Re: [Pdns-users] pdns recursor forward zone to consul

[Prochazka via Pdns-users]

Ok,

my fail. Pdns recursor returns
;; ANSWER SECTION:
master.testcluster.service.consul. 1 
IN	CNAME	test-patroni-02.sub.domain.tld
test-patroni-02.sub.domain.tld. 3581 IN A       192.168.200.202

TTL 1 is ok for me.

So i just need to handle dnssec setting someway. The problem is 
resolved.

Thanks.

Dne 2024-08-13 10:26, Prochazka via Pdns-users napsal:
Hi,

CZ domain is signed by CZNIC, but cortex.cz and it's subdomains aren't
signed. We don't use lua yet so i tried to set "dnssec=off" and it's
done = working.

This come to second question. Consul returns ttl 0, dnsmasq returns by
default ttl 0 too. Recursor returns with ttl 3600, those are unchanged
defaults:

# max-cache-bogus-ttl   maximum number of seconds to keep a Bogus
(positive or negative) cached entry in memory
# max-cache-bogus-ttl=3600
# max-cache-ttl	maximum number of seconds to keep a cached entry in 
memory
# max-cache-ttl=86400
# max-negative-ttl      maximum number of seconds to keep a negative cached
entry in memory
# max-negative-ttl=3600
# minimum-ttl-override  The minimum TTL
# minimum-ttl-override=1

So it's handled with max-cache-bogus-ttl? And setting it per domain
will require lua?

Thanks
Martin Prochazka

Dne 2024-08-09 16:37, Peter van Dijk via Pdns-users napsal:
On Tue, 2024-08-06 at 09:30 +0200, Prochazka via Pdns-users wrote:
Hi,

i set forward-zone for consul domain in the recursor, but queries 
fail.

Tested consul nodes are 192.168.200.205-207.
Tested patroni nodes (vith consul agent) are 192.168.200.201-202,
current master is test-patroni-02.sub.domain.tld (.202)
Tested recursor node 192.168.200.55

Working query via dnsmasq (local) test-patroni-01 node:

Pdns-recursor config snippet:
...
forward-zones+=...
forward-zones+=...
forward-zones+=...
forward-zones+=consul=192.168.200.205:8600;192.168.200.206:8600;192.168.200.207:8600
#tryied with forward-zones-recure too

Failing query via pdns-recursor, client to pdns:
09:00:28.995582 IP 192.168.200.201.39364 > 192.168.200.55.domain: 
62027+
[1au] A? master.testcluster.service.consul. (74)
09:00:30.980241 IP 192.168.200.55.domain > 192.168.200.201.39364: 
62027
ServFail 0/0/1 (62)

Please read the IMPORTANT note at
https://doc.powerdns.com/recursor/settings.html?highlight=forward#forward-zones
and see if it helps.

Kind regards,

_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users