<html><head></head><body>Thank you Demi,<br>I appreciate your reply. <br>Not sure I have a leg to stand on eith them, the old standard reply I got when I contacted them.<br>"No one else is having problems, only you" <br>I do wonder what the recursor do on transient failures, it is never guaranteed one will always get a reply. A packet may get dropped by any router in the path. An overloaded router out there or a bandwidth controller could just drop packets...<br>I am just grasping for straws here as I am not good at this...<br><br>Sergio<br><br><br><div class="gmail_quote">On May 4, 2020 7:41:09 AM CDT, Remi Gacogne via Pdns-users <pdns-users@mailman.powerdns.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">On 5/1/20 10:31 PM, Sergio Cesar via Pdns-users wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">Thus the question remains: what do I need to change in the recursor<br>configuration to make it work as bind does and resolve even tough it<br>looks like an issue at their end?<br></blockquote><br>I don't know how bind does resolve but we are doing the right thing<br>here, we get a delegation to two NS (mail1.alestra.net.mx. and<br>dns.alestra.net.mx.) for s-s.mx. from the mx. zone, and both of these<br>servers fail to respond to the first request we send to them. There is<br>nothing else to try but return a SERVFAIL. This zone is broken and needs<br>to be fixed.<br><br>Remi<br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">On 5/1/2020 12:22 PM, Aki Tuomi wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ad7fa8; padding-left: 1ex;"> Can you try with 'dig' instead? Also the logs seem truncated. Although<br> I'm getting SERVFAIL intermittedly too, which suggests problem at<br> their end. Their servers seem unresponsive sometimes, especially if<br> you try<br><br> dig s-s.mx @mail2.alestra.net.mx.<br> dig s-s.mx @dns.alestra.net.mx.<br><br> and wait some time (like 10 seconds) in between.<br><br> Aki<br><br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;"> On 05/01/2020 7:17 PM Sergio Cesar <sergio@winc.net> wrote:<br><br> root@ns1:~# host s-s.mx<br> Host s-s.mx not found: 2(SERVFAIL)<br><br> root@ns1:~# cat /var/log/syslog | grep s-s.mx<br> May 1 09:42:51 ns1 pdns_server[16452]: Remote 216.183.32.162 wants<br> 's-s/mx.winc.net|A', do = 1, bufsize = 1232 (4096): packetcache MISS<br> May 1 11:08:43 ns1 pdns_recursor[22995]: 3 [38702/1] question for<br> 's-s.mx|A' from 216.183.32.182:60383<br> May 1 11:08:46 ns1 pdns_recursor[22995]: 3 [38702/1] answer to question<br> 's-s.m |A': 0 answers, 1 additional, took 5 packets, 3106.89 netw ms,<br> 3110.29 tot ms, 0 throttled, 2 timeouts, 0 tcp connections, rcode=2<br> May 1 12:14:25 ns1 pdns_recursor[22995]: 3 [39863/1] question for<br> 's-s.mx|A' from 216.183.32.145:35773<br> May 1 12:14:28 ns1 pdns_recursor[22995]: 3 [39863/1] answer to question<br> 's-s.m |A': 0 answers, 0 additional, took 2 packets, 3006.53 netw ms,<br> 3010.36 tot ms, 0 throttled, 2 timeouts, 0 tcp connections, rcode=2<br><br><br> On 5/1/2020 12:12 PM, Aki Tuomi wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"> Next step, try to resolve s-s.mx and check your logs. Like<br> /var/log/syslog?<br><br> Aki<br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #e9b96e; padding-left: 1ex;"> On 05/01/2020 7:09 PM Sergio Cesar <sergio@winc.net> wrote:<br><br> Thank you for the reply.<br><br> Here it is, not sure what that means.<br> The recursor is running on the same server as the PDNS with a<br> different<br> IP address. if that makes a difference.<br><br> root@ns1:~# rec_control trace-regex s-s.mx<br> ok<br> ok<br> ok<br><br> On 5/1/2020 11:37 AM, Aki Tuomi wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ccc; padding-left: 1ex;"> On 05/01/2020 6:31 PM Sergio P Cesar via Pdns-users<br> <pdns-users@mailman.powerdns.com> wrote:<br><br> I am new with pdns, just installed a resolver 4.3.0-rc2 to<br> learn and all<br> seems to work but stumbled into an issue I cant resolve.<br><br> My mailserver failed to deliver email to a few domains, in<br> tracking it I<br> found that their DNS will drop the first packet on every new<br> query but<br> will respond on a second query ok and every one after that. (5<br> minutes<br> timeout) it will drop the 1st packet again.<br> I was expecting the recursor to query the 2nd and 3rd server in<br> their<br> list but it does not look like it is doing that.<br> It seems like it is caching the failure and does not query again<br> at all<br> for a while.<br> I changed packetcache-servfail-ttl=0 and now it looks like after<br> the 3rd<br> query attempt it will work as the far end server now respond.<br> Not sure this is correct setting or I will have adverse effect<br> setting<br> this to 0.<br><br> Perhaps I have not set something else that will tell the recursor<br> to try<br> the next server if the first one fail to respond or send a second<br> packet<br> or a retry.<br> I used bind to test and it gets a response on the first try. I<br> did not<br> try to trace the packets from a bind query.<br><br> Thanks<br><br><br></blockquote> Try `rec_control trace-regex domain.com` and post that. Without<br> censoring the results.<br><br> Aki<br></blockquote></blockquote></blockquote><br></blockquote></blockquote><hr>Pdns-users mailing list<br>Pdns-users@mailman.powerdns.com<br><a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br></blockquote><br></pre></blockquote></div><br>-- <br>Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>