<div dir="ltr"><div dir="ltr">Hi Brian,<input name="virtru-metadata" type="hidden" value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"enableNoauth":false,"persistentProtection":false,"expandedWatermarking":false,"expires":false,"isManaged":false},"attachments":{},"compose-id":"1","compose-window":{"secure":false}}"><div><br></div><div>This is what I get in tcpdump: I see a call to 53 for securityservices and then a call to 8699 for <a href="http://mydomain.com">mydomain.com</a> and then 2 more pair of calls for the same but end result is a timeout.</div><div><br></div><div>12:09:18.666913 IP (tos 0x0, ttl 64, id 5331, offset 0, flags [none], proto UDP (17), length 81)<br> 127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? <a href="http://securityservices.com">securityservices.com</a>. (53)<br> 0x0000: 4500 0051 14d3 0000 4011 67c7 7f00 0001 E..Q....@.g.....<br> 0x0010: 7f00 0001 8e4b 0035 003d fe50 8057 0120 .....K.5.=.P.W..<br> 0x0020: 0001 0000 0000 0001 1476 6572 6173 6563 .........sec<br> 0x0030: 7572 6974 7973 6572 7669 6365 7303 636f <a href="http://urityservices.co">urityservices.co</a><br> 0x0040: 6d00 0001 0001 0000 2910 0000 0000 0000 m.......).......<br> 0x0050: 00 .<br>12:09:18.667947 IP (tos 0x0, ttl 64, id 5332, offset 0, flags [DF], proto UDP (17), length 58)<br> 127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30<br> 0x0000: 4500 003a 14d4 4000 4011 27dd 7f00 0001 E..:..@.@.'.....<br> 0x0010: 7f00 0001 9e40 21fb 0026 fe39 6eeb 0100 .....@!..&.9n...<br> 0x0020: 0001 0000 0000 0000 086d 7964 6f6d 6169 .........mydomai<br> 0x0030: 6e03 636f 6d00 0001 0001 n.com.....<br>12:09:23.666879 IP (tos 0x0, ttl 64, id 7361, offset 0, flags [none], proto UDP (17), length 81)<br> 127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? <a href="http://securityservices.com">securityservices.com</a>. (53)<br> 0x0000: 4500 0051 1cc1 0000 4011 5fd9 7f00 0001 E..Q....@._.....<br> 0x0010: 7f00 0001 8e4b 0035 003d fe50 8057 0120 .....K.5.=.P.W..<br> 0x0020: 0001 0000 0000 0001 1476 6572 6173 6563 .........sec<br> 0x0030: 7572 6974 7973 6572 7669 6365 7303 636f <a href="http://urityservices.co">urityservices.co</a><br> 0x0040: 6d00 0001 0001 0000 2910 0000 0000 0000 m.......).......<br> 0x0050: 00 .<br>12:09:23.669459 IP (tos 0x0, ttl 64, id 7363, offset 0, flags [DF], proto UDP (17), length 58)<br> 127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30<br> 0x0000: 4500 003a 1cc3 4000 4011 1fee 7f00 0001 E..:..@.@.......<br> 0x0010: 7f00 0001 9e40 21fb 0026 fe39 69eb 0100 .....@!..&.9i...<br> 0x0020: 0001 0000 0000 0000 086d 7964 6f6d 6169 .........mydomai<br> 0x0030: 6e03 636f 6d00 0001 0001 n.com.....<br>12:09:28.667125 IP (tos 0x0, ttl 64, id 11356, offset 0, flags [none], proto UDP (17), length 81)<br> 127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? <a href="http://securityservices.com">securityservices.com</a>. (53)<br> 0x0000: 4500 0051 2c5c 0000 4011 503e 7f00 0001 E..Q,\..@.P>....<br> 0x0010: 7f00 0001 8e4b 0035 003d fe50 8057 0120 .....K.5.=.P.W..<br> 0x0020: 0001 0000 0000 0001 1476 6572 6173 6563 .........sec<br> 0x0030: 7572 6974 7973 6572 7669 6365 7303 636f <a href="http://urityservices.co">urityservices.co</a><br> 0x0040: 6d00 0001 0001 0000 2910 0000 0000 0000 m.......).......<br> 0x0050: 00 .<br>12:09:28.667506 IP (tos 0x0, ttl 64, id 11357, offset 0, flags [DF], proto UDP (17), length 58)<br> 127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30<br> 0x0000: 4500 003a 2c5d 4000 4011 1054 7f00 0001 E..:,]@.@..T....<br> 0x0010: 7f00 0001 9e40 21fb 0026 fe39 68eb 0100 .....@!..&.9h...<br> 0x0020: 0001 0000 0000 0000 086d 7964 6f6d 6169 .........mydomai<br> 0x0030: 6e03 636f 6d00 0001 0001 n.com.....<br><br></div></div><br><div class="gmail_quote" style=""><div dir="ltr" class="gmail_attr">On Tue, Mar 30, 2021 at 2:12 AM Brian Candler <<a href="mailto:b.candler@pobox.com">b.candler@pobox.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div>On 29/03/2021 21:34, Chhavi Mittal via
Pdns-users wrote:<br>
</div>
<blockquote type="cite">
<div>I have a pdns and pdns_recursor running on the same server
and I have one ALIAS record and one A record for the alias both
belonging to the same domain entry but when I do 'dig' on the
ALIAS it's not returning an answer.</div>
</blockquote>
<p>In that case what does it return: NXDOMAIN? NODATA? SERVFAIL?
Timeout?</p>
<p><br>
</p>
<blockquote type="cite">
<div> This is what I have in my mysql:</div>
<div><br>
</div>
<div>Domains<br>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+-----+------+--------+------------+--------+</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">| id<span>
</span>| name | master | last_check | type <span> </span>|</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+-----+------+--------+------------+--------+</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">| 274 | .<span>
</span>| NULL <span> </span>| <span> </span>NULL
| NATIVE |</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+-----+------+--------+------------+--------+</span></p>
</div>
<div><br>
</div>
<div>Records</div>
<div>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+---+--------------------------+------+-------------+</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">274 | <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__mydomain.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=bA8lf2-6y-lnuN6DjyREBgTm1meCP0T8DlBKqMrFjEY&e=" target="_blank">mydomain.com</a> | A<span>
</span>| 10.1.164.107<br>
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+---+--------------------------+------+-------------+<br>
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">274 | <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__securityservices.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=4C9GraXRQnUPkKWBeQvN1TrOqDDQoBkRhrtGTx_NAhw&e=" target="_blank">securityservices.com</a> | ALIAS |
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__mydomain.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=bA8lf2-6y-lnuN6DjyREBgTm1meCP0T8DlBKqMrFjEY&e=" target="_blank">mydomain.com</a></span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">+---+---------------------------+------+-------------+<br>
</span></p>
</div>
</blockquote>
<p>What do you get if you dig separately:</p>
<p>dig @<a href="http://127.0.0.1" target="_blank">127.0.0.1</a> <a href="http://mydomain.com" target="_blank">mydomain.com</a>. a</p>
<p><br>
</p>
<blockquote type="cite">
<div>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><br>
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small">I
am expecting the final answer of '<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__securityservices.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=4C9GraXRQnUPkKWBeQvN1TrOqDDQoBkRhrtGTx_NAhw&e=" target="_blank">securityservices.com</a>' to be "</span><span style="font-family:Arial,Helvetica,sans-serif;font-size:small;color:rgb(34,34,34)">10.1.164.107".
I feel I have a problem in my configuration but I am not
able to figure it out. Please help!!<br>
<br>
<b>pdns config:</b></span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-size:small">expand-alias=yes</span><br>
</p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)">resolver=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8699&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=Bx82slLKUmAY8UBhmp6DPwlvJecEmErXdNSGuarxky0&e=" target="_blank">127.0.0.1:8699</a><span style="font-family:Arial,Helvetica,sans-serif;color:rgb(34,34,34)"><br>
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">setgid=pdns</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"></span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">setuid=pdns</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><br>
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small"><b>recursor
config:</b></span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:17px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">allow-from=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__0.0.0.0_0&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=GeR8zV95mCJu_AIUuH7Ey7TGh76ejLhEU1gTWDEpwsQ&e=" target="_blank">0.0.0.0/0</a><br>
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">forward-zones=.=127.0.0.1</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">local-address=127.0.0.1</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">local-port=8699</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">setgid=pdns</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">
</span></p>
<p style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures">setuid=pdns</span></p>
</div>
</blockquote>
<p>Try running tcpdump at the same time:<br>
</p>
<p>tcpdump -i lo -nn -s0 -vX udp port 53 or udp port 8699<br>
</p>
<p>Then when you "dig @<a href="http://127.0.0.1" target="_blank">127.0.0.1</a> <a href="http://securityservices.com" target="_blank">securityservices.com</a>. a", look at
the tcpdump traffic.<br>
</p>
<p>1. do you see the incoming request for "<a href="http://securityservices.com" target="_blank">securityservices.com</a>" to
pdns-auth with dst port 53? (You should!)<br>
2. do you see the request for "<a href="http://mydomain.com" target="_blank">mydomain.com</a>" from auth to recursor
with dst port 8699?<br>
3. do you see the request for "<a href="http://mydomain.com" target="_blank">mydomain.com</a>" from recursor to auth
with dst port 53?<br>
4. do you see the response to (3) with src port 53?<br>
5. do you see the response to (2) with src port 8699?<br>
6. do you see the response to (1) with src port 53?<br>
</p>
<p><br>
</p>
</div>
</blockquote></div></div>