On 10/23/2016 11:13 AM, Nataraj via arch-general wrote:
> On 10/23/2016 06:10 AM, Roel de Wildt via arch-general wrote:
>> Hello,
>>
>> After a upgrade from powerdns-recursor-3.7.3-3 to
>> powerdns-recursor-4.0.3-1 it does not return any dns queries anymore.
>>
>> In the daemon.log is logged:
>>
>> Oct 23 10:50:18 gateway001 pdns_recursor[3008]: Oct 23 10:50:18
>> Sending SERVFAIL to 10.3.3.134 during resolve of 'google.nl' because:
>> more than 50 (max-qperq) queries sent while resolving ns1.google.com
>> Oct 23 10:50:19 gateway001 pdns_recursor[3008]: Oct 23 10:50:19
>> Sending SERVFAIL to 10.3.3.134 during resolve of 'google.nl' because:
>> more than 50 (max-qperq) queries sent while resolving ns2.google.com
>>
>> After a downgrade of powerdns-recursor-4.0.3-1 to 3.7.3-3 it is
>> working again, without making changes to /etc/powerdns/recursor.conf.
>>
>> The customized configuration options in /etc/powerdns/recursor.conf:
>>
>> [root@gateway001 powerdns]# grep -v -e "#.*" recursor.conf | grep -e
>> "..*"
>> allow-from=127.0.0.0/8, 10.0.0.0/8, ::1/64, 2001:470:1f15:a09::/64,
>> 2001:470:7b9a::/48
>> auth-zones=.=/etc/powerdns/root.zone
>> forward-zones=domain.lan=10.3.0.1,home.lan=10.3.0.21
>> hint-file=/etc/powerdns/named.root
>> local-address=127.0.0.1,10.3.0.253:53,[::1],[2001:470:7b9a:0a03::fd]:53
>> local-port=5353
>> log-common-errors=yes
>> loglevel=9
>> pdns-distributes-queries=yes
>> query-local-address6=::
> Looks like your not getting out to the root name servers and/or their
> delegations. I find it odd that you are claiming both authority for the
> root zone and providing a hint file as well. I wonder if it's
> reasonable to claim authority for the root zone, since they may change
> it dynamically if there are problems with one of the name servers. I
> think I would stay with just the hint file, though. Are you doing this
> for security reasons? You could increase the log level and I believe
> you will see the lookup chain and where it is failing. You could also
> watch with tcpdump.
>
> Nataraj
>
Setting trace=on will show you details of the lookups and responses. I
am having a problem with 4.0.3-1, but it is not the same as yours. The
recursor answers all queries correctly, however, if I try to restart or
stop and start the recursor from systemctl, systemctl hangs and then
eventually (maybe a minute or so) I get the following error. Note the
recursor actually starts and works fine, but systemd seems to think
there is a problem.
Job for pdns-recursor.service failed because a timeout was exceeded.
See "systemctl status pdns-recursor.service" and "journalctl -xe" for details.
journalctl shows no unusual errors in the log file, other than the
normal startup messages output by pdns-recursor.
systemctl then shows the process to still be in the start state.
systemctl status pdns-recursor.service
* pdns-recursor.service - PowerDNS Recursor
Loaded: loaded (/usr/lib/systemd/system/pdns-recursor.service; enabled; vendor preset: disabled)
Active: activating (start) since Sun 2016-10-23 15:22:04 MST; 29s ago
Docs: man:pdns_recursor(1)
man:rec_control(1)
https://doc.powerdns.com
Main PID: 2165 (pdns_recursor)
Memory: 4.4M
CPU: 137ms
CGroup: /system.slice/pdns-recursor.service
`-2165 /usr/bin/pdns_recursor --daemon=no --write-pid=no --disable-syslog
I am running archlinux arm on a version 7 freescale (cubox I4), so I
haven't ruled out that this could be an architecture specific problem.
Nataraj
