<div dir="ltr"><div dir="ltr">Hi Brian,<input name="virtru-metadata" type="hidden" value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"enableNoauth":false,"persistentProtection":false,"expandedWatermarking":false,"expires":false,"isManaged":false},"attachments":{},"compose-id":"1","compose-window":{"secure":false}}"><div><br></div><div>This is what I get in tcpdump: I see a call to 53 for securityservices and then a call to 8699 for <a href="http://mydomain.com">mydomain.com</a> and then 2 more pair of calls for the same but end result is a timeout.</div><div><br></div><div>12:09:18.666913 IP (tos 0x0, ttl 64, id 5331, offset 0, flags [none], proto UDP (17), length 81)<br>    127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? <a href="http://securityservices.com">securityservices.com</a>. (53)<br>  0x0000:  4500 0051 14d3 0000 4011 67c7 7f00 0001  E..Q....@.g.....<br>  0x0010:  7f00 0001 8e4b 0035 003d fe50 8057 0120  .....K.5.=.P.W..<br>  0x0020:  0001 0000 0000 0001 1476 6572 6173 6563  .........sec<br>      0x0030:  7572 6974 7973 6572 7669 6365 7303 636f  <a href="http://urityservices.co">urityservices.co</a><br>      0x0040:  6d00 0001 0001 0000 2910 0000 0000 0000  m.......).......<br>  0x0050:  00                                       .<br>12:09:18.667947 IP (tos 0x0, ttl 64, id 5332, offset 0, flags [DF], proto UDP (17), length 58)<br>    127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30<br>    0x0000:  4500 003a 14d4 4000 4011 27dd 7f00 0001  E..:..@.@.'.....<br>      0x0010:  7f00 0001 9e40 21fb 0026 fe39 6eeb 0100  .....@!..&.9n...<br>      0x0020:  0001 0000 0000 0000 086d 7964 6f6d 6169  .........mydomai<br>  0x0030:  6e03 636f 6d00 0001 0001                 n.com.....<br>12:09:23.666879 IP (tos 0x0, ttl 64, id 7361, offset 0, flags [none], proto UDP (17), length 81)<br>    127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? <a href="http://securityservices.com">securityservices.com</a>. (53)<br>  0x0000:  4500 0051 1cc1 0000 4011 5fd9 7f00 0001  E..Q....@._.....<br>  0x0010:  7f00 0001 8e4b 0035 003d fe50 8057 0120  .....K.5.=.P.W..<br>  0x0020:  0001 0000 0000 0001 1476 6572 6173 6563  .........sec<br>      0x0030:  7572 6974 7973 6572 7669 6365 7303 636f  <a href="http://urityservices.co">urityservices.co</a><br>      0x0040:  6d00 0001 0001 0000 2910 0000 0000 0000  m.......).......<br>  0x0050:  00                                       .<br>12:09:23.669459 IP (tos 0x0, ttl 64, id 7363, offset 0, flags [DF], proto UDP (17), length 58)<br>    127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30<br>    0x0000:  4500 003a 1cc3 4000 4011 1fee 7f00 0001  E..:..@.@.......<br>  0x0010:  7f00 0001 9e40 21fb 0026 fe39 69eb 0100  .....@!..&.9i...<br>      0x0020:  0001 0000 0000 0000 086d 7964 6f6d 6169  .........mydomai<br>  0x0030:  6e03 636f 6d00 0001 0001                 n.com.....<br>12:09:28.667125 IP (tos 0x0, ttl 64, id 11356, offset 0, flags [none], proto UDP (17), length 81)<br>    127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? <a href="http://securityservices.com">securityservices.com</a>. (53)<br> 0x0000:  4500 0051 2c5c 0000 4011 503e 7f00 0001  E..Q,\..@.P>....<br>       0x0010:  7f00 0001 8e4b 0035 003d fe50 8057 0120  .....K.5.=.P.W..<br>  0x0020:  0001 0000 0000 0001 1476 6572 6173 6563  .........sec<br>      0x0030:  7572 6974 7973 6572 7669 6365 7303 636f  <a href="http://urityservices.co">urityservices.co</a><br>      0x0040:  6d00 0001 0001 0000 2910 0000 0000 0000  m.......).......<br>  0x0050:  00                                       .<br>12:09:28.667506 IP (tos 0x0, ttl 64, id 11357, offset 0, flags [DF], proto UDP (17), length 58)<br>    127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30<br>   0x0000:  4500 003a 2c5d 4000 4011 1054 7f00 0001  E..:,]@.@..T....<br>  0x0010:  7f00 0001 9e40 21fb 0026 fe39 68eb 0100  .....@!..&.9h...<br>      0x0020:  0001 0000 0000 0000 086d 7964 6f6d 6169  .........mydomai<br>  0x0030:  6e03 636f 6d00 0001 0001                 n.com.....<br><br></div></div><br><div class="gmail_quote" style=""><div dir="ltr" class="gmail_attr">On Tue, Mar 30, 2021 at 2:12 AM Brian Candler <<a href="mailto:b.candler@pobox.com">b.candler@pobox.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    <div>On 29/03/2021 21:34, Chhavi Mittal via
      Pdns-users wrote:<br>
    </div>
    <blockquote type="cite">
      <div>I have a pdns and pdns_recursor running on the same server
        and I have one ALIAS record and one A record for the alias both
        belonging to the same domain entry but when I do 'dig' on the
        ALIAS it's not returning an answer.</div>
    </blockquote>
    <p>In that case what does it return: NXDOMAIN? NODATA? SERVFAIL?
      Timeout?</p>
    <p><br>
    </p>
    <blockquote type="cite">
      <div> This is what I have in my mysql:</div>
      <div><br>
      </div>
      <div>Domains<br>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+-----+------+--------+------------+--------+</span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">| id<span> 
            </span>| name | master | last_check | type <span>  </span>|</span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+-----+------+--------+------------+--------+</span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">| 274 | .<span> 
                </span>| NULL <span>  </span>| <span>      </span>NULL
            | NATIVE |</span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+-----+------+--------+------------+--------+</span></p>
      </div>
      <div><br>
      </div>
      <div>Records</div>
      <div>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+---+--------------------------+------+-------------+</span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">274 | <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__mydomain.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=bA8lf2-6y-lnuN6DjyREBgTm1meCP0T8DlBKqMrFjEY&e=" target="_blank">mydomain.com</a>             | A<span> 
                 </span>| 10.1.164.107<br>
          </span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+---+--------------------------+------+-------------+<br>
          </span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">274 | <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__securityservices.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=4C9GraXRQnUPkKWBeQvN1TrOqDDQoBkRhrtGTx_NAhw&e=" target="_blank">securityservices.com</a> | ALIAS |
            <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__mydomain.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=bA8lf2-6y-lnuN6DjyREBgTm1meCP0T8DlBKqMrFjEY&e=" target="_blank">mydomain.com</a></span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+---+---------------------------+------+-------------+<br>
          </span></p>
      </div>
    </blockquote>
    <p>What do you get if you dig separately:</p>
    <p>dig @<a href="http://127.0.0.1" target="_blank">127.0.0.1</a> <a href="http://mydomain.com" target="_blank">mydomain.com</a>. a</p>
    <p><br>
    </p>
    <blockquote type="cite">
      <div>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><br>
          </span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small">I
            am expecting the final answer of '<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__securityservices.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=4C9GraXRQnUPkKWBeQvN1TrOqDDQoBkRhrtGTx_NAhw&e=" target="_blank">securityservices.com</a>' to be "</span><span style="font-family:Arial,Helvetica,sans-serif;font-size:small;color:rgb(34,34,34)">10.1.164.107".
            I feel I have a problem in my configuration but I am not
            able to figure it out. Please help!!<br>
            <br>
            <b>pdns config:</b></span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-size:small">expand-alias=yes</span><br>
        </p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)">resolver=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8699&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=Bx82slLKUmAY8UBhmp6DPwlvJecEmErXdNSGuarxky0&e=" target="_blank">127.0.0.1:8699</a><span style="font-family:Arial,Helvetica,sans-serif;color:rgb(34,34,34)"><br>
          </span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">setgid=pdns</span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
          </span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"></span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">setuid=pdns</span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><br>
          </span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small"><b>recursor
              config:</b></span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">allow-from=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__0.0.0.0_0&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=GeR8zV95mCJu_AIUuH7Ey7TGh76ejLhEU1gTWDEpwsQ&e=" target="_blank">0.0.0.0/0</a><br>
          </span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">forward-zones=.=127.0.0.1</span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
          </span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">local-address=127.0.0.1</span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
          </span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">local-port=8699</span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
          </span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">setgid=pdns</span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
          </span></p>
        <p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">setuid=pdns</span></p>
      </div>
    </blockquote>
    <p>Try running tcpdump at the same time:<br>
    </p>
    <p>tcpdump -i lo -nn -s0 -vX udp port 53 or udp port 8699<br>
    </p>
    <p>Then when you "dig @<a href="http://127.0.0.1" target="_blank">127.0.0.1</a> <a href="http://securityservices.com" target="_blank">securityservices.com</a>. a", look at
      the tcpdump traffic.<br>
    </p>
    <p>1. do you see the incoming request for "<a href="http://securityservices.com" target="_blank">securityservices.com</a>" to
      pdns-auth with dst port 53?  (You should!)<br>
      2. do you see the request for "<a href="http://mydomain.com" target="_blank">mydomain.com</a>" from auth to recursor
      with dst port 8699?<br>
      3. do you see the request for "<a href="http://mydomain.com" target="_blank">mydomain.com</a>" from recursor to auth
      with dst port 53?<br>
      4. do you see the response to (3) with src port 53?<br>
      5. do you see the response to (2) with src port 8699?<br>
      6. do you see the response to (1) with src port 53?<br>
    </p>
    <p><br>
    </p>
  </div>

</blockquote></div></div>