<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi Jan,<div class=""><br class=""></div><div class="">I completely understand NDAs and myself (and numerous other PowerDNS Certified Consultants on this list) are happy to sign them, as part of a professional engagement. Please reach out to me off-list to discuss your options.</div><div class=""><br class=""></div><div class="">However, this also means that on this list, we can't help you much...</div><div class=""><br class=""></div><div class="">As per your questions: first we need to know what happens. The trace should tell us. Options to look at: (yes this list is long and some won't apply, but please reread the first sentence of this mail)</div><div class=""><br class=""></div><div class="">* <a href="https://doc.powerdns.com/recursor/settings.html#network-timeout" class="">https://doc.powerdns.com/recursor/settings.html#network-timeout</a></div><div class="">* <a href="https://doc.powerdns.com/recursor/settings.html#non-resolving-ns-max-fails" class="">https://doc.powerdns.com/recursor/settings.html#non-resolving-ns-max-fails</a></div><div class="">* <a href="https://doc.powerdns.com/recursor/settings.html#non-resolving-ns-max-throttle-time" class="">https://doc.powerdns.com/recursor/settings.html#non-resolving-ns-max-throttle-time</a></div><div class="">* <a href="https://doc.powerdns.com/recursor/settings.html#dont-throttle-names" class="">https://doc.powerdns.com/recursor/settings.html#dont-throttle-names</a></div><div class="">* <a href="https://doc.powerdns.com/recursor/settings.html#dont-throttle-netmasks" class="">https://doc.powerdns.com/recursor/settings.html#dont-throttle-netmasks</a></div><div class="">* <a href="https://doc.powerdns.com/recursor/settings.html#server-down-max-fails" class="">https://doc.powerdns.com/recursor/settings.html#server-down-max-fails</a></div><div class="">* <a href="https://doc.powerdns.com/recursor/settings.html#server-down-throttle-time" class="">https://doc.powerdns.com/recursor/settings.html#server-down-throttle-time</a></div><div class=""><br class=""></div><div class="">Frank</div><div class=""><br class=""></div><div class=""><br class=""><div class="">
<div class=""><meta charset="UTF-8" class=""><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div>Frank Louwers<br class="">PowerDNS Certified Consultant @ <a href="http://Kiwazo.be" class="">Kiwazo.be</a></div></div></div>

</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On 1 Jun 2022, at 12:32, Jan Huijsmans via Pdns-users <<a href="mailto:pdns-users@mailman.powerdns.com" class="">pdns-users@mailman.powerdns.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Hi Frank,<br class=""><br class="">On Wed, 1 Jun 2022 11:23:16 +0200<br class="">"<a href="mailto:frank@tembo.be" class="">frank@tembo.be</a>" <<a href="mailto:frank@tembo.be" class="">frank@tembo.be</a>> wrote:<br class=""><blockquote type="cite" class="">When this fails, could you run a dig command for a domain after<br class="">activating trace for that domain? (See<br class=""><a href="https://doc.powerdns.com/recursor/manpages/rec_control.1.html?highlight=trace-regex" class="">https://doc.powerdns.com/recursor/manpages/rec_control.1.html?highlight=trace-regex</a><br class=""><https://doc.powerdns.com/recursor/manpages/rec_control.1.html?highlight=trace-regex>)<br class=""><br class="">I'd like to see the full trace, but my guess would be all the<br class="">upstream / root name servers have been marked as too slow to be<br class="">reliable by PowerDNS.<br class=""></blockquote><br class="">I'm not allowed to give a full trace, NDA and stuff. The rec_control<br class="">command can help though. I'll see what I can dig up from the<br class="">environment when I'm able to access it again.<br class=""><br class="">The slow speed could be the cause, as there are low speed high latency<br class="">links between the recursor and the root servers. How do I disable that<br class="">speed check in PowerDNS?<br class=""><br class=""><blockquote type="cite" class="">Also, I would recommend upgrading to a more recent version,<br class="">especially as 4.5 adds goodies such as<br class=""><a href="https://doc.powerdns.com/recursor/settings.html#non-resolving-ns-max-fails" class="">https://doc.powerdns.com/recursor/settings.html#non-resolving-ns-max-fails</a><br class=""><https://doc.powerdns.com/recursor/settings.html#non-resolving-ns-max-fails>.<br class=""></blockquote><br class="">Alas, upgrading is not an option, as the environment is 'frozen'. The<br class="">environment needs to work as-is for at least 1.5 years. All we can do<br class="">is tweak settings. I'm already happy we could abandon 4.0 last year.<br class=""><br class="">-- <br class=""><br class="">Jan Huijsmans              <a href="mailto:bofh@koffie.nu" class="">bofh@koffie.nu</a><br class=""><br class="">... cannot activate /dev/brain, no response from main coffee server<br class=""><br class=""><br class="">_______________________________________________<br class="">Pdns-users mailing list<br class=""><a href="mailto:Pdns-users@mailman.powerdns.com" class="">Pdns-users@mailman.powerdns.com</a><br class="">https://mailman.powerdns.com/mailman/listinfo/pdns-users<br class=""></div></div></blockquote></div><br class=""></div></body></html>