On Tue, Jan 18, 2022 at 09:13:54PM +, Clint Anderson via Pdns-users wrote:
> Hi All,
>
> BackGround:
> PowerDNS Recursor v4.6.0
> I have the example from the docs
> (https://doc.powerdns.com/recursor/lua-config/ztc.html) working perfectly:
> zoneToCache(".", "url", "https://www.internic.net/
Looking at the zone file, it is BIND Zone file. That format is defined in
serval places ( if not in the PowerDNS docs, search for BIND Zone Format) .
To create a black list, you would take all of domains/hosts to deny and add
A records with a value of 127.0.0.2. There is a informal standard for thi
Hi All,
BackGround:
PowerDNS Recursor v4.6.0
I have the example from the docs
(https://doc.powerdns.com/recursor/lua-config/ztc.html) working perfectly:
zoneToCache(".", "url", "https://www.internic.net/domain/root.zone";, {
refreshPeriod = 0 })
Problem:
I'd like to load a "BlackList" file (or
Are you per chance expecting the AUTHORITY section to be populated? PowerDNS
doesn't do that. Per the FAQ:
https://doc.powerdns.com/authoritative/appendices/FAQ.html#powerdns-does-not-give-authoritative-answers-how-come
--
PowerDNS does not give authoritative answers, how come?
This is almos
On 18/01/2022 15:03, jrd-p...@jrd.org wrote:
Let's get back to my original question: How do I get pdns, with no
recursor in the picture, to believe that it's authoritative for a zone?
(Presumably by "pdns" you mean "pdns authoritative server")
When I it hit with a query, I get
root@f3-kong
Ok, fair enough. I get that I'm doing something slightly outside the
box, though it didn't seem to me that it was *that* far outside :) I
probably am thinking of bind days, bad on me.
Let's get back to my original question: How do I get pdns, with no
recursor in the picture, to believe that it'
On 18/01/2022 14:38, jrd-p...@jrd.org wrote:
. . . but when I query direct to the pdns, it also doesn't say it's
authoritative. See previous mail.
Sorry, I missed that mail. Did you send a dig directly to port 5300? I
didn't catch that.
I probably need to go back and re-read the DNS spec
. . . but when I query direct to the pdns, it also doesn't say it's
authoritative. See previous mail.
I probably need to go back and re-read the DNS specs. It's been years
since I was deep into this, but I don't remember that a recursor
always returns non-authoritative, even when wherever it got
On 18/01/2022 13:55, jrd-p...@jrd.org wrote:
Oops. Yes. Port 53 has a pdns-recursor listening on it, which is
feeding requests to pdns. Want the recursor config too?
No need. You asked why the response didn't have the AA flag set, and
the answer is because the response came from a recursor
Oops. Yes. Port 53 has a pdns-recursor listening on it, which is
feeding requests to pdns. Want the recursor config too?
dig -p 5300 jrd.org soa @localhost
; <<>> DiG 9.16.22 <<>> -p 5300 jrd.org soa @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERR
On 18/01/2022 12:19, jrd via Pdns-users wrote:
root@f3-kong-dyndns /etc/powerdns # dig jrd.org soa @localhost
; <<>> DiG 9.16.22 <<>> jrd.org soa @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58908
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, A
Incoming data dump:
---
# Autogenerated configuration file template
#
# ignore-unknown-settings Configuration settings to ignore if they are
unknown
#
# ignore-unknown-settings=
#
# 8bit-dns Allow
Hi,
The interesting parts are:
- your full pdns config file (please mask passwords, but nothing besides that)
- entry for that domain in the domains table
- SOA / NS records in the records table for that domain
- output of `pdnsutil check-zone` on that domain.
That should give us a good starting
13 matches
Mail list logo
