<div dir="ltr"><div dir="ltr">I just got it to work, turns out my recursor was not running and that is why it was timing out. Thank you for recommending the tcpdump which helped me see that the call was going through.<input name="virtru-metadata" type="hidden" value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"enableNoauth":false,"persistentProtection":false,"expandedWatermarking":false,"expires":false,"isManaged":false},"attachments":{},"compose-id":"3","compose-window":{"secure":false}}"><div><br></div><div>Also for anyone else dealing in similar issues. Setting "trace=on" in recursor.conf helps see the queries in realtime.</div><div><br></div><div>Best,</div><div>Chhavi</div></div><br><div class="gmail_quote" style=""><div dir="ltr" class="gmail_attr">On Wed, Mar 31, 2021 at 12:12 PM Chhavi Mittal <<a href="mailto:chhavi.mittal@verizonmedia.com">chhavi.mittal@verizonmedia.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">Hi Brian,<div><br></div><div>This is what I get in tcpdump: I see a call to 53 for securityservices and then a call to 8699 for <a href="http://mydomain.com" target="_blank">mydomain.com</a> and then 2 more pair of calls for the same but end result is a timeout.</div><div><br></div><div>12:09:18.666913 IP (tos 0x0, ttl 64, id 5331, offset 0, flags [none], proto UDP (17), length 81)<br> 127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? <a href="http://securityservices.com" target="_blank">securityservices.com</a>. (53)<br> 0x0000: 4500 0051 14d3 0000 4011 67c7 7f00 0001 E..Q....@.g.....<br> 0x0010: 7f00 0001 8e4b 0035 003d fe50 8057 0120 .....K.5.=.P.W..<br> 0x0020: 0001 0000 0000 0001 1476 6572 6173 6563 .........sec<br> 0x0030: 7572 6974 7973 6572 7669 6365 7303 636f <a href="http://urityservices.co" target="_blank">urityservices.co</a><br> 0x0040: 6d00 0001 0001 0000 2910 0000 0000 0000 m.......).......<br> 0x0050: 00 .<br>12:09:18.667947 IP (tos 0x0, ttl 64, id 5332, offset 0, flags [DF], proto UDP (17), length 58)<br> 127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30<br> 0x0000: 4500 003a 14d4 4000 4011 27dd 7f00 0001 E..:..@.@.'.....<br> 0x0010: 7f00 0001 9e40 21fb 0026 fe39 6eeb 0100 .....@!..&.9n...<br> 0x0020: 0001 0000 0000 0000 086d 7964 6f6d 6169 .........mydomai<br> 0x0030: 6e03 636f 6d00 0001 0001 n.com.....<br>12:09:23.666879 IP (tos 0x0, ttl 64, id 7361, offset 0, flags [none], proto UDP (17), length 81)<br> 127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? <a href="http://securityservices.com" target="_blank">securityservices.com</a>. (53)<br> 0x0000: 4500 0051 1cc1 0000 4011 5fd9 7f00 0001 E..Q....@._.....<br> 0x0010: 7f00 0001 8e4b 0035 003d fe50 8057 0120 .....K.5.=.P.W..<br> 0x0020: 0001 0000 0000 0001 1476 6572 6173 6563 .........sec<br> 0x0030: 7572 6974 7973 6572 7669 6365 7303 636f <a href="http://urityservices.co" target="_blank">urityservices.co</a><br> 0x0040: 6d00 0001 0001 0000 2910 0000 0000 0000 m.......).......<br> 0x0050: 00 .<br>12:09:23.669459 IP (tos 0x0, ttl 64, id 7363, offset 0, flags [DF], proto UDP (17), length 58)<br> 127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30<br> 0x0000: 4500 003a 1cc3 4000 4011 1fee 7f00 0001 E..:..@.@.......<br> 0x0010: 7f00 0001 9e40 21fb 0026 fe39 69eb 0100 .....@!..&.9i...<br> 0x0020: 0001 0000 0000 0000 086d 7964 6f6d 6169 .........mydomai<br> 0x0030: 6e03 636f 6d00 0001 0001 n.com.....<br>12:09:28.667125 IP (tos 0x0, ttl 64, id 11356, offset 0, flags [none], proto UDP (17), length 81)<br> 127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? <a href="http://securityservices.com" target="_blank">securityservices.com</a>. (53)<br> 0x0000: 4500 0051 2c5c 0000 4011 503e 7f00 0001 E..Q,\..@.P>....<br> 0x0010: 7f00 0001 8e4b 0035 003d fe50 8057 0120 .....K.5.=.P.W..<br> 0x0020: 0001 0000 0000 0001 1476 6572 6173 6563 .........sec<br> 0x0030: 7572 6974 7973 6572 7669 6365 7303 636f <a href="http://urityservices.co" target="_blank">urityservices.co</a><br> 0x0040: 6d00 0001 0001 0000 2910 0000 0000 0000 m.......).......<br> 0x0050: 00 .<br>12:09:28.667506 IP (tos 0x0, ttl 64, id 11357, offset 0, flags [DF], proto UDP (17), length 58)<br> 127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30<br> 0x0000: 4500 003a 2c5d 4000 4011 1054 7f00 0001 E..:,]@.@..T....<br> 0x0010: 7f00 0001 9e40 21fb 0026 fe39 68eb 0100 .....@!..&.9h...<br> 0x0020: 0001 0000 0000 0000 086d 7964 6f6d 6169 .........mydomai<br> 0x0030: 6e03 636f 6d00 0001 0001 n.com.....<br><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 30, 2021 at 2:12 AM Brian Candler <<a href="mailto:b.candler@pobox.com" target="_blank">b.candler@pobox.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div>On 29/03/2021 21:34, Chhavi Mittal via
Pdns-users wrote:<br>
</div>
<blockquote type="cite">
<div>I have a pdns and pdns_recursor running on the same server
and I have one ALIAS record and one A record for the alias both
belonging to the same domain entry but when I do 'dig' on the
ALIAS it's not returning an answer.</div>
</blockquote>
<p>In that case what does it return: NXDOMAIN? NODATA? SERVFAIL?
Timeout?</p>
<p><br>
</p>
<blockquote type="cite">
<div> This is what I have in my mysql:</div>
<div><br>
</div>
<div>Domains<br>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+-----+------+--------+------------+--------+</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">| id<span>
</span>| name | master | last_check | type <span> </span>|</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+-----+------+--------+------------+--------+</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">| 274 | .<span>
</span>| NULL <span> </span>| <span> </span>NULL
| NATIVE |</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+-----+------+--------+------------+--------+</span></p>
</div>
<div><br>
</div>
<div>Records</div>
<div>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+---+--------------------------+------+-------------+</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">274 | <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__mydomain.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=bA8lf2-6y-lnuN6DjyREBgTm1meCP0T8DlBKqMrFjEY&e=" target="_blank">mydomain.com</a> | A<span>
</span>| 10.1.164.107<br>
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+---+--------------------------+------+-------------+<br>
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">274 | <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__securityservices.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=4C9GraXRQnUPkKWBeQvN1TrOqDDQoBkRhrtGTx_NAhw&e=" target="_blank">securityservices.com</a> | ALIAS |
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__mydomain.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=bA8lf2-6y-lnuN6DjyREBgTm1meCP0T8DlBKqMrFjEY&e=" target="_blank">mydomain.com</a></span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+---+---------------------------+------+-------------+<br>
</span></p>
</div>
</blockquote>
<p>What do you get if you dig separately:</p>
<p>dig @<a href="http://127.0.0.1" target="_blank">127.0.0.1</a> <a href="http://mydomain.com" target="_blank">mydomain.com</a>. a</p>
<p><br>
</p>
<blockquote type="cite">
<div>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><br>
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small">I
am expecting the final answer of '<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__securityservices.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=4C9GraXRQnUPkKWBeQvN1TrOqDDQoBkRhrtGTx_NAhw&e=" target="_blank">securityservices.com</a>' to be "</span><span style="font-family:Arial,Helvetica,sans-serif;font-size:small;color:rgb(34,34,34)">10.1.164.107".
I feel I have a problem in my configuration but I am not
able to figure it out. Please help!!<br>
<br>
<b>pdns config:</b></span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-size:small">expand-alias=yes</span><br>
</p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)">resolver=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8699&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=Bx82slLKUmAY8UBhmp6DPwlvJecEmErXdNSGuarxky0&e=" target="_blank">127.0.0.1:8699</a><span style="font-family:Arial,Helvetica,sans-serif;color:rgb(34,34,34)"><br>
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">setgid=pdns</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"></span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">setuid=pdns</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><br>
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small"><b>recursor
config:</b></span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">allow-from=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__0.0.0.0_0&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=GeR8zV95mCJu_AIUuH7Ey7TGh76ejLhEU1gTWDEpwsQ&e=" target="_blank">0.0.0.0/0</a><br>
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">forward-zones=.=127.0.0.1</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">local-address=127.0.0.1</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">local-port=8699</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">setgid=pdns</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">setuid=pdns</span></p>
</div>
</blockquote>
<p>Try running tcpdump at the same time:<br>
</p>
<p>tcpdump -i lo -nn -s0 -vX udp port 53 or udp port 8699<br>
</p>
<p>Then when you "dig @<a href="http://127.0.0.1" target="_blank">127.0.0.1</a> <a href="http://securityservices.com" target="_blank">securityservices.com</a>. a", look at
the tcpdump traffic.<br>
</p>
<p>1. do you see the incoming request for "<a href="http://securityservices.com" target="_blank">securityservices.com</a>" to
pdns-auth with dst port 53? (You should!)<br>
2. do you see the request for "<a href="http://mydomain.com" target="_blank">mydomain.com</a>" from auth to recursor
with dst port 8699?<br>
3. do you see the request for "<a href="http://mydomain.com" target="_blank">mydomain.com</a>" from recursor to auth
with dst port 53?<br>
4. do you see the response to (3) with src port 53?<br>
5. do you see the response to (2) with src port 8699?<br>
6. do you see the response to (1) with src port 53?<br>
</p>
<p><br>
</p>
</div>
</blockquote></div></div>
</blockquote></div></div>