<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 4/6/22 10:46, Adam Cecile wrote:<br>
</div>
<blockquote type="cite"
cite="mid:22e9a925-4fdc-9914-0cbb-6e38bd4d9281@letz-it.lu">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div class="moz-cite-prefix">On 4/6/22 10:44, Brian Candler wrote:<br>
</div>
<blockquote type="cite"
cite="mid:ecce9ff0-3f93-acae-b515-d7fa537dd81c@pobox.com">On
06/04/2022 09:36, Adam Cecile via Pdns-users wrote: <br>
<blockquote type="cite">Any idea what's going on here, I'm
completely lost. I guess my DNAME usage is somehow incorrect
but I don't understand why it's working intermittently (and
always with pure DNS call using dig...) <br>
</blockquote>
<br>
Just a thought, but does your system use systemd-resolved?
(Clue: /etc/resolv.conf points to nameserver 127.0.0.53). For
example, it may treat ".local" differently, given that domain is
reserved for multicast DNS (as dig output informs you); or there
may be some DNSSEC issue. "systemd-resolve --status" may give
you some clue. <br>
<br>
Apart from that, I suggest you look at the raw queries and
responses on the wire, and see how this differs between using
direct dig and gethostbyname: <br>
<br>
tcpdump -i eth0 -nn -s0 -v port 53 <br>
<br>
(replace "eth0" with whatever your external interace is) <br>
<br>
</blockquote>
<p>Hello,</p>
<p>No regular resolv.conf pointing to 127.0.0.1 (local DNSDist
-> local PowerDNS), nsswitch mdns stuff is also removed.<br>
</p>
</blockquote>
<p>Just find out something interesting, it works with PowerDNS
recursor but not DNSDist:</p>
<p>Recursor config:</p>
<p>local-address=0.0.0.0, ::<br>
local-port=53<br>
forward-zones=domain.internal=127.0.0.1:5300<br>
forward-zones+=in-addr.arpa=127.0.0.1:5300<br>
forward-zones+=domain.local=127.0.0.1:5300<br>
forward-zones+=another.domain=127.0.0.1:5300<br>
forward-zones+=another.domain2=127.0.0.1:5300<br>
forward-zones+=another.domain3=127.0.0.1:5300<br>
forward-zones+=another.domain4=127.0.0.1:5300<br>
forward-zones-recurse=.=10.10.10.10<br>
serve-rfc1918=no<br>
loglevel=6<br>
quiet=no<br>
lua-config-file=/etc/powerdns/local-protobuf-forwarder-recursor.lua</p>
<p><br>
</p>
<p>DNSDist config:</p>
<p>setSecurityPollSuffix("")<br>
addLocal('0.0.0.0:53', {reusePort=true})<br>
<br>
newServer({address="127.0.0.1:5300", pool="authoritative"})<br>
newServer({address="10.10.10.10:53", pool="recursor"})<br>
setACL({'127.0.0.0/8'})<br>
addACL('10.1.0.0/16')<br>
addACL('192.168.69.33/27')<br>
<br>
addAction(AndRule({OrRule({OpcodeRule(DNSOpcode.Notify),
OpcodeRule(DNSOpcode.Update), QTypeRule(DNSQType.AXFR),
QTypeRule(DNSQType.IXFR)}), NotRule(makeRule({"127.0.0.1/8",
"10.x.x.x/32", "10.x.x.x/32", "10.x.x.x/32"}))}),
RCodeAction(dnsdist.REFUSED))<br>
addAction(OrRule({QTypeRule(DNSQType.AXFR),
QTypeRule(DNSQType.IXFR)}), RCodeAction(DNSRCode.REFUSED))<br>
<br>
addAction({'in-addr.arpa'}, PoolAction("authoritative"))<br>
addAction({'domain.local'}, PoolAction("authoritative"))<br>
addAction({'domain.internal'}, PoolAction("authoritative"))<br>
addAction({'another.domain'}, PoolAction("authoritative"))<br>
addAction({'another.domain2'}, PoolAction("authoritative"))<br>
addAction({'another.domain3'}, PoolAction("authoritative"))<br>
addAction({'another.domain4'}, PoolAction("authoritative"))<br>
addAction(AllRule(), PoolAction('recursor'))<br>
<br>
rl = newRemoteLogger("127.0.0.1:50001")<br>
addAction(AllRule(),RemoteLogAction(rl))</p>
<p><br>
</p>
<p>Any idea ? I can definitely make TCPDumps at some point but I'm
not sure to able to understand them ;-)<br>
</p>
<div id="grammalecte_menu_main_button_shadow_host" style="width:
0px; height: 0px;"></div>
</body>
</html>