Re: [Pdns-users] Recursor too fast?

Question Djerk: why are you running your firewalls in active/active? This is an unusual configuration that has many challenges, including the one you've just mentioned. Regards Robby On 2025/05/12 15:04, Djerk Geurts via Pdns-users wrote: An odd statement possibly, but I’m looking for a way

[Pdns-users] Recursor too fast?

An odd statement possibly, but I’m looking for a way to solve a problem (even if it’s a temporary solution). The DC firewalls have changed and the recursors are located in a DMZ behind two HA firewalls in active/active mode. So far so good. The firewalls sync their state tables, so asymmetric r

Re: [Pdns-users] Recursor 5.2.0 with RD=0 forwarded queries

Hi, Perfect. Thanks. OA la 5.4.2025 klo 8.36 Otto Moerbeek (o...@drijf.net) kirjoitti: > On Fri, Apr 04, 2025 at 09:25:04PM +0300, Olli Attila via Pdns-users wrote: > > Hi, > > I think setting the RD flag in dnsdist using > https://www.dnsdist.org/reference/dq.html?highlight=rd#DNSHeader:setRD

Re: [Pdns-users] Recursor 5.2.0 with RD=0 forwarded queries

On Sat, Apr 05, 2025 at 12:08:12PM +0300, Olli Attila wrote: > Hi, > > Thanks for the tip - I actually tried that but was not able to get any > working lua on the dnsdist side. Might have to consult the dnsdist mailing > list about on howto use this "setRD". There is an assymetry with SetNoRecur

Re: [Pdns-users] Recursor 5.2.0 with RD=0 forwarded queries

Hi, Thanks for the tip - I actually tried that but was not able to get any working lua on the dnsdist side. Might have to consult the dnsdist mailing list about on howto use this "setRD". Cheers, OA la 5. huhtik. 2025 klo 8.36 Otto Moerbeek kirjoitti: > On Fri, Apr 04, 2025 at 09:25:04PM +0300

Re: [Pdns-users] Recursor 5.2.0 with RD=0 forwarded queries

On Fri, Apr 04, 2025 at 09:25:04PM +0300, Olli Attila via Pdns-users wrote: Hi, I think setting the RD flag in dnsdist using https://www.dnsdist.org/reference/dq.html?highlight=rd#DNSHeader:setRD on the requests forwarded to the recursor should work and get you the old behaviour back. I don't see

[Pdns-users] Recursor 5.2.0 with RD=0 forwarded queries

Hello all, After upgrading from dns-recursor 4.8.x -> 5.2.0 I noticed this happened: Recursor 4.9.x changelog (4.9.0-alpha1 Improvements): "Change the way RD=0 forwarded queries are handled. References: pull request 12425 " Related PR: https://g

Re: [Pdns-users] Recursor getting pegged at 100% CPU

On Fri, Mar 15, 2024 at 05:25:20PM +0100, Otto Moerbeek via Pdns-users wrote: > > Op 15 mrt. 2024, om 17:01 heeft Tim Burns via Pdns-users > > het volgende geschreven: > > > > Hello all, I’m experiencing a performance degradation while using the > > Recursor that I haven’t been able to root ca

Re: [Pdns-users] Recursor getting pegged at 100% CPU

Hi Tim, Is there anything unusual in the stdout of the recursor container? Winfried Am 15. März 2024 17:01:59 MEZ schrieb Tim Burns via Pdns-users : >Hello all, I’m experiencing a performance degradation while using the Recursor >that I haven’t been able to root cause, and I was hoping to ge

Re: [Pdns-users] Recursor getting pegged at 100% CPU

> Op 15 mrt. 2024, om 17:01 heeft Tim Burns via Pdns-users > het volgende geschreven: > > Hello all, I’m experiencing a performance degradation while using the > Recursor that I haven’t been able to root cause, and I was hoping to get some > insight on what might be causing it, or some trouble

[Pdns-users] Recursor getting pegged at 100% CPU

Hello all, I’m experiencing a performance degradation while using the Recursor that I haven’t been able to root cause, and I was hoping to get some insight on what might be causing it, or some troubleshooting and diagnostics tips.   The observed issue is that the Recursor would start up, begin re

Re: [Pdns-users] Recursor Container Issue

Did you find solution for this? ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Recursor Container Issue

-Mensaje original- De: Pdns-users En nombre de Alberto via Pdns-users Enviado el: martes, 31 de octubre de 2023 12:01 Para: 'All about using and deploying powerdns' CC: Alberto Asunto: Re: [Pdns-users] Recursor Container Issue -Mensaje original- De: Otto Moerbeek

Re: [Pdns-users] Recursor Container Issue

-Mensaje original- De: Otto Moerbeek Enviado el: martes, 31 de octubre de 2023 9:51 Para: All about using and deploying powerdns CC: Alberto Asunto: Re: [Pdns-users] Recursor Container Issue Hello Alberto, It would help if you exactly describe what you did, with command line and the

Re: [Pdns-users] Recursor 4.8.x Debian 12 repo

The rec-4.8.5 Debian 12 package is now available again from our repo. Regards, -Otto > On 30/10/2023 15:23 CET Otto Moerbeek via Pdns-users > wrote: > > > Hello, > > an error crept into ont of the publishing proceses. > > I built a rec-4.8.5 for Debian 12, which can be retrieved here: > > ht

Re: [Pdns-users] Recursor Container Issue

wrote: > > > De: Pdns-users En nombre deBlue Thunder Somogyi via Pdns-users > Enviado el: lunes, 20 de marzo de 2023 17:34 > Para: pdns-users@mailman.powerdns.com > Asunto: [Pdns-users] Recursor Container Issue > > Hello, > When using the PowerDNS recursor conta

Re: [Pdns-users] Recursor Container Issue

De: Pdns-users En nombre de Blue Thunder Somogyi via Pdns-users Enviado el: lunes, 20 de marzo de 2023 17:34 Para: pdns-users@mailman.powerdns.com Asunto: [Pdns-users] Recursor Container Issue Hello, When using the PowerDNS recursor container (https://hub.docker.com/r/powerdns/pdns

Re: [Pdns-users] Recursor 4.8.x Debian 12 repo

Hello, an error crept into ont of the publishing proceses. I built a rec-4.8.5 for Debian 12, which can be retrieved here: https://github.com/PowerDNS/pdns/actions/runs/6693473758/job/18184678477 We wil also make sure the package gets published in the regular place. This might take some time t

[Pdns-users] Recursor 4.8.x Debian 12 repo

Hi, for regression testing we would like to downgrade our recursor to version 4.8.x but we noticed that there is no rec-48 debian repo on https://repo.powerdns.com/debian/dists/ for Debian Bookworm. Is this on purpose or will there be a recursor 48 repo for Debian 12 in the future? thank yo

[Pdns-users] Recursor - custom TTL for particular domain

Hello all, I'm setting up an instance of the PowerDNS Recursor. I would like to override the TTL for particular queries of particular domains: I need any CNAME from one particular domain to have an overridden, very low TTL. I wrote a Lua script which does this via "postresolve", however, it

Re: [Pdns-users] Recursor Cache Sizing: Is more always better?

Hello Christoph, On 12.09.23 13:35, Christoph via Pdns-users wrote: Hi Winfried, My recommendation is to limit the TTL to 12 or 6 hours and find out how many cache entries are created during this time. Increase that by 50% and that's your value. thanks for your recommendation. I've played a

Re: [Pdns-users] Recursor Cache Sizing: Is more always better?

Hi Winfried, My recommendation is to limit the TTL to 12 or 6 hours and find out how many cache entries are created during this time. Increase that by 50% and that's your value. thanks for your recommendation. I've played a bit with this to see what max-cache-entries values this procedure wou

Re: [Pdns-users] Recursor Cache Sizing: Is more always better?

On Sun, Sep 10, 2023 at 02:37:49PM +0200, Christoph via Pdns-users wrote: > > Another word of advice: see > > > > https://docs.powerdns.com/recursor/performance.html#threading-and-distribution-of-queries > > > > in particular the "imbalance" section. > > Thanks for the pointer, changing this ha

Re: [Pdns-users] Recursor Cache Sizing: Is more always better?

Another word of advice: see https://docs.powerdns.com/recursor/performance.html#threading-and-distribution-of-queries in particular the "imbalance" section. Thanks for the pointer, changing this had a significant positive impact. This feels like an important metric to monitor. I was not able

Re: [Pdns-users] Recursor Cache Sizing: Is more always better?

On Sat, Sep 09, 2023 at 11:20:30AM +0200, Christoph via Pdns-users wrote: > > Agrreed, I think that general rules are hard to give for cache sizing, > > as each site and its users are different. Do remember that the packet > > cache was changed in 4.9.0, it is now shared between threads. This mean

Re: [Pdns-users] Recursor forwarder DoT configuration

If you need DNSEC validation you must use recursor, dnsdist cannot do that. Others might reflect on the dnsdist cache performance and hit ratio's compared to recursor's packet cache and/or record cache. Do note that dnsdist cache is more like the recursor's packet cache. Thanks for confirming

Re: [Pdns-users] Recursor Cache Sizing: Is more always better?

Agrreed, I think that general rules are hard to give for cache sizing, as each site and its users are different. Do remember that the packet cache was changed in 4.9.0, it is now shared between threads. This means that its performance and behaviour wrt hit ratio etc did change as well. The differe

Re: [Pdns-users] Recursor forwarder DoT configuration

On Sat, Sep 09, 2023 at 08:07:02AM +0200, Christoph via Pdns-users wrote: > > I do wonder about the purpose of the recursor in the > > > > recursor -> dnsdist -> upstream-recursive > > > > case. You might as well use > > > > dnsdist -> upstream-recursive > > > > With a caching dnsdist. > > Unl

Re: [Pdns-users] Recursor Cache Sizing: Is more always better?

On Sat, Sep 09, 2023 at 09:59:19AM +0200, Winfried via Pdns-users wrote: > Hi Christoph, > > My recommendation is to limit the TTL to 12 or 6 hours and find out how many > cache entries are created during this time. Increase that by 50% and that's > your value. You'll see that it doesn't requir

Re: [Pdns-users] Recursor Cache Sizing: Is more always better?

Hi Christoph, My recommendation is to limit the TTL to 12 or 6 hours and find out how many cache entries are created during this time. Increase that by 50% and that's your value. You'll see that it doesn't require that much memory space. Winfried Am 9. September 2023 09:15:04 MESZ schrieb Chr

[Pdns-users] Recursor Cache Sizing: Is more always better?

Hi, if you have 20 or 100 GB of free RAM what is a good approach to choose the different Recursor's cache sizes? Is larger always better or is there a sweet spot between cache size, cache lookup time, cache management overhead and CPU usage? How does upstream latency fit into the equation? In

Re: [Pdns-users] Recursor forwarder DoT configuration

I do wonder about the purpose of the recursor in the recursor -> dnsdist -> upstream-recursive case. You might as well use dnsdist -> upstream-recursive With a caching dnsdist. Unless you need recursor specific functionality, of course. It was my impression that dnsdist was meant for smaller

Re: [Pdns-users] Recursor forwarder DoT configuration

On Fri, Sep 08, 2023 at 11:56:07PM +0200, Christoph via Pdns-users wrote: > Thanks a lot for the fast reply, very much appreciated! > best regards, > Christoph I do wonder about the purpose of the recursor in the recursor -> dnsdist -> upstream-recursive case. You might as well use dnsdist ->

Re: [Pdns-users] Recursor forwarder DoT configuration

Thanks a lot for the fast reply, very much appreciated! best regards, Christoph ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Recursor forwarder DoT configuration

On Fri, Sep 08, 2023 at 04:50:18PM +0200, Christoph via Pdns-users wrote: > Hello! > > I'm looking for documentation about configuring > recursor to talk DoT to a recursive resolver. > > This minimal config works: > > dot-to-port-853=yes > forward-zones-recurse=.=1.1.1.1:853;1.0.0.1:853 > > bu

Re: [Pdns-users] Recursor forwarder DoT configuration

On 08/09/2023 15:50, Christoph via Pdns-users wrote: - does it validate the server certificate? how do I configure the name when performing certificate verification? Not answering your questions about PDNS recursor specifically, but I'll just point out that 1.1.1.1:853 and 1.0.0.1:853 both ha

[Pdns-users] Recursor forwarder DoT configuration

Hello! I'm looking for documentation about configuring recursor to talk DoT to a recursive resolver. This minimal config works: dot-to-port-853=yes forward-zones-recurse=.=1.1.1.1:853;1.0.0.1:853 but compared to DNSdist newServer() configuration options I'm not sure about: - does it validate

[Pdns-users] Recursor Container Issue

Hello, When using the PowerDNS recursor container ( https://hub.docker.com/r/powerdns/pdns-recursor-48) if you mount a configuration file directly under `/etc/powerdns/recursor.conf` in the container, the recursor seems to hang and be non-responsive (no response from API, nor from DNS queries). I

Re: [Pdns-users] Recursor Cache entries per record

Hi guys, I enabled tracing and I can confirm what you said. Before my test I missed the difference between record cache and packet cache, so I misunderstood. Thanks a lot! On Mon, 28 Nov 2022 at 20:37, Otto Moerbeek via Pdns-users < pdns-users@mailman.powerdns.com> wrote: > Hello > > What Winfr

Re: [Pdns-users] Recursor Cache entries per record

Hello What Winfried says is true, with the note that a few more bits of the query are included in the hash, while some other pats are skipped; e.g. the recursor skips the EDSN ECS and Cookie bits when computing the hash. Also note that while the packet cache is per thread, the other cache (record

Re: [Pdns-users] Recursor Cache entries per record

Hi Giovanni, As far as I know, the Recursor is exactly doing what you want. IP addresses are not part of the hash. Only the query name is base of the hash. Identical query names are routed to the same thread and thus to the same cache. Winfried Am 28. November 2022 18:37:19 MEZ schrieb Giovan

[Pdns-users] Recursor Cache entries per record

Hi guys, I'm doing some tests on recursor 4.7.4 and I would some confirmation from you about caching behaviour: I understood that enabling pdns-distributes-queries, cached entries are served only in case of matching query hash, so different clients (with different source ip) will not hit cache for

Re: [Pdns-users] Recursor: NS selection logic, multiple IPs in forward-zones statement

On Wed, Nov 09, 2022 at 09:00:12PM +0300, Andrey Vishnyakov via Pdns-users wrote: > Hi! > > What is the logic of pdns recursor choosing NS server when multiple items > are available like multiple IP addresses in a forward-zones statement? > > Looking through the source code I see that NS server

[Pdns-users] Recursor: NS selection logic, multiple IPs in forward-zones statement

Hi! What is the logic of pdns recursor choosing NS server when multiple items are available like multiple IP addresses in a forward-zones statement? Looking through the source code I see that NS servers are being ordered by speed or response time (usec). What is the overall algorithm? How often

Re: [Pdns-users] Recursor: Error writing TCP answer - broken pipe

Hi Christoph, On 16/01/2022 11:27, Christoph via Pdns-users wrote: I get about 2000 of these log events per day: pdns-recursor[11727]: Error writing TCP answer to 109.70.100.132:31192: Broken pipe 109.70.100.132 is the IP address of an dnsdist instance. setup: DoH/DoT clients -> dnsdist ->

[Pdns-users] Recursor: Error writing TCP answer - broken pipe

Hello, I get about 2000 of these log events per day: pdns-recursor[11727]: Error writing TCP answer to 109.70.100.132:31192: Broken pipe 109.70.100.132 is the IP address of an dnsdist instance. setup: DoH/DoT clients -> dnsdist -> recursors Is there anything that can be optimized to avoid t

[Pdns-users] recursor 4.6.0 (re: Upgrade Guide 4.5.x to 4.6.0, event-trace-enabled setting)

Hi, Just wanted to point this out ... Under the 'New settings' section on the upgrade guide page (https://docs.powerdns.com/recursor/upgrade.html), the new (experimental) 'event-trace-enabled' setting is missing from the list of new settings. I'm not sure if this was an oversight, or intent

Re: [Pdns-users] recursor: Possible bug in accepting / rejecting additional answers?

Thank you both; I do now at least understand why it's behaving as it is; I missed that the first response was actually from the com server, and therefore authoritative for adpclaims.com. Obviously I support Frank's feature request, but unfortunately I'm not able to offer much in the way of "how

Re: [Pdns-users] recursor: Possible bug in accepting / rejecting additional answers?

Hi, I think I have to clarify a bit here. The first question was why the recursor doesn't accept the A records from the delegated name server’s response. For the record I believe we are talking about this response, received from one of the servers returned in the delegation from one of the co

Re: [Pdns-users] recursor: Possible bug in accepting / rejecting additional answers?

Hi Paul, This is a design choice by PowerDNS, which is defendable: the domain is misconfigured and the RFCs don't clearly which option to take in such a case. Unfortunately, Google and Unbound toke a different option, so when the customer verifies against 8.8.8.8, it will just work. Also unfort

[Pdns-users] recursor: Possible bug in accepting / rejecting additional answers?

Hello, We are having problems with pdns-recursor when resolving an MX record for a domain whose delegation is partially mis-configured. Whilst that mis-configuration is clearly the trigger for the problem, the behaviour of pdns is tunring a small problem into a big one, when other recursors

Re: [Pdns-users] Recursor can't resolve login.authorize.net.cdn.cloudflare.net

On Tue, Apr 06, 2021 at 08:49:59PM +0100, Tony Finch via Pdns-users wrote: > Seth Mattinen via Pdns-users wrote: > > > > Here's a partial trace (list refused posting the full trace). From my eye it > > looks like I'm just getting ServFail from cloudflare NS, or possibly a > > DNSSEC > > validati

Re: [Pdns-users] Recursor can't resolve login.authorize.net.cdn.cloudflare.net

Seth Mattinen via Pdns-users wrote: > > Here's a partial trace (list refused posting the full trace). From my eye it > looks like I'm just getting ServFail from cloudflare NS, or possibly a DNSSEC > validation problem. The SERVFAIL from the Cloudflare authoritative nameservers causes a DNSSEC val

Re: [Pdns-users] Recursor can't resolve login.authorize.net.cdn.cloudflare.net

On 4/6/21 12:12 PM, Seth Mattinen via Pdns-users wrote: I'm having an issue where I can't resolve login.authorize.net.cdn.cloudflare.net with pdns recursor (latest version 4.4.3) Here's a partial trace (list refused posting the full trace). From my eye it looks like I'm just getting ServFai

[Pdns-users] Recursor can't resolve login.authorize.net.cdn.cloudflare.net

I'm having an issue where I can't resolve login.authorize.net.cdn.cloudflare.net with pdns recursor (latest version 4.4.3) Here's a partial trace (list refused posting the full trace). From my eye it looks like I'm just getting ServFail from cloudflare NS, or possibly a DNSSEC validation p

Re: [Pdns-users] Recursor address in Dnstap messages

On Tue, Mar 23, 2021 at 07:56:07AM +0100, Hans Seidel via Pdns-users wrote: > unfortunately, the identify field does not work since it just contains the > string "DNS". I will probably file a feature request via github as next > step. The recursor fills in the value of server-id, which can be set

Re: [Pdns-users] Recursor address in Dnstap messages

unfortunately, the identify field does not work since it just contains the string "DNS". I will probably file a feature request via github as next step. Thanks, Hans On 22.03.21 08:44, Hans Seidel wrote: Hello Peter, thanks for the tip with the identity field. I will look into it. I need to

[Pdns-users] Recursor 4.3.7 released

Hello! Today we are releasing PowerDNS Recursor 4.3.7. This release fixes a bug where the wrong TTL could be used when inserting records into the packet cache. Additionally, the recursor no longer resolves unneeded names when chasing CNAME records if QName Minimization is enabled. Please refer t

Re: [Pdns-users] Recursor address in Dnstap messages

Hello Peter, thanks for the tip with the identity field. I will look into it. I need to make a few changes in our log receiver, since we do not evaluate this field yet. Best, Hans On 19.03.21 11:12, Peter van Dijk via Pdns-users wrote: Hello Hans, On Fri, 2021-03-19 at 10:08 +0100, Hans Se

Re: [Pdns-users] Recursor address in Dnstap messages

Hello Hans, On Fri, 2021-03-19 at 10:08 +0100, Hans Seidel via Pdns-users wrote: > Hello, > > we are using the message logging via Dnstap of the PowerDNS Recursor > (version 4.4.2). Since we have several instances that send us log > messages, we want to distinguish the different instances via t

[Pdns-users] Recursor address in Dnstap messages

Hello, we are using the message logging via Dnstap of the PowerDNS Recursor (version 4.4.2). Since we have several instances that send us log messages, we want to distinguish the different instances via their IP address.  I assumed that recursors IP address is set in the query_address field o

Re: [Pdns-users] recursor failing to pick up change in master .ca zone file

On Mon, 2020-11-16 at 16:17 +, Brian Candler via Pdns-users wrote: > Or were you getting NXDOMAIN for the query (for a newly-created domain?) > Negative answers are also cached. The .ca SOA record says they can be cached > for one hour: > ;; ANSWER SECTION: > ca.3585INSOA

Re: [Pdns-users] recursor failing to pick up change in master .ca zone file

The second one, the NXDOMAIN.  I get that they are publishing a 3600 TTL (which is wrong, because they publish the master .ca zone file very 30 minutes, so it should be 1800 (which I will mention to them).  But what is strange is that other recursors, such as 1.1.1.1 and 8.8.8.8 picked up the chang

Re: [Pdns-users] recursor failing to pick up change in master .ca zone file

On 16/11/2020 15:35, Eric Beck via Pdns-users wrote: The recursor was still one .ca master zone file behind I'm not sure what you mean by "one .ca master zone file behind". The recursor doesn't copy the zone file; it reads (and caches) individual records. , even after plenty of time had el

[Pdns-users] recursor failing to pick up change in master .ca zone file

Hi, I just had something curious happen. I have a 4.4.0 recursor running, and I had added a new .ca domain entry to our nameservers. The .ca Registry (CIRA) only updates the master .ca zone file once every 1/2 hour, the cutoffs being :00 and :30. It then takes about 20 minutes to get the full p

Re: [Pdns-users] Recursor 4.3.1 problems with long CNAME chains

> > We recently upgraded from Recursor 4.2.1 to 4.3.1, due to the recent > > security alert. Unfortunately, after this upgrade some queries have > > stopped working. ... > This is a known issue: https://github.com/PowerDNS/pdns/pull/9192 > > As a temporary workaround, you try disabling qname-minim

Re: [Pdns-users] Recursor 4.3.1 problems with long CNAME chains

On Fri, Jun 05, 2020 at 12:44:03PM +0200, Steinar Haug via Pdns-users wrote: > We recently upgraded from Recursor 4.2.1 to 4.3.1, due to the recent > security alert. Unfortunately, after this upgrade some queries have > stopped working. > > The examples below are from a test installation where th

[Pdns-users] Recursor 4.3.1 problems with long CNAME chains

We recently upgraded from Recursor 4.2.1 to 4.3.1, due to the recent security alert. Unfortunately, after this upgrade some queries have stopped working. The examples below are from a test installation where the only config are the following two lines: query-local-address=193.75.4.60 trace=on Ex

Re: [Pdns-users] Recursor and LUA scripting: I don't understand why preresolve answering a CNAME won't cascade to other records

Yes! This worked as expected. I assumed it was a designed choice, and it seemed it was. Thank you Bert and Roman for these quick answers. Oscar Koeroo > On 31 May 2020, at 12:14, bert hubert wrote: > > On Sun, May 31, 2020 at 12:08:36PM +0200, Oscar Koeroo via Pdns-users wrote: > >> I’m us

Re: [Pdns-users] Recursor and LUA scripting: I don't understand why preresolve answering a CNAME won't cascade to other records

On Sun, May 31, 2020 at 12:08:36PM +0200, Oscar Koeroo via Pdns-users wrote: > I’m using the following LUA script to intercept, but I don’t understand > the results. Why doesn’t the dig get the CNAME to got to the A record I > have in my domain.local zone? I expected dig to try to get the CNAME

Re: [Pdns-users] Recursor and LUA scripting: I don't understand why preresolve answering a CNAME won't cascade to other records

Hi, If I'm not wrong you need to tell pdns to resolve the CNAME: https://doc.powerdns.com/recursor/lua-scripting/hooks.html#cname-chain-resolution Regards, Roman Am So., 31. Mai 2020 um 12:08 Uhr schrieb Oscar Koeroo via Pdns-users < pdns-users@mailman.powerdns.com>: > Hi, > > I’m using my the R

[Pdns-users] Recursor and LUA scripting: I don't understand why preresolve answering a CNAME won't cascade to other records

Hi, I’m using my the Recursor version 4.3.1 on my Pi and building the following. I have a VPS and a home-server. I use “domain.net” for the internet access and in my home I use “domain.local”. Due to NAT and how my home router works, I intercept the DNS requests and provide a local answer inst

Re: [Pdns-users] recursor fail to resolve

Thank you Demi, I appreciate your reply. Not sure I have a leg to stand on eith them, the old standard reply I got when I contacted them. "No one else is having problems, only you" I do wonder what the recursor do on transient failures, it is never guaranteed one will always get a reply. A pac

Re: [Pdns-users] recursor fail to resolve

On 04/05/2020 13:41, Remi Gacogne via Pdns-users wrote: I don't know how bind does resolve but we are doing the right thing here, we get a delegation to two NS (mail1.alestra.net.mx. and dns.alestra.net.mx.) for s-s.mx. from the mx. zone, and both of these servers fail to respond to the first req

Re: [Pdns-users] recursor fail to resolve

On 5/1/20 10:31 PM, Sergio Cesar via Pdns-users wrote: > Thus the question remains: what do I need to change in the recursor > configuration to make it work as bind does and resolve even tough it > looks like an issue at their end? I don't know how bind does resolve but we are doing the right thin

Re: [Pdns-users] recursor fail to resolve

On Mon, May 04, 2020 at 07:05:48AM -0500, Sergio P Cesar wrote: > It is not a guessing game, the recursor fail to resolve. You initial email did not specify which name(s) were queried. Only later in the thread you list an example. Only with yor latest reply you tell something about your config.

Re: [Pdns-users] recursor fail to resolve

It is not a guessing game, the recursor fail to resolve. The only change to the default config in an attempt to have the recursor not cache the failure and query again is packetcache-servfail-ttl=0 quiet=no The servers in question are    DNS:    dns.alestra.net.mx   207.248.224.75  

Re: [Pdns-users] recursor fail to resolve

On Fri, May 01, 2020 at 11:31:21AM -0500, Sergio P Cesar via Pdns-users wrote: > I am new with pdns, just installed a resolver 4.3.0-rc2 to learn and all > seems to work but stumbled into an issue I cant resolve. > > My mailserver failed to deliver email to a few domains, in tracking it I > found

Re: [Pdns-users] recursor fail to resolve

I am glad you were able to duplicate the issue on your end. Thus the question remains: what do I need to change in the recursor configuration to make it work as bind does and resolve even tough it looks like an issue at their end? I still not able to deliver my customer's email if I use pdns

Re: [Pdns-users] recursor fail to resolve

That is what I herewith dig also. I used a packet tracer to see that after some period every first query they drop the first packet from our recursor. And if I use bind to query I get a response on the first time. On May 1, 2020 12:22:51 PM CDT, Aki Tuomi wrote: >Can you try with 'dig' instead

Re: [Pdns-users] recursor fail to resolve

Can you try with 'dig' instead? Also the logs seem truncated. Although I'm getting SERVFAIL intermittedly too, which suggests problem at their end. Their servers seem unresponsive sometimes, especially if you try dig s-s.mx @mail2.alestra.net.mx. dig s-s.mx @dns.alestra.net.mx. and wait some ti

Re: [Pdns-users] recursor fail to resolve

root@ns1:~# host s-s.mx Host s-s.mx not found: 2(SERVFAIL) root@ns1:~# cat /var/log/syslog | grep s-s.mx May  1 09:42:51 ns1 pdns_server[16452]: Remote 216.183.32.162 wants 's-s/mx.winc.net|A', do = 1, bufsize = 1232 (4096): packetcache MISS May  1 11:08:43 ns1 pdns_recursor[22995]: 3 [38702/1]

Re: [Pdns-users] recursor fail to resolve

Next step, try to resolve s-s.mx and check your logs. Like /var/log/syslog? Aki > On 05/01/2020 7:09 PM Sergio Cesar wrote: > > > Thank you for the reply. > > Here it is, not sure what that means. > The recursor is running on the same server as the PDNS with a different > IP address.  if th

Re: [Pdns-users] recursor fail to resolve

Thank you for the reply. Here it is, not sure what that means. The recursor is running on the same server as the PDNS with a different IP address.  if that makes a difference. root@ns1:~# rec_control trace-regex s-s.mx ok ok ok On 5/1/2020 11:37 AM, Aki Tuomi wrote: On 05/01/2020 6:31 PM Ser

Re: [Pdns-users] recursor fail to resolve

> On 05/01/2020 6:31 PM Sergio P Cesar via Pdns-users > wrote: > > > I am new with pdns, just installed a resolver 4.3.0-rc2 to learn and all > seems to work but stumbled into an issue I cant resolve. > > My mailserver failed to deliver email to a few domains, in tracking it I > found that

[Pdns-users] recursor fail to resolve

I am new with pdns, just installed a resolver 4.3.0-rc2 to learn and all seems to work but stumbled into an issue I cant resolve. My mailserver failed to deliver email to a few domains, in tracking it I found that their DNS will drop the first packet on every new query  but will respond on a s

Re: [Pdns-users] Recursor: Response looses AD flag if Lua script hook returns true

Hi Simon, On 3/28/20 5:34 PM, Simon Erhardt via Pdns-users wrote: > We use PowerDNS Recursor to intercept certain lookups and return values > from a database instead. Therefore we use the Luad scripting capability. > Now we noticed that requests with DNSSEC lose the set AD flag when a > hook in th

[Pdns-users] Recursor: Response looses AD flag if Lua script hook returns true

Hi there! We use PowerDNS Recursor to intercept certain lookups and return values from a database instead. Therefore we use the Luad scripting capability. Now we noticed that requests with DNSSEC lose the set AD flag when a hook in the script of the request is marked as "handled" (by returning

Re: [Pdns-users] Recursor and subdomain forward

Got it Brian. Thanks a lot. On Mon, 23 Mar 2020 at 14:38, Brian Candler wrote: > On 23/03/2020 13:28, Giovanni Vecchi via Pdns-users wrote: > > > *sudo rec_control get-parameter forward-zones forward-zones=""* > > From rec logs: > > > *Mar 23 13:21:05 server pdns_recursor[9349]: Reading zone fo

Re: [Pdns-users] Recursor and subdomain forward

On 23/03/2020 13:28, Giovanni Vecchi via Pdns-users wrote: /sudo rec_control get-parameter forward-zones forward-zones=""/ From rec logs: /Mar 23 13:21:05 server pdns_recursor[9349]: Reading zone forwarding information from '/etc/powerdns/recursor.d/zones.conf' Mar 23 13:21:05 server pdns_recu

Re: [Pdns-users] Recursor and subdomain forward

Hi Brian, thanks for your tip: forward-zone-file is great. I only noticed that configuring forward-zone-file will broke the get-parameter command for rec_control: *sudo rec_control get-parameter forward-zonesforward-zones=""* >From rec logs: *Mar 23 13:21:05 server pdns_recursor[9349]: Readin

Re: [Pdns-users] Recursor and subdomain forward

On 20/03/2020 17:18, Giovanni Vecchi via Pdns-users wrote: I think the problem was that following zone forwarding need to be configured with "forwarding-zone*+*=" directive, but if I didn't find any feedback in the documentation (https://doc.powerdns.com/recursor/settings.html#forward-zones): m

Re: [Pdns-users] Recursor and subdomain forward

'forward-zone' can only be specified one time in the configuration file. It accepts a list of domain/address pairs, though, so you can setup multiple domains for forwarding. On Fri, Mar 20, 2020 at 1:18 PM Giovanni Vecchi via Pdns-users < pdns-users@mailman.powerdns.com> wrote: > Hi Brian, > > I

Re: [Pdns-users] Recursor and subdomain forward

Hi Brian, I missed that in configuration file multiple "forwarding-zone=" entries were present for different zone: I only wrote you the first of them that queries were failing, I'm sorry. I think the problem was that following zone forwarding need to be configured with "forwarding-zone*+*=" direct

Re: [Pdns-users] Recursor and subdomain forward

Works for me, with 4.3.0-1pdns.bionic Added to recursor.conf: forward-zones=domain.sec=127.0.0.1:5300 Restarted pdns-recursor Test: root@cache1:~# dig @localhost testing.domain.sec a ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> @localhost testing.domain.sec a ; (1 server found) ;; global options

Re: [Pdns-users] Recursor and subdomain forward

Hi Brian sudo rec_control version *4.3.0* sudo dpkg -l | grep pdns-recursor *ii pdns-recursor 4.3.0-1pdns.bionic amd64PowerDNS Recursor* No queries arrive at all even with negative trust anchor: sudo rec_control get-ntas *Configured Negative Trus

Re: [Pdns-users] Recursor and subdomain forward

On 20/03/2020 10:56, Giovanni Vecchi via Pdns-users wrote: @Brian: my bad, my local domain isn't an ".local" one but ".sec", so please consider domain.sec as root domain The current behaviour is that public root domain are queried for every *.domain.sec from recursor instead the authoritative on

Re: [Pdns-users] Recursor and subdomain forward

Hi everybody, @Brian: my bad, my local domain isn't an ".local" one but ".sec", so please consider domain.sec as root domain The current behaviour is that public root domain are queried for every *.domain.sec from recursor instead the authoritative one! My conf: config-dir=/etc/powerdns local-add

Re: [Pdns-users] Recursor and subdomain forward

On 20/03/2020 10:38, Giovanni Vecchi via Pdns-users wrote: is there a "smart" way to instruct recursor to forward zone and each own "subdomain" to an authoritative server? Something like this: forward-zone=*.domain.local= The expectation is that queries to every level starting from domain.loc

[Pdns-users] Recursor and subdomain forward

Hi guys, is there a "smart" way to instruct recursor to forward zone and each own "subdomain" to an authoritative server? Something like this: forward-zone=*.domain.local= The expectation is that queries to every level starting from domain.local (ex: hello.domain.local, good.night.domain.local,

  1   2   3   4   5   >