdns-users wrote: > >> The "NSEC3 proving non-existence" of this zone is broken. See >> https://dnsviz.net/d/riecis.nl/dnssec/?rr=all&a=all&ds=all&doe=on&ta=.&tk= >> >> You can workaround this issue by setting a NTA for it on your Recursors. It >> is recommended to inform the owner of the zone in order to fix the root >> cause. >> >> Winfried > >Agreed, but given my findings in the other post I'm not convinced it >will solve *all* issues with that domain. > > -Otto > >> >> >> >> Am 22. September 2022 09:27:20 MESZ schrieb Leeflangetje via Pdns-users >> <pdns-users@mailman.powerdns.com>: >> >Hi, >> > >> >Since we upgraded to pdns-recursor 4.6 we sometimes experience some >> >weird behaviour with queries via pdns-recursor. >> > >> >Sometimes, when a previously queried record expires through it's TTL, >> >the recursor does not provide an answer anymore, until it's restarted. >> > >> >Unfortunately I am not able to reproduce this. It happens occasionally. >> >When it happens, we see this: >> > >> >Faulty server: >> > >> >dig @ns1 riecis.nl A >> > >> >; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @ns1 riecis.nl A >> >; (1 server found) >> >;; global options: +cmd >> >;; Got answer: >> >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27148 >> >;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 >> > >> >;; OPT PSEUDOSECTION: >> >; EDNS: version: 0, flags:; udp: 512 >> >;; QUESTION SECTION: >> >;riecis.nl. IN A >> > >> >;; AUTHORITY SECTION: >> >riecis.nl. 2828 IN SOA ns1.minvenj.nl. hostmaster.solvinity.com. >> >2022010301 1800 300 604800 3600 >> > >> >;; Query time: 2 msec >> >;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx) >> >;; WHEN: Tue Sep 20 12:16:55 CEST 2022 >> >;; MSG SIZE rcvd: 110 >> > >> >other server: >> > >> >dig @ns2 riecis.nl A >> > >> >; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @ns2 riecis.nl A >> >; (1 server found) >> >;; global options: +cmd >> >;; Got answer: >> >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61517 >> >;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 >> > >> >;; OPT PSEUDOSECTION: >> >; EDNS: version: 0, flags:; udp: 512 >> >;; QUESTION SECTION: >> >;riecis.nl. IN A >> > >> >;; ANSWER SECTION: >> >riecis.nl. 224 IN A 159.46.204.40 >> > >> >;; Query time: 1 msec >> >;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx) >> >;; WHEN: Tue Sep 20 12:17:03 CEST 2022 >> >;; MSG SIZE rcvd: 54 >> > >> > >> >We have a fairly simple configuration, just on what address and port to >> > listen on, to use the same address for outgoing queries, en a short li >> >st of addresses that are allowed to query. >> > >> >I have confirmed this problem upto and including version 4.6.3 >> > >> >Anyone an idea on how to approach this matter? >> > >> >Regards >> > >> > >> > > >> _______________________________________________ >> Pdns-users mailing list >> Pdns-users@mailman.powerdns.com >> https://mailman.powerdns.com/mailman/listinfo/pdns-users >
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
