<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi,<div><br></div><div>This is the first time posting to this board. If I am posting to the wrong list, sorry, and please advise where I should post this request for assistance.</div><div><br></div><div>We are setting up a new installation of pdns and recursor.<div><div><br></div><div>We have been running pdns for a couple years without issue. I am attempting to implement recursor and pdns to avoid a potential DOS attack and pass security compliance, which under the current version I am running will not pass.<div><br></div><div>Currently we have 3 servers running pdns 2.9.22 in a Centos 5.5 environment. Each with their own mysql slave db. Al l works great except for the DOS issue.</div><div><br></div><div>I setup a new testing server with pdns 2.9.21 and recursor 3.3 also a Centos 5.5 box and I now pass security compliance, but am not getting the expected responses on DNS queries.</div><div><br></div><div>I setup recursor to respond on port 53 and pdns to respond on 5300.<br><div>
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Verdana; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="font-family: Helvetica; font-size: 12px; "><div><font class="Apple-style-span" face="Verdana" size="3"><span class="Apple-style-span" style="font-size: 11px; "><div><br></div>recursor.conf entries</span></font></div><div><font class="Apple-style-span" face="Verdana" size="3"><span class="Apple-style-span" style="font-size: 11px; "><div># forward-zones=</div><div>forward-zones=x.x.x.x:5300</div><div><div>local-port=53</div></div><div><br></div><div>pdns.conf entries</div><div><div>local-address=x.x.x.x</div><div>local-port=5300</div></div><div><br></div><div>If I query on a domain using dig I get the following error. "dig <a href="http://mytestdomain.com">mytestdomain.com</a> @ns5</div><div><br></div><div>------------------</div><div><div>; <<>> DiG 9.6.0-APPLE-P2 <<>> <a href="http://mytestdomain.com">mytestdomain.com</a> @ns5</div><div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18559</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0</div><div><br></div><div>;; QUESTION SECTION:</div><div>; <a href="http://mytestdomain.com">mytestdomain.com</a>.<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>A</div><div><br></div><div>;; Query time: 6 msec</div><div>;; SERVER: 209.3.87.44#53(209.3.87.44)</div><div>;; WHEN: Mon Dec 20 17:55:34 2010</div><div>;; MSG SIZE rcvd: 28</div></div><div><div>------------------</div><div></div></div><div><br></div><div>logs output - </div><div><div>Dec 20 17:43:25 xx pdns_recursor[9187]: [3] <a href="http://mytestdomain.com">mytestdomain.com</a>.: Resolved 'mytestdomain.com.' NS ns5.mydomain. to: xx.xx.xx.xx</div><div>Dec 20 17:43:25 xx pdns_recursor[9187]: [3] <a href="http://mytestdomain.com">mytestdomain.com</a>.: Trying IP xx.xx.xx.xx:53, asking 'mytestdomain.com.|A'</div><div>Dec 20 17:43:25 xx pdns_recursor[9187]: 0 question answered from packet cache from xx.xx.xx.xx</div><div>Dec 20 17:43:25 xx pdns_recursor[9187]: [3] <a href="http://mytestdomain.com">mytestdomain.com</a>.: Got 0 answers from ns5.mydomain.net. (xx.xx.xx.xx), rcode=0, in 3ms</div><div>Dec 20 17:43:25 xx pdns_recursor[9187]: [3] <a href="http://mytestdomain.com">mytestdomain.com</a>.: determining status after receiving this packet</div><div>Dec 20 17:43:25 xx pdns_recursor[9187]: [3] <a href="http://mytestdomain.com">mytestdomain.com</a>.: status=noerror, other types may exist, but we are done </div><div>Dec 20 17:43:25 xx pdns_recursor[9187]: [3] <a href="http://mytestdomain.com">mytestdomain.com</a>.: Starting additional processing</div><div>Dec 20 17:43:25 xx pdns_recursor[9187]: [3] <a href="http://mytestdomain.com">mytestdomain.com</a>.: Done with additional processing</div><div>Dec 20 17:43:25 xx pdns_recursor[9187]: 0 [3] answer to question 'mytestdomain.com.|A': 0 answers, 0 additional, took 6 packets, 0 throttled, 0 timeouts, 0 tcp connections, rcode=0</div><div>Dec 20 17:43:59 xx pdns_recursor[9187]: 1 question answered from packet cache from xx.xx.xx.xx</div></div><div><br></div><div>It looks as if it is trying the local dns server on 53, but it is not getting a reply. Also I do not see any queries hitting the database.</div><div><br></div><div>If any additional information is needed, LMK</div><div><br></div><div>Any help would be appreciated.</div><div><br></div><div>Thanks,</div><div><br></div><div>Patrick</div><div><br></div></span></font></div><br class="Apple-interchange-newline"></span></span><br class="Apple-interchange-newline">
</div>
<br></div></div></div></div></body></html>