Hello Winfried,
thanks for your feedback. I thought the same, so I made another test with
unbound on a testserver. Unbound can do the lookup, pdns-recursor not. Both
recursors are completely "unconfigured" (nothing changed after install) on this
testsystem:
root@TESTSERVER:~# service unbound start
* Starting recursive DNS server unbound
[ OK ]
root@TESTSERVER:~# unbound-control flush_zone igspn.com ok removed 0 rrsets, 0
messages and 0 key entries root@TESTSERVER:~# netstat -tulpen | grep ":53"
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
0 22791 4846/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:*
0 22790 4846/unbound
root@TESTSERVER:~# dig ws.igspn.com @localhost
; <<>> DiG 9.9.5-3ubuntu0.19+esm9-Ubuntu <<>> ws.igspn.com @localhost ;; global
options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55176 ;; flags: qr rd ra;
QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ws.igspn.com. IN A
;; ANSWER SECTION:
ws.igspn.com. 3132 IN A 210.118.78.162
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Feb 02 11:46:26 CET 2023
;; MSG SIZE rcvd: 57
root@TESTSERVER:~# service unbound stop
* Stopping recursive DNS server unbound
[ OK ]
root@TESTSERVER:~# service pdns-recursor start
* Starting PowerDNS recursor pdns-recursor
[ OK ]
root@TESTSERVER:~# rec_control wipe-cache igspn.com$ wiped 0 records, 0
negative records root@TESTSERVER:~# netstat -tulpen | grep ":53"
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
0 23092 5036/pdns_recursor
udp 0 0 127.0.0.1:53 0.0.0.0:*
0 23091 5036/pdns_recursor
root@TESTSERVER:~# dig ws.igspn.com @localhost
; <<>> DiG 9.9.5-3ubuntu0.19+esm9-Ubuntu <<>> ws.igspn.com @localhost ;; global
options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29960 ;; flags: qr rd ra;
QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ws.igspn.com. IN A
;; Query time: 3037 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Feb 02 11:47:05 CET 2023
;; MSG SIZE rcvd: 30
root@TESTSERVER:~#
best regards,
Markus
-----Ursprüngliche Nachricht-----
Von: Pdns-users <pdns-users-boun...@mailman.powerdns.com> Im Auftrag von
Winfried Angele via Pdns-users
Gesendet: Donnerstag, 2. Februar 2023 11:29
An: pdns-users@mailman.powerdns.com
Betreff: Re: [Pdns-users] Problems with PowerDNS and specific Domain
----------------------------------------------------------------------------------------------------
ACHTUNG: Diese Nachricht kommt von Extern
Links und Anhänge können Schadcode enthalten oder nachladen.
Auffällige E-Mails zur Prüfung bitte an virench...@komsa.de weiterleiten.
----------------------------------------------------------------------------------------------------
Hello Markus,
The Authoritative nameservers does not talk to your Recursors (timeouts):
Feb 2 08:33:39 ns1 pdns_recursor[916]: ws.igspn.com: Trying IP
62.128.193.35:53, asking 'ws.igspn.com|A'
Feb 2 08:33:39 ns1 pdns_recursor[916]: ws.igspn.com: timeout resolving after
1574.81msec Feb 2 08:33:39 ns1 pdns_recursor[916]: ws.igspn.com: Trying to
resolve NS 'ns2.namecity.com' (2/2) Feb 2 08:33:39 ns1 pdns_recursor[916]:
ws.igspn.com: Resolved 'igspn.com' NS ns2.namecity.com to: 84.22.161.171 Feb 2
08:33:39 ns1 pdns_recursor[916]: ws.igspn.com: Trying IP 84.22.161.171:53,
asking 'ws.igspn.com|A'
Feb 2 08:33:39 ns1 pdns_recursor[916]: ws.igspn.com: timeout resolving after
1514.68msec Feb 2 08:33:39 ns1 pdns_recursor[916]: ws.igspn.com: Failed to
resolve via any of the 2 offered NS at level 'igspn.com'
This might mean that your Recursor IP addresses are blocked there or it is a
routing problem.
Winfried
On 02.02.23 11:13, Markus Ehrlicher via Pdns-users wrote:
> Hello together,
>
> since a few days, we have massive problems with DNS-lookup for a specific
> domain (ws.igspn.com) from our two recursors (PDNS-Recursor 4.8.2 on Ubuntu
> 18.04LTS). On my first investigation, I thought that bad latency to the
> responsible nameservers is the problem, but if I do a forward-zones-recurse
> to Google (forward-zones-recurse=igspn.com=8.8.8.8), everything works like a
> charm. I traced both lookups, but I can't find a clue, what could be wrong on
> our side. Can someone test from another location, to rule out that it is a
> PowerDNS problem? Any other suggestions?
> ...
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
