<div dir="ltr">I don't think that is the issue. From the recursor logs, see the bolded part:<div style>I therefore think I do not need to. Besides, it is answering queries for domains other than those whose DNS servers are hosted within my forwarders space.</div>
<div style><br></div><div><br><div><div>Apr 8 15:48:15 jaribu pdns_recursor[87243]: Operating in 64 bits mode</div><div>Apr 8 15:48:15 jaribu pdns_recursor[87243]: Reading random entropy from '/dev/urandom'</div>
<div><b>Apr 8 15:48:15 jaribu pdns_recursor[87243]: Only allowing queries from: <a href="http://127.0.0.0/8">127.0.0.0/8</a>, <a href="http://10.0.0.0/8">10.0.0.0/8</a>, <a href="http://100.64.0.0/10">100.64.0.0/10</a>, <a href="http://169.254.0.0/16">169.254.0.0/16</a>, <a href="http://192.168.0.0/16">192.168.0.0/16</a>,</b></div>
<div><a href="http://172.16.0.0/12">172.16.0.0/12</a>, ::1/128, fe80::/10</div><div>Apr 8 15:48:15 jaribu pdns_recursor[87243]: Will not send queries to: <a href="http://127.0.0.0/8">127.0.0.0/8</a>, <a href="http://10.0.0.0/8">10.0.0.0/8</a>, <a href="http://100.64.0.0/10">100.64.0.0/10</a>, <a href="http://169.254.0.0/16">169.254.0.0/16</a>, <a href="http://192.168.0.0/16">192.168.0.0/16</a>, 17</div>
<div><a href="http://2.16.0.0/12">2.16.0.0/12</a>, ::1/128, fe80::/10, 0.0.0.0, ::</div><div>Apr 8 15:48:15 jaribu pdns_recursor[87243]: NOT using IPv6 for outgoing queries - set 'query-local-address6=::' to enable</div>
<div>Apr 8 15:48:15 jaribu pdns_recursor[87243]: Inserting rfc 1918 private space zones</div><div>Apr 8 15:48:15 jaribu pdns_recursor[87243]: Listening for UDP queries on <a href="http://127.0.0.1:53">127.0.0.1:53</a></div>
<div>Apr 8 15:48:15 jaribu pdns_recursor[87243]: Listening for TCP queries on <a href="http://127.0.0.1:53">127.0.0.1:53</a></div><div>Apr 8 15:48:15 jaribu pdns_recursor[87243]: Calling daemonize, going to background</div>
<div>Apr 8 15:48:15 jaribu pdns_recursor[87247]: Launching 2 threads</div><div>Apr 8 15:48:15 jaribu pdns_recursor[87247]: Done priming cache with root hints</div><div>Apr 8 15:48:15 jaribu pdns_recursor[87247]: Done priming cache with root hints</div>
<div>Apr 8 15:48:15 jaribu pdns_recursor[87247]: Enabled 'kqueue' multiplexer</div><div>Apr 8 15:48:16 jaribu pdns_recursor[87247]: Refreshed . records</div></div><div><br></div></div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On 8 April 2013 12:45, abang <span dir="ltr"><<a href="mailto:abang@t-ipnet.net" target="_blank">abang@t-ipnet.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Don't know what went wrong. But you should add 127.0.0.1 to allow-from if you ask from 127.0.0.1<br>
<br>
<br>
<br>
Am 08.04.2013 11:32, schrieb Odhiambo Washington:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
I have a situation with pdns-recursor that I need help with.<br>
<br></div>
I am running it on <a href="http://127.0.0.1:53" target="_blank">127.0.0.1:53</a> <<a href="http://127.0.0.1:53" target="_blank">http://127.0.0.1:53</a>><div class="im"><br>
<br>
My configuration is as below:<br>
<br></div>
allow-from=<a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a> <<a href="http://192.168.0.0/16" target="_blank">http://192.168.0.0/16</a>><div class="im"><br>
#allow-from=<br>
dont-query=<br>
config-dir=/usr/local/etc/pdns<br>
daemon=yes<br>
quiet=yes<br>
etc-hosts-file=/etc/hosts<br>
export-etc-hosts=yes<br>
forward-zones-recurse=.=196.<u></u>200.16.2,.=196.200.16.27<br>
local-address=127.0.0.1<br>
local-port=53<br>
log-common-errors=yes<br>
logging-facility=0<br>
socket-dir=/var/run/<br>
threads=18<br>
trace=on<br>
<br>
Now, those two IPs listed in forward-zones-recurse are my ISPs DNS servers.<br>
The problem is that whenever I do an nslookup for any domains whose DNS<br>
records are handled by my ISP, including my ISPs domain name itself, I<br>
get a failure. I however get success when I query for domains outside my<br>
ISPs DNS servers:<br>
<br>
Here are my test results:<br>
<br>
[root@jaribu] /usr/local/etc/pdns# nslookup <a href="http://www.accesskenya.com" target="_blank">www.accesskenya.com</a><br></div>
<<a href="http://www.accesskenya.com" target="_blank">http://www.accesskenya.com</a>><div class="im"><br>
;; Got SERVFAIL reply from 127.0.0.1, trying next server<br>
;; connection timed out; no servers could be reached<br>
<br>
[root@jaribu] /usr/local/etc/pdns# nslookup <a href="http://www.gmail.com" target="_blank">www.gmail.com</a><br></div>
<<a href="http://www.gmail.com" target="_blank">http://www.gmail.com</a>><div class="im"><br>
Server: 127.0.0.1<br>
Address: 127.0.0.1#53<br>
<br>
Non-authoritative answer:<br>
</div><a href="http://www.gmail.com" target="_blank">www.gmail.com</a> <<a href="http://www.gmail.com" target="_blank">http://www.gmail.com</a>> canonical name = <a href="http://mail.google.com" target="_blank">mail.google.com</a><br>
<<a href="http://mail.google.com" target="_blank">http://mail.google.com</a>>.<br>
<a href="http://mail.google.com" target="_blank">mail.google.com</a> <<a href="http://mail.google.com" target="_blank">http://mail.google.com</a>> canonical name =<br>
<a href="http://googlemail.l.google.com" target="_blank">googlemail.l.google.com</a> <<a href="http://googlemail.l.google.com" target="_blank">http://googlemail.l.google.<u></u>com</a>>.<br>
Name: <a href="http://googlemail.l.google.com" target="_blank">googlemail.l.google.com</a> <<a href="http://googlemail.l.google.com" target="_blank">http://googlemail.l.google.<u></u>com</a>><br>
Address: 173.194.34.117<br>
Name: <a href="http://googlemail.l.google.com" target="_blank">googlemail.l.google.com</a> <<a href="http://googlemail.l.google.com" target="_blank">http://googlemail.l.google.<u></u>com</a>><div class="im"><br>
Address: 173.194.34.118<br>
<br>
[root@jaribu] /usr/local/etc/pdns# nslookup <a href="http://gw.cmehtanbo.com" target="_blank">gw.cmehtanbo.com</a><br></div>
<<a href="http://gw.cmehtanbo.com" target="_blank">http://gw.cmehtanbo.com</a>><div class="im"><br>
;; Got SERVFAIL reply from 127.0.0.1, trying next server<br>
;; connection timed out; no servers could be reached<br>
<br>
[root@jaribu] /usr/local/etc/pdns# nslookup <a href="http://gw.kictanet.or.ke" target="_blank">gw.kictanet.or.ke</a><br></div>
<<a href="http://gw.kictanet.or.ke" target="_blank">http://gw.kictanet.or.ke</a>><div class="im"><br>
Server: 127.0.0.1<br>
Address: 127.0.0.1#53<br>
<br>
Non-authoritative answer:<br></div>
Name: <a href="http://gw.kictanet.or.ke" target="_blank">gw.kictanet.or.ke</a> <<a href="http://gw.kictanet.or.ke" target="_blank">http://gw.kictanet.or.ke</a>><div class="im"><br>
Address: 62.8.64.102<br>
<br>
<br>
<br>
Is it that my configuration is bungled or that of my ISP is? Or is this<br>
something known?<br>
<br>
<br>
<br>
--<br>
Best regards,<br>
Odhiambo WASHINGTON,<br>
Nairobi,KE<br>
+254733744121/+254722743223<br>
"I can't hear you -- I'm using the scrambler."<br>
</div></blockquote>
<br>
<br>
______________________________<u></u>_________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.<u></u>com</a><br>
<a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users" target="_blank">http://mailman.powerdns.com/<u></u>mailman/listinfo/pdns-users</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254733744121/+254722743223<br>"I can't hear you -- I'm using the scrambler."<br>
</div>