Re: [Pdns-users] pdns-recursor metrics review and tuning advice request

Otto, It took me a while to come back to this but I made changes as per your suggestions shortly after your last reply. - I reverted the max-negative-ttl to default. Performance seems markedly improved. - I removed the lua so no drops will occur and many server clients seem much happier. - I've

Re: [Pdns-users] pdns-recursor metrics review and tuning advice request

Remarks inline. On Fri, Apr 18, 2025 at 07:04:18PM -0400, Scott Crace wrote: > Otto, > Thanks for your assistance.Since these were setup with private IPs I wasn't > sure how useful the config would be however, I have included it below. > > # rec_control dump-throttlemap - > ; throttle map dump f

Re: [Pdns-users] pdns-recursor metrics review and tuning advice request

Otto, Thanks for your assistance.Since these were setup with private IPs I wasn't sure how useful the config would be however, I have included it below. # rec_control dump-throttlemap - ; throttle map dump follows ; remote IP qname qtype count ttd reason 10.0.196.1970.10.in-addr.

Re: [Pdns-users] pdns-recursor metrics review and tuning advice request

On Fri, Apr 18, 2025 at 08:28:48AM -0400, Scott Crace via Pdns-users wrote: Hi, Please include your config. That said: You seem to have pretty low cache hit ratio, a high number of outgoing queries. How is your cache configged? Also some throttling is going on. I suspect rec has trouble contact

[Pdns-users] pdns-recursor metrics review and tuning advice request

Hello all, Long time lurker on the message list and would like some performance and/or tuning advice. We've been using pdns-recursor as internal recursive nameservers for quite some time now. The original implementer of pdns departed and I was recently tasked with replacing or upgrading all of th

Re: [Pdns-users] pdns recursor forward zone to consul

Ok, my fail. Pdns recursor returns ;; ANSWER SECTION: master.testcluster.service.consul. 1 IN CNAME test-patroni-02.sub.domain.tld test-patroni-02.sub.domain.tld. 3581 IN A 192.168.200.202 TTL 1 is ok for me. So i just need to handle dnssec setting someway. The problem is resolved.

Re: [Pdns-users] pdns recursor forward zone to consul

Hi, CZ domain is signed by CZNIC, but cortex.cz and it's subdomains aren't signed. We don't use lua yet so i tried to set "dnssec=off" and it's done = working. This come to second question. Consul returns ttl 0, dnsmasq returns by default ttl 0 too. Recursor returns with ttl 3600, those are

Re: [Pdns-users] pdns recursor forward zone to consul

On Tue, 2024-08-06 at 09:30 +0200, Prochazka via Pdns-users wrote: > Hi, > > i set forward-zone for consul domain in the recursor, but queries fail. > > Tested consul nodes are 192.168.200.205-207. > Tested patroni nodes (vith consul agent) are 192.168.200.201-202, > current master is test-patro

Re: [Pdns-users] pdns recursor forward zone to consul

Sorry, my reading fail. I disabled qname-minimization, restarted, again servfail. Thanks. Dne 2024-08-06 11:21, Prochazka via Pdns-users napsal: No effect (anyway, default is yes), i even tried qname-max-minimize-count=1, no success. Recursor is 5.0.5 btw. Thanks Dne 2024-08-06 11:06, Frank

Re: [Pdns-users] pdns recursor forward zone to consul

No effect (anyway, default is yes), i even tried qname-max-minimize-count=1, no success. Recursor is 5.0.5 btw. Thanks Dne 2024-08-06 11:06, Frank @ kiwazo.be napsal: Could you try disabling qname-minimisation? https://doc.powerdns.com/recursor/settings.html#qname-minimization If that works,

[Pdns-users] pdns recursor forward zone to consul

Hi, i set forward-zone for consul domain in the recursor, but queries fail. Tested consul nodes are 192.168.200.205-207. Tested patroni nodes (vith consul agent) are 192.168.200.201-202, current master is test-patroni-02.sub.domain.tld (.202) Tested recursor node 192.168.200.55 Working query

Re: [Pdns-users] pdns-recursor zone-forward block and allow lists

Hi, Thank you for your hints with DNSSEC. Truly it was caused by dnssec validation. If I tried to turn off dnssec validation dns0 servers would not respond to any of my requests. But I found that with option "process-no-validate" and recurse true for zone '.' I finally setup and tested exactl

Re: [Pdns-users] pdns-recursor zone-forward block and allow lists

On 30/04/2024 08:23, Jan Gardian via Pdns-users wrote: tcpdump: " 17:31:22.071802 IP 192.168.0.101.41941 > pdns-recursor.domain: 65094+ [1au] A? liveaqest.live. (55) 17:31:22.072588 IP pdns-recursor.55092 > dns.google.domain: 5457+% [1au] A? liveaqest.live. (43) 17:31:22.090703 IP dns.google.do

[Pdns-users] pdns-recursor zone-forward block and allow lists

Hello, I am using PowerDNS Recursor 5.0.3 and I am trying to use forward all zones towards dns0 which block malicious domains and return NXDOMAIN. Unfortunately for some domains I would like to use different forwarders than dns0 and get normal dns answer(e.g. forwarders 8.8.8.8:53). I tried

Re: [Pdns-users] pdns-recursor lua script - redirect query

W dniu 20.02.2024 o 11:31, Grzegorz Chmurzyński pisze: Currently, I only have access to DQS, so the idea is to redirect the query in DNS. I don't see any zones corresponding to zen available in the RPZ lists (sbl, css, xbl, pbl) Maybe I missed something in the spamhaus documentation --

Re: [Pdns-users] pdns-recursor lua script - redirect query

Hi Grzegorz, If you're a paying Spamhaus customer, then using their RPZ service might be a way easier solution than redirecting the queries? Please see the PowerDNS specific docs at https://docs.spamhaus.com/dns-firewall/docs/source/configuration/power_dns_config.html Should you have any ques

[Pdns-users] pdns-recursor lua script - redirect query

I'm trying to change queries for zen.spamhaus.org to another domain (paid service). Convert all type queries on the fly to queries of the following type: 4.3.2.1.zen.spamhaus.org -> 4.3.2.1.x.zen.dq.spamhaus.net I wrote the following lua script: https://pastebin.com/qssbsNtR Redirection vi

Re: [Pdns-users] pdns-recursor help

On Sun, Feb 18, 2024 at 01:35:04AM -0800, Bill MacAllister wrote: > On 2024-02-17 23:30, Otto Moerbeek wrote: > > On Sat, Feb 17, 2024 at 06:07:16PM -0800, Bill MacAllister wrote: > > > > > Okay, I set "dnssec=off" and look ups are working now. Guess I > > > need to educate myself about dnssec.

Re: [Pdns-users] pdns-recursor help

On 2024-02-17 23:30, Otto Moerbeek wrote: On Sat, Feb 17, 2024 at 06:07:16PM -0800, Bill MacAllister wrote: Okay, I set "dnssec=off" and look ups are working now. Guess I need to educate myself about dnssec. I would like to make the dnssec default work if I can. Pointers welcomed. Bill Lo

Re: [Pdns-users] pdns-recursor help

On Sat, Feb 17, 2024 at 06:07:16PM -0800, Bill MacAllister wrote: > On 2024-02-17 12:08, Bill MacAllister via Pdns-users wrote: > > On 2024-02-17 00:31, Otto Moerbeek wrote: > > > > Your recursor is not able to get an answer from the root servers, at > > > least not for DS queries. > > > > > > A

Re: [Pdns-users] pdns-recursor help

On 2024-02-17 12:08, Bill MacAllister via Pdns-users wrote: On 2024-02-17 00:31, Otto Moerbeek wrote: Your recursor is not able to get an answer from the root servers, at least not for DS queries. A run with --trace as a command line option will reveal more details of what is going on. Also:

Re: [Pdns-users] pdns-recursor help

On 2024-02-17 00:31, Otto Moerbeek wrote: On Sat, Feb 17, 2024 at 12:22:06AM -0800, Bill MacAllister via Pdns-users wrote: I am new to Power DNS and am attempting to setup a Power DNS recursor server. I am using Debian bookworm and I have installed the pdns-recursor package. The server is

Re: [Pdns-users] pdns-recursor help

On Sat, Feb 17, 2024 at 12:22:06AM -0800, Bill MacAllister via Pdns-users wrote: > I am new to Power DNS and am attempting to setup a Power DNS recursor > server. I am using Debian bookworm and I have installed the pdns-recursor > package. The server is listening and dig can connect to the serve

[Pdns-users] pdns-recursor help

I am new to Power DNS and am attempting to setup a Power DNS recursor server. I am using Debian bookworm and I have installed the pdns-recursor package. The server is listening and dig can connect to the server, but dig returns a status of SERVFAIL. What should I look at? What am I missing?

Re: [Pdns-users] Pdns-recursor and dnsdist on same machine

Or maybe kdig, which supports proxy Protocol (+proxy) and also you can specify the src ip (-b). Best regards, Norbert Am Mo., 19. Juni 2023 um 21:11 Uhr schrieb bodenhalt...@gmail.com < bodenhalt...@gmail.com>: > Hi, > > - Something else? > > Maybe just: https://doc.powerdns.com/authoritative/

Re: [Pdns-users] Pdns-recursor and dnsdist on same machine

Hi, - Something else? Maybe just: https://doc.powerdns.com/authoritative/manpages/sdig.1.html? sdig can handle the PROXYv2 protocol. Best regards, Norbert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailm

[Pdns-users] Pdns-recursor and dnsdist on same machine

I’ve noticed that using "proxy-protocol-from” in the pdns-recursor, a simple query from that source no longer works. So if I set pdns-recursor to 127.0.53.53 and dnsdist to the network IP address of the host then on this host I can’t query pdns-recursor on 127.0.53.53 as the host command doesn’t

Re: [Pdns-users] Pdns recursor - forward-zones-file not working

Hi Otto, Literally just worked out why the euro is showing. The forward zone file name ended in “.conf” meaning pdns-recursor was reading the file as configuration. Removing the file extension fixed it. It’s an incredibly silly mistake to make… -- Djerk > On 19 Jun 2023, at 18:25, Otto Moerbe

Re: [Pdns-users] Pdns recursor - forward-zones-file not working

On Mon, Jun 19, 2023 at 05:10:01PM +0100, Djerk Geurts via Pdns-users wrote: > Hi all, > > Reading up on recursor settings I found that with forward-zones-file one can > set recurse an RD flag and also add domains to an allow-notify-for list. > > "Zones prefixed with a ‘+’ are treated as with f

[Pdns-users] Pdns recursor - forward-zones-file not working

Hi all, Reading up on recursor settings I found that with forward-zones-file one can set recurse an RD flag and also add domains to an allow-notify-for list. "Zones prefixed with a ‘+’ are treated as with forward-zones-recurse

[Pdns-users] pdns-recursor behavior for edns client-subnet option

I'm hoping I can get some behavior questions clarified regarding how PowerDNS recursor handles EDNS client-subnet requests/responses. We're looking at sending ECS to Akamai, and they have very specific requirements for how the resolver behaves. First, if the client sends a request to pdns-recu

Re: [Pdns-users] pdns-recursor ecs support config designs

Hi Brian Understood re. "user ecs" vs "pass" = semantic error on my side. And yes, a local per branch recursor would better but we have to take installation/operational management overhead into account for doing this at a lot of sites; as well, we're trying to move away from local infrastructure.

Re: [Pdns-users] pdns-recursor ecs support config designs

On Tue, Nov 08, 2022 at 09:44:22AM +, Brian Candler via Pdns-users wrote: > On 08/11/2022 09:20, Robby Pedrica via Pdns-users wrote: > > > The CDN services work correctly when a branch uses the ISP-assigned DNS > > for that specific branch/link. But as mentioned, it's difficult to > > manage

Re: [Pdns-users] pdns-recursor ecs support config designs

On 08/11/2022 09:20, Robby Pedrica via Pdns-users wrote: The CDN services work correctly when a branch uses the ISP-assigned DNS for that specific branch/link. But as mentioned, it's difficult to manage these DNS entries when you have many branches across the world (180 sites with 2 different

Re: [Pdns-users] pdns-recursor ecs support config designs

Thanks Otto, " It is not 100% clear what you are trying to achieve" We simply want to use ecs to direct endpoints to their nearest pop for CDN services, specifically Microsoft-related services like Teams, Sharepoint, etc. The CDN services work correctly when a branch uses the ISP-assigned DNS fo

Re: [Pdns-users] pdns-recursor ecs support config designs

On Tue, Nov 08, 2022 at 08:35:33AM +0200, Robby Pedrica via Pdns-users wrote: > Hi all, > > I've searched pdns docs as well as threads here but can find nothing about > how to deploy ecs or more specifically, under which circumstance ecs can be > used. > > From what I understand of ecs, the recu

Re: [Pdns-users] pdns-recursor ecs support config designs

Apologies, to clarify: 1. No we do not own the auth servers, the queries are for general internet DNS lookups so could hit any auth server. The recursor does it's standard root server and down lookups ... 2. The desired outcome is that clients are directed to local resources especially for office

Re: [Pdns-users] pdns-recursor ecs support config designs

From your description it’s not clear (to me anyway) if you control the authoritative server that you care about or not and it’s not clear what the desired outcome you are looking for by using ECS. Ask ___ Pdns-users mailing list Pdns-users@mailman.powe

[Pdns-users] pdns-recursor ecs support config designs

Hi all, I've searched pdns docs as well as threads here but can find nothing about how to deploy ecs or more specifically, under which circumstance ecs can be used. From what I understand of ecs, the recursor will forward the client's IP with the request to the auth (or intermediate) servers

Re: [Pdns-users] pdns-recursor query logging of cached requests

On Thu, Nov 03, 2022 at 02:08:53PM +0100, Marco Kleefman via Pdns-users wrote: > Hi, > > For compliancy reasons we are configuring query logging on our PowerDNS > recursor instances (running 4.7.3). > > For normal queries I see source-ip and content of DNS question. Example > logging: > > pdns_

[Pdns-users] pdns-recursor query logging of cached requests

Hi, For compliancy reasons we are configuring query logging on our PowerDNS recursor instances (running 4.7.3). For normal queries I see source-ip and content of DNS question. Example logging: pdns_recursor[12056]: 2 [395002/1] question for 'www.exampledomain.com|A' from 10.11.12.13:56765 For a

Re: [Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

I do not, but I will try to get the message back, the reverse way this problem reached me :) I sure hope they do not have old F5's, though. Security wise I mean. On Fri, 2022-10-07 at 13:58 +0200, Peter van Dijk via Pdns-users wrote: > On Thu, 2022-09-22 at 09:27 +0200, Leeflangetje via Pdns-use

Re: [Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

On Thu, 2022-09-22 at 09:27 +0200, Leeflangetje via Pdns-users wrote: > dig @ns1 riecis.nl A If you happen to have a contact at RIEC/riecis, please point them to https://www.sidn.nl/nieuws-en-blogs/agressief-cache-gebruik-levert-snelheidswinst-en-efficientie-op-voor-validerende-resolvers The fail

Re: [Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

On Thu, Sep 22, 2022 at 11:40:35AM +0200, Leeflangetje via Pdns-users wrote: > Thank you for digging into the issue with that domain :) > > The reason we never encountered this before the upgrade to 4.6 must be > the change in default behaviour regarding dnssec , which went from > "process-no-val

Re: [Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

Thank you for digging into the issue with that domain :) The reason we never encountered this before the upgrade to 4.6 must be the change in default behaviour regarding dnssec , which went from "process-no-validate"  to "process", I assume. (We came from 4.2) On Thu, 2022-09-22 at 10:26 +0200,

Re: [Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

True, TCP is broken as well. Am 22. September 2022 10:01:58 MESZ schrieb Otto Moerbeek : >On Thu, Sep 22, 2022 at 09:41:57AM +0200, abang--- via Pdns-users wrote: > >> The "NSEC3 proving non-existence" of this zone is broken. See >> https://dnsviz.net/d/riecis.nl/dnssec/?rr=all&a=all&ds=all&doe=o

Re: [Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

On Thu, Sep 22, 2022 at 09:41:57AM +0200, abang--- via Pdns-users wrote: > The "NSEC3 proving non-existence" of this zone is broken. See > https://dnsviz.net/d/riecis.nl/dnssec/?rr=all&a=all&ds=all&doe=on&ta=.&tk= > > You can workaround this issue by setting a NTA for it on your Recursors. It >

Re: [Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

When trying to check this domain I get an occasinal error: $ dig @1.1.1.1 riecis.nl ; <<>> dig 9.10.8-P1 <<>> @1.1.1.1 riecis.nl ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30228 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTH

Re: [Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

The "NSEC3 proving non-existence" of this zone is broken. See https://dnsviz.net/d/riecis.nl/dnssec/?rr=all&a=all&ds=all&doe=on&ta=.&tk= You can workaround this issue by setting a NTA for it on your Recursors. It is recommended to inform the owner of the zone in order to fix the root cause. Win

[Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

Hi, Since we upgraded to pdns-recursor 4.6 we sometimes experience some weird behaviour with queries via pdns-recursor. Sometimes, when a previously queried record expires through it's TTL, the recursor does not provide an answer anymore, until it's restarted. Unfortunately I am not able to repr

Re: [Pdns-users] PDNS recursor cache sync

That may be true for a SOHO environment. But for a corporate network with numerous firewalls, my option is that firewalls should be firewalls. Tagging core services into a security appliance is not the right solution for DNS servers that manage to cache different results. I like Otto's suggesti

Re: [Pdns-users] PDNS recursor cache sync

Than you  I'll have a look at your dnsdist suggestion, I hadn't considered that yet. I'd rather not get into an off topic argument about the various reasons for using an FQDN in a firewall rule versus undisclosed public IP addresses. And I have no intention of requesting that cache management i

Re: [Pdns-users] PDNS recursor cache sync

If you are applying a firewall rule based on hostname, it makes sense that the firewall should be the one providing DNS recursive service to the DNS clients or to the downstream DNS caching servers, or you should resort to URL filtering. Best Regards, Óscar Zovo. A sábado, 17/09/2022, 01:01, Dj

Re: [Pdns-users] PDNS recursor cache sync

Cache maintenace is alreayd quite a complex part of any recursor. IMO adding cache syncing would introduce way too much complexity te be worth the trouble to solve what in essense is a questionable firewall rule design. Maybe dnsdist with a packet cache in front of two recursors might be worth

Re: [Pdns-users] PDNS recursor cache sync

Hi Otto, Thank you for the clarification. Yes, I'm aware that the source may change, but TTL exists for that. So I don't think this is a valid reason to not sync cache. As the current situation is worse: Resolver A caches IP address 1.1.1.1 and resolver B caches IP address 2.2.2.2. Subsequentl

Re: [Pdns-users] PDNS recursor cache sync

Hello, cachs syncing is not something we have and even with it (or using a single resolver) there is an issue that records can change: the scenario: - a client asks the record, record gets cached - client A asks and gets cached value, - publisher of records changes the re

[Pdns-users] PDNS recursor cache sync

Just ran into an issue with recursive DNS servers where the two servers have cached a different A record for mirror.centos.org. This is a problem as the firewalls permit access to the FQDN, which presumes that both the client and the firewall end up with the same A record for the domain. I'm i

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On 17/03/2022 15:50, Pepe Charli wrote: But the idea is to have in the future a file forward-zones-file of the type test1.com =192.168.1.1 test2.com =192.168.1.2 .=192.168.68.63, 192.168.68.64 I think dnsdist is better for that application - it's what it's d

Re: [Pdns-users] PDNS Recursor and forward-zones-file

192.168.68.63/64 are authoritative-only servers (pdns auth) for internal domains. You are right that currently the resolver does not make sense But the idea is to have in the future a file forward-zones-file of the type test1.com=192.168.1.1 test2.com=192.168.1.2 .=192.168.68.63, 192.168.68.64

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On 17/03/2022 15:26, Pepe Charli wrote:      In the traces only the domain has been changed to test.com      192.168.68.63 and 192.168.68.64 are autoritatives for this domain.      Both resolver and authoritative are only used internally with private IPs Are 192.168.68.63/64

Re: [Pdns-users] PDNS Recursor and forward-zones-file

Hi In the traces only the domain has been changed to test.com 192.168.68.63 and 192.168.68.64 are autoritatives for this domain. Both resolver and authoritative are only used internally with private IPs I have added "dont-query=127.0.0.0/8" in the resolver, I'll watch it to see

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On Thu, Mar 17, 2022 at 12:17:59PM +, Brian Candler via Pdns-users wrote: > On 17/03/2022 12:04, Pepe Charli via Pdns-users wrote: > > The recursor is configured to forward all zones to other DNS servers > > > > forward-zones-file=/path/to/file > > and the file itself contains > > .=192.168.6

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On Thu, Mar 17, 2022 at 12:25:38PM +, Brian Candler via Pdns-users wrote: > Hmm, see also: > > https://github.com/PowerDNS/pdns/issues/10638 > https://github.com/PowerDNS/pdns/pull/10643 > > But this was backported to the 4.4 branch, and should be present in recursor > 4.4.7: > > https://gi

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On Thu, Mar 17, 2022 at 01:04:55PM +0100, Pepe Charli via Pdns-users wrote: > Hi, > > I am experiencing some "strange" behavior with pDNS Recursor ( > pdns-recursor-4.4.7-1pdns.el7.x86_64) > > The recursor is configured to forward all zones to other DNS servers > > forward-zones-file=/path/to/f

Re: [Pdns-users] PDNS Recursor and forward-zones-file

Hmm, see also: https://github.com/PowerDNS/pdns/issues/10638 https://github.com/PowerDNS/pdns/pull/10643 But this was backported to the 4.4 branch, and should be present in recursor 4.4.7: https://github.com/PowerDNS/pdns/pull/10654 ___ Pdns-users

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On 17/03/2022 12:04, Pepe Charli via Pdns-users wrote: The recursor is configured to forward all zones to other DNS servers forward-zones-file=/path/to/file and the file itself contains .=192.168.68.63, 192.168.68.64 If you're forwarding the whole world then you need a plus sign for the reque

[Pdns-users] PDNS Recursor and forward-zones-file

Hi, I am experiencing some "strange" behavior with pDNS Recursor ( pdns-recursor-4.4.7-1pdns.el7.x86_64) The recursor is configured to forward all zones to other DNS servers forward-zones-file=/path/to/file and the file itself contains .=192.168.68.63, 192.168.68.64 >From time to time the resou

Re: [Pdns-users] PDNS Recursor - force IPv6

On 16/11/2021 08:57, Otto Moerbeek wrote: I set "query-local-address=0.0.0.0,::" to allow the recursor to use both. I think since 4.5 we do the right thing and*only* use v6 if you set query-local-address=:: But that has the consequence that a lot of (v4 only) nameservers become unreachable.

Re: [Pdns-users] PDNS Recursor - force IPv6

On Tue, Nov 16, 2021 at 08:53:02AM +, Brian Candler wrote: > On 16/11/2021 08:29, Otto Moerbeek via Pdns-users wrote: > > > Is there possible to get similar to unbound command to force usage of > > > IPv6 in PDNS Recursor? > > > > > > prefer-ip6: > > > If enabled, prefer IPv6 transport

Re: [Pdns-users] PDNS Recursor - force IPv6

On 16/11/2021 08:29, Otto Moerbeek via Pdns-users wrote: Is there possible to get similar to unbound command to force usage of IPv6 in PDNS Recursor? prefer-ip6: If enabled, prefer IPv6 transport for sending DNS queries to internet nameservers. Default is no. Thanks, No, we do not hav

Re: [Pdns-users] PDNS Recursor - force IPv6

On Tue, Nov 16, 2021 at 08:22:30AM +, Marcin Gondek via Pdns-users wrote: > Hello, > > Is there possible to get similar to unbound command to force usage of IPv6 in > PDNS Recursor? > > prefer-ip6: > If enabled, prefer IPv6 transport for sending DNS queries to internet > nameservers.

[Pdns-users] PDNS Recursor - force IPv6

Hello, Is there possible to get similar to unbound command to force usage of IPv6 in PDNS Recursor? prefer-ip6: If enabled, prefer IPv6 transport for sending DNS queries to internet nameservers. Default is no. Thanks, -- Marcin Gondek / Drixter http://fido.e-utp.net/ AS56662 ___

Re: [Pdns-users] pdns-recursor suddenly started to answer with content from . zone instead of what is configured in forward.zones.

Hi, Am 22.09.21 um 08:50 schrieb Thomas Mieslinger via Pdns-users: Hi Peter, Am 21.09.21 um 18:20 schrieb Peter van Dijk via Pdns-users: Hello Thomas, On Tue, 2021-09-21 at 13:53 +0200, Thomas Mieslinger via Pdns-users wrote: [..] Can you try aggressive-nsec-cache-size=0 (on 4.5.1) and/or no

Re: [Pdns-users] pdns-recursor suddenly started to answer with content from . zone instead of what is configured in forward.zones.

Hi Peter, Am 21.09.21 um 18:20 schrieb Peter van Dijk via Pdns-users: Hello Thomas, On Tue, 2021-09-21 at 13:53 +0200, Thomas Mieslinger via Pdns-users wrote: dog.80 IN NSEC domains. NS DS RRSIG NSEC This looks like aggressive NSEC reuse ( https://datatracker.ietf.org/doc

Re: [Pdns-users] pdns-recursor suddenly started to answer with content from . zone instead of what is configured in forward.zones.

On Tue, Sep 21, 2021 at 06:20:16PM +0200, Peter van Dijk via Pdns-users wrote: > Hello Thomas, > > On Tue, 2021-09-21 at 13:53 +0200, Thomas Mieslinger via Pdns-users > wrote: > > dog.80 IN NSEC domains. NS DS RRSIG NSEC > > This looks like aggressive NSEC reuse ( > https://d

Re: [Pdns-users] pdns-recursor suddenly started to answer with content from . zone instead of what is configured in forward.zones.

Hello Thomas, On Tue, 2021-09-21 at 13:53 +0200, Thomas Mieslinger via Pdns-users wrote: > dog.80 IN NSEC domains. NS DS RRSIG NSEC This looks like aggressive NSEC reuse ( https://datatracker.ietf.org/doc/html/rfc8198) and/or NXDOMAIN: There Really Is Nothing Underneath ( http

[Pdns-users] pdns-recursor suddenly started to answer with content from . zone instead of what is configured in forward.zones.

Hi, we're experiencing the problem that pdns_recursor (4.3.5 and 4.5.1) answers with the information from the . zone instead of what we have configured in forward.zone. Some configuration details (please name the setting you additionally need to diagnose the problem further) forward.zones: ...

Re: [Pdns-users] pdns recursor: forward-zones: load balancing and failover

On Tue, Oct 27, 2020 at 08:32:29PM +0300, Egor Fatyushin via Pdns-users wrote: > Hello, > I have two authoritative DNS servers and I'd like to use them as two > replicas with the same set of records. Can I use 'forward-zones' for both > failover and load balancing features. > > I mean, if I have

[Pdns-users] pdns recursor: forward-zones: load balancing and failover

Hello, I have two authoritative DNS servers and I'd like to use them as two replicas with the same set of records. Can I use 'forward-zones' for both failover and load balancing features. I mean, if I have /etc/pdns-recursor/recursor.conf like this: ... forward-zones=aaa.zone.org=10.111.111.111:53

[Pdns-users] Pdns Recursor prefetch

Hello. I am checking at the moment different DNS Resolver. We are using for a long time already PDNS Recursor. I have checked already different Recursor like Knot Resolver and Unbound . These are using prefetch. Do we have benefits with prefetching, or is this not needed? Best regards, Detle

Re: [Pdns-users] pdns-recursor - Recursor options to ignore when authoritative server does not set the AA bit in DNS reply

On 15/04/2020 15:37, Caleb Bontrager via Pdns-users wrote: The question I have is if there is a configuration ability to remove the AA bit requirement for resolution? I can't answer the specific question, but I tested that my own local pdns-recursor (4.3.0-1pdns.bionic) *is* able to resolve le

[Pdns-users] pdns-recursor - Recursor options to ignore when authoritative server does not set the AA bit in DNS reply

Running pdns-recursor 4.2.1, I'm encountering an issue where the pdns-recursor returns a SERVFAIL to the client on domains that are resolvable by pretty much any public DNS resolver - Level3, Google, OpenDNS, Comcast, etc. I understand from tracing the query (rec_control trace-regex) and from read

Re: [Pdns-users] pdns + recursor + master / slave

On 2/2/20 2:17 PM, Stef Coene wrote: > On 2020-02-02 18:43, Mike wrote: >> On 2/1/20 9:13 AM, Stef Coene wrote: >> Typically, what you really want, is to separate the functions of >> 'authoritative server' and 'recursive resolver', which means that each >> are handled on separate IP addresses.

Re: [Pdns-users] pdns + recursor + master / slave

On 2020-02-02 18:43, Mike wrote: On 2/1/20 9:13 AM, Stef Coene wrote:     Typically, what you really want, is to separate the functions of 'authoritative server' and 'recursive resolver', which means that each are handled on separate IP addresses.  Bind did/does allow this setup and has extensiv

Re: [Pdns-users] pdns + recursor + master / slave

On 2/1/20 9:13 AM, Stef Coene wrote: > Hi, > > I'm new to PowerDNS and still learning about how it works. > > I want to have 2 DNS servers located in 2 different datacenters. One > of them is master, one of them is slave. They both need to forward > requests for unknown domains. > > If I understand

Re: [Pdns-users] pdns + recursor + master / slave

On Sat, Feb 01, 2020 at 06:13:26PM +0100, Stef Coene wrote: > Hi, > > I'm new to PowerDNS and still learning about how it works. > > I want to have 2 DNS servers located in 2 different datacenters. One > of them is master, one of them is slave. They both need to forward > requests for unknown dom

[Pdns-users] pdns + recursor + master / slave

Hi, I'm new to PowerDNS and still learning about how it works. I want to have 2 DNS servers located in 2 different datacenters. One of them is master, one of them is slave. They both need to forward requests for unknown domains. If I understand it correctly I need: - 1 recursor in 1 each dat

Re: [Pdns-users] pdns-recursor Permissions Error

From what I can see, your snmpd system will run /usr/local/bin/pdns_stats as the snmpd user. This user does not have write permission to the /var/run/pdns-recursor directory and so you get the error. You could either make the /var/run/pdns-recursor mode 775 and group snmpd; or maybe add the snmp

Re: [Pdns-users] pdns-recursor Permissions Error

Thank you all for the generous and tremendous support. I have traffic on Cacti from my recursive servers now. Have a lovely weekend. Regards, Sharone On Fri, 10 Jan 2020 at 14:30, Brian Candler wrote: > On 10/01/2020 11:07, Sharone wrote: > > I have attempted to comment out the line *extend p

Re: [Pdns-users] pdns-recursor Permissions Error

On 10/01/2020 11:07, Sharone wrote: I have attempted to comment out the line /extend pdns-rec /usr/local/bin/pdns_stats /in snmpd.conf file and still gotten the same error, however changing permissions to the entire directory to rwx worked but like you mentioned this indeed brings about a secur

Re: [Pdns-users] pdns-recursor Permissions Error

Thank you, Otto. I have tried both options on a dummy server with exact same setup. I have attempted to comment out the line *extend pdns-rec /usr/local/bin/pdns_stats *in snmpd.conf file and still gotten the same error, however changing permissions to the entire directory to rwx worked but like y

Re: [Pdns-users] pdns-recursor Permissions Error

On 10/01/2020 09:56, Otto Moerbeek via Pdns-users wrote: It looks like the rec_control line your snmpd.conf is triggering the problem. Likely the snmd subsystem starts rec_control as a user that does not have permission to write into /var/run/pdns-recursor. You can try disabling (by commenting i

Re: [Pdns-users] pdns-recursor Permissions Error

It looks like the rec_control line your snmpd.conf is triggering the problem. Likely the snmd subsystem starts rec_control as a user that does not have permission to write into /var/run/pdns-recursor. You can try disabling (by commenting it out) the extend pdns-rec /usr/local/bin/pdns_stats line

Re: [Pdns-users] pdns-recursor Permissions Error

Hello Steve, I appreciate your response. Below is what is inside /etc/snmp/snmpd.conf file *rocommunity publicsyslocation "Data Center"syscontact ad...@techs.co.ug createUser admin SHA admin123! AES admin123!rouser admin authPrivextend pdns-rec /usr/local/bin/pdns_statsagentAddress udp:161

Re: [Pdns-users] pdns-recursor Permissions Error

On Wed, 2020-01-08 at 09:20 +0300, Sharone wrote: > # snmpwalk -v2c -c public localhost .1.3.6.1.4.1.8072.1.3.2.4.1.2 > iso.3.6.1.4.1.8072.1.3.2.4.1.2.8.112.100.110.115.45.114.101.99.1 = > STRING: "Fatal: Unable to generate local temporary file in directory > '/var/run/pdns-recursor': Permission de

Re: [Pdns-users] pdns-recursor Permissions Error

Hi Michael, I failed to find anything useful in the audit.log file as you recommended besides failed login attempts. Thought I'd share this as well # ps auxw | grep snmp snmp 24569 0.0 0.1 65068 8564 ?S09:28 0:07 /usr/sbin/snmpd -Lsd -Lf /dev/null -u snmp -g snmp -I -smux mte

Re: [Pdns-users] pdns-recursor Permissions Error

Hi Remi, Sorry looks like I may have misinterpreted your question. Even when invoke the command rec_control version as myself I do get an error. *$ rec_control versionFatal: Unable to generate local temporary file in directory '/var/run/pdns-recursor': Permission denied* Regards, Sharone B. O

Re: [Pdns-users] pdns-recursor Permissions Error

The issue is that I need to be able to poll data from the recursive DNS server, however I have been having trouble with permissions. This is the error I get when I run snmpwalk from the server. *# snmpwalk -v2c -c public localhost .1.3.6.1.4.1.8072.1.3.2.4.1.2iso.3.6.1.4.1.8072.1.3.2.4.1.2.8.112.

Re: [Pdns-users] pdns-recursor Permissions Error

On 1/7/20 3:00 PM, Sharone Bakara wrote: > On 7 Jan 2020, at 16:55, Remi Gacogne wrote: >> On 1/7/20 2:41 PM, Sharone wrote: >>> '/var/run/pdns-recursor': Permission denied"* >> I'm not sure of what your SNMP setup is, but it looks like the user >> invoking rec_control does not have the rights to

Re: [Pdns-users] pdns-recursor Permissions Error

On Tue, Jan 07, 2020 at 04:15:16PM +0100, Otto Moerbeek wrote: > On Tue, Jan 07, 2020 at 05:00:08PM +0300, Sharone Bakara wrote: > > > I get the same error as when I run it root. > > > > Regards, > > SB > > Can you please make a new mail with the exact commands and the error > messages? Your me

  1   2   3   4   5   >