<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">I have pdns authoritative server configured on three servers and pdns recursor configured on two other servers. dnsdist is configure on a sixth server with the following configuration:<br><br><b>setLocal("<a href="http://10.240.70.91:53">10.240.70.91:53</a>")<br>newServer({address="<a href="http://10.240.70.81:53">10.240.70.81:53</a>",pool="auth"})<br>newServer({address="<a href="http://10.240.70.82:53">10.240.70.82:53</a>",pool="auth"})<br>newServer({address="<a href="http://10.240.70.83:53">10.240.70.83:53</a>",pool="auth"})<br>newServer({address="<a href="http://10.240.70.84:53">10.240.70.84:53</a>",pool="rec"})<br>newServer({address="<a href="http://10.240.70.85:53">10.240.70.85:53</a>",pool="rec"})<br>addAction("homelab.test.", PoolAction("auth"))<br>addAction(RDRule(), PoolAction("rec"))</b><br><br>Querying the pdns-auth servers directly yields the following result:<br><br><b>dig +trace homelab.test @<a href="http://10.240.70.81">10.240.70.81</a><br><br>; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> +trace homelab.test @<a href="http://10.240.70.81">10.240.70.81</a><br>;; global options: +cmd<br>;; Received 28 bytes from 10.240.70.81#53(10.240.70.81) in 3 ms</b><br><br>Similarly for the pdns-recursor servers:<br><div><br></div><div><b>dig <a href="http://www.yahoo.com">www.yahoo.com</a> @<a href="http://10.240.70.84">10.240.70.84</a></b></div><b><br>; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> <a href="http://www.yahoo.com">www.yahoo.com</a> @<a href="http://10.240.70.84">10.240.70.84</a><br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14602<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1<br><br>;; OPT PSEUDOSECTION:<br>; EDNS: version: 0, flags:; udp: 512<br>;; QUESTION SECTION:<br>;<a href="http://www.yahoo.com">www.yahoo.com</a>.            IN    A<br><br>;; ANSWER SECTION:<br><a href="http://www.yahoo.com">www.yahoo.com</a>.        253    IN    CNAME    <a href="http://atsv2-fp-shed.wg1.b.yahoo.com">atsv2-fp-shed.wg1.b.yahoo.com</a>.<br><a href="http://atsv2-fp-shed.wg1.b.yahoo.com">atsv2-fp-shed.wg1.b.yahoo.com</a>. 9 IN    A    72.30.35.9<br><a href="http://atsv2-fp-shed.wg1.b.yahoo.com">atsv2-fp-shed.wg1.b.yahoo.com</a>. 9 IN    A    98.138.219.231<br><a href="http://atsv2-fp-shed.wg1.b.yahoo.com">atsv2-fp-shed.wg1.b.yahoo.com</a>. 9 IN    A    98.138.219.232<br><a href="http://atsv2-fp-shed.wg1.b.yahoo.com">atsv2-fp-shed.wg1.b.yahoo.com</a>. 9 IN    A    72.30.35.10<br><br>;; Query time: 71 msec<br>;; SERVER: 10.240.70.84#53(10.240.70.84)<br>;; WHEN: Sun May 12 15:29:37 EDT 2019<br>;; MSG SIZE  rcvd: 140<br></b><div><br></div><div>When I point the query to the dnsdist server however, I get replies for the recursive query but the local domain does not provide the expected result:</div><div><br></div><div><b>dig <a href="http://www.yahoo.com">www.yahoo.com</a> @<a href="http://10.240.70.91">10.240.70.91</a><br><br>; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> <a href="http://www.yahoo.com">www.yahoo.com</a> @<a href="http://10.240.70.91">10.240.70.91</a><br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11278<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1<br><br>;; OPT PSEUDOSECTION:<br>; EDNS: version: 0, flags:; udp: 512<br>;; QUESTION SECTION:<br>;<a href="http://www.yahoo.com">www.yahoo.com</a>.            IN    A<br><br>;; ANSWER SECTION:<br><a href="http://www.yahoo.com">www.yahoo.com</a>.        119    IN    CNAME    <a href="http://atsv2-fp-shed.wg1.b.yahoo.com">atsv2-fp-shed.wg1.b.yahoo.com</a>.<br><a href="http://atsv2-fp-shed.wg1.b.yahoo.com">atsv2-fp-shed.wg1.b.yahoo.com</a>. 13 IN    A    98.138.219.231<br><a href="http://atsv2-fp-shed.wg1.b.yahoo.com">atsv2-fp-shed.wg1.b.yahoo.com</a>. 13 IN    A    72.30.35.9<br><a href="http://atsv2-fp-shed.wg1.b.yahoo.com">atsv2-fp-shed.wg1.b.yahoo.com</a>. 13 IN    A    72.30.35.10<br><a href="http://atsv2-fp-shed.wg1.b.yahoo.com">atsv2-fp-shed.wg1.b.yahoo.com</a>. 13 IN    A    98.138.219.232<br><br>;; Query time: 72 msec<br>;; SERVER: 10.240.70.91#53(10.240.70.91)<br>;; WHEN: Sun May 12 15:31:52 EDT 2019<br>;; MSG SIZE  rcvd: 140<br></b></div><div><b><br></b></div><div><b><br></b></div><div>I get the following result when querying dnsdist server:</div><div><br></div><div><b>dig powerdns-1.homelab.test @<a href="http://10.240.70.91">10.240.70.91</a><br><br>; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> powerdns-1.homelab.test @<a href="http://10.240.70.91">10.240.70.91</a><br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 50992<br>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1<br>;; WARNING: recursion requested but not available<br><br>;; OPT PSEUDOSECTION:<br>; EDNS: version: 0, flags:; udp: 1232<br>;; QUESTION SECTION:<br>;powerdns-1.homelab.test.    IN    A<br><br>;; Query time: 4 msec<br>;; SERVER: 10.240.70.91#53(10.240.70.91)<br>;; WHEN: Sun May 12 15:35:41 EDT 2019<br>;; MSG SIZE  rcvd: 52</b><br></div><div><br></div><div>But querying pdns-auth directly yields the following:</div><div><br></div><div><b>dig powerdns-1.homelab.test @<a href="http://10.240.70.81">10.240.70.81</a><br><br>; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> powerdns-1.homelab.test @<a href="http://10.240.70.81">10.240.70.81</a><br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58541<br>;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1<br>;; WARNING: recursion requested but not available<br><br>;; OPT PSEUDOSECTION:<br>; EDNS: version: 0, flags:; udp: 1232<br>;; QUESTION SECTION:<br>;powerdns-1.homelab.test.    IN    A<br><br>;; ANSWER SECTION:<br>powerdns-1.homelab.test. 3600    IN    A    10.240.70.81<br><br>;; Query time: 6 msec<br>;; SERVER: 10.240.70.81#53(10.240.70.81)<br>;; WHEN: Sun May 12 15:36:52 EDT 2019<br>;; MSG SIZE  rcvd: 68</b><br></div><div><br></div><div>How do I get a similar result from dnsdist? <br></div><div><b>dnsdist -V<br>dnsdist 1.4.0-alpha1 (Lua 5.1.4 [LuaJIT 2.0.4])<br>Enabled features: dns-over-tls(openssl) dnscrypt ebpf ipcipher libsodium protobuf re2 recvmmsg/sendmmsg systemd</b><br><br></div><div><br></div><div><br></div></div></div></div></div></div>