<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello Bert,</p>
<p>Here's a link to the trace
<a class="moz-txt-link-freetext" href="https://code.compassfoundation.io/snippets/9">https://code.compassfoundation.io/snippets/9</a></p>
<pre style="white-space: pre-wrap; color: rgb(0, 0, 0); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">I did wonder too if there's an issue of reaching root servers, or firewall modifying responses, so I did try installing unbound on the same machine, and it's working fine. unbound on port 3053 always works, but pdns on port 2053 always FAIL.
Regards,
Dave
</pre>
<div class="moz-cite-prefix">On 5/25/20 4:04 PM, bert hubert wrote:<br>
</div>
<blockquote type="cite"
cite="mid:20200525200442.GB23833@server.ds9a.nl">
<pre class="moz-quote-pre" wrap="">On Mon, May 25, 2020 at 03:57:22PM -0400, Dave Burkholder via Pdns-users wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">When I enable trace, I get lines like:
May 25 15:36:44 system.cdc.lan pdns_recursor[16801]: [2] bing.com: Got 3 answers from b.root-servers.net (199.9.14.201), rcode=0 (No Error), aa=0, in 6ms
May 25 15:36:44 system.cdc.lan pdns_recursor[16801]: [2] Removing record 'bing.com|A|204.79.197.200' in the answer section without the AA bit set received from .
May 25 15:36:44 system.cdc.lan pdns_recursor[16801]: [2] Removing record 'bing.com|A|13.107.21.200' in the answer section without the AA bit set received from .
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Could you please send a complete output of trace? It appears someone is
intercepting and changing your DNS responses.
Thanks!
Bert
</pre>
</blockquote>
</body>
</html>