Re: Problem with powerdns-recursor-4.0.3-1 package

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 10/23/2016 06:10 AM, Roel de Wildt via arch-general wrote:
> Hello,
>
> After a upgrade from powerdns-recursor-3.7.3-3 to
> powerdns-recursor-4.0.3-1 it does not return any dns queries anymore.
>
> In the daemon.log is logged:
>
> Oct 23 10:50:18 gateway001 pdns_recursor[3008]: Oct 23 10:50:18
> Sending SERVFAIL to 10.3.3.134 during resolve of 'google.nl' because:
> more than 50 (max-qperq) queries sent while resolving ns1.google.com
> Oct 23 10:50:19 gateway001 pdns_recursor[3008]: Oct 23 10:50:19
> Sending SERVFAIL to 10.3.3.134 during resolve of 'google.nl' because:
> more than 50 (max-qperq) queries sent while resolving ns2.google.com
>
> After a downgrade of powerdns-recursor-4.0.3-1 to 3.7.3-3 it is
> working again, without making changes to /etc/powerdns/recursor.conf.
>
> The customized configuration options in /etc/powerdns/recursor.conf:
>
> [root@gateway001 powerdns]# grep -v -e "#.*" recursor.conf | grep -e
> "..*"
> allow-from=127.0.0.0/8, 10.0.0.0/8, ::1/64, 2001:470:1f15:a09::/64,
> 2001:470:7b9a::/48
> auth-zones=.=/etc/powerdns/root.zone
> forward-zones=domain.lan=10.3.0.1,home.lan=10.3.0.21
> hint-file=/etc/powerdns/named.root
> local-address=127.0.0.1,10.3.0.253:53,[::1],[2001:470:7b9a:0a03::fd]:53
> local-port=5353
> log-common-errors=yes
> loglevel=9
> pdns-distributes-queries=yes
> query-local-address6=::

Looks like your not getting out to the root name servers and/or their
delegations.  I find it odd that you are claiming both authority for the
root zone and providing a hint file as well.  I wonder if it's
reasonable to claim authority for the root zone, since they may change
it dynamically if there are problems with one of the name servers.  I
think I would stay with just the hint file, though.  Are you doing this
for security reasons?  You could increase the log level and I believe
you will see the lookup chain and where it is failing.  You could also
watch with tcpdump.

Nataraj

>
> Do I need something to change to make it working against 4.0.x?
>
> I've searched at powerdns.com to options that have changed in the
> configuration but nothing helped.
>
> Kind regards,
> Roel de Wildt

Attachment: signature.asc
Description: OpenPGP digital signature

[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux