<div dir="ltr">Bingo, THANK you. There was another config file (probably some old legacy thing given the versioning) in /etc/powerdns/recursor.d that was taking precedence. It's off to the races now. <div><br></div><div>Aug 24 16:46:50 cache1 pdns_recursor[494188]: Redirecting queries for zone '.' with recursion to: <a href="http://9.9.9.9:53">9.9.9.9:53</a>, <a href="http://1.1.1.2:53">1.1.1.2:53</a><br><br>Cheers,<br><br>Best, Tim<br><br>forward-zones-recurse+=opcenter.aws=10.40.1.4,webdev.aws=10.40.1.4,webprod.aws=1 0.40.1.4<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Aug 24, 2022 at 4:27 PM Otto Moerbeek <<a href="mailto:otto@drijf.net">otto@drijf.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Wed, Aug 24, 2022 at 04:16:49PM -0400, Holmes, Timothy wrote:<br>
<br>
> Full(er) log, I dont see any reference to the forwarders..<br>
> Best, Tim<br>
<br>
Indeed, no log lin wrt recursive forwarding. You do have in your config:<br>
<br>
include-dir=/etc/powerdns/recursor.d <br>
<br>
So it could be a file in there overriding things.<br>
<br>
*BUT* you edited the log. Please do not do that. It makes it hard for<br>
us to help you.<br>
<br>
Your local address from your posted config is 127.0.0.1. But the log shows<br>
x.x.x.x.<br>
<br>
See <a href="https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/" rel="noreferrer" target="_blank">https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/</a><br>
<br>
-Otto<br>
<br>
<br>
> <br>
> Aug 24 16:12:17 cache1 systemd[1]: Stopping PowerDNS Recursor...<br>
> Aug 24 16:12:17 cache1 systemd[1]: pdns-recursor.service: Succeeded.<br>
> Aug 24 16:12:17 cache1 systemd[1]: Stopped PowerDNS Recursor.<br>
> Aug 24 16:12:17 cache1 systemd[1]: Starting PowerDNS Recursor...<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Aug 24 16:12:17 Asked to run<br>
> with pdns-distributes-queries set but no distributor threads, raising to 1<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS Recursor 4.2.1 (C)<br>
> 2001-2019 PowerDNS.COM BV<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Using 64-bits mode. Built<br>
> using gcc 9.2.1 20200202.<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS comes with<br>
> ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to<br>
> redistribute it according to the terms of the GPL version 2.<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: NOT using IPv6 for outgoing<br>
> queries - set 'query-local-address6=::' to enable<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Only allowing queries from:<br>
> <a href="http://10.0.0.0/8" rel="noreferrer" target="_blank">10.0.0.0/8</a>, <a href="http://127.0.0.1/32" rel="noreferrer" target="_blank">127.0.0.1/32</a>, <a href="http://192.133.83.0/24" rel="noreferrer" target="_blank">192.133.83.0/24</a>, <a href="http://192.168.0.0/16" rel="noreferrer" target="_blank">192.168.0.0/16</a>, <a href="http://172.31.8.0/22" rel="noreferrer" target="_blank">172.31.8.0/22</a>,<br>
> <a href="http://172.31.12.0/22" rel="noreferrer" target="_blank">172.31.12.0/22</a>, <a href="http://172.31.32.0/20" rel="noreferrer" target="_blank">172.31.32.0/20</a>, <a href="http://172.31.64.0/20" rel="noreferrer" target="_blank">172.31.64.0/20</a>, <a href="http://172.31.0.0/22" rel="noreferrer" target="_blank">172.31.0.0/22</a>,<br>
> <a href="http://172.31.16.0/20" rel="noreferrer" target="_blank">172.31.16.0/20</a>, <a href="http://172.31.80.0/20" rel="noreferrer" target="_blank">172.31.80.0/20</a>, <a href="http://172.31.48.0/20" rel="noreferrer" target="_blank">172.31.48.0/20</a>, <a href="http://172.31.4.0/22" rel="noreferrer" target="_blank">172.31.4.0/22</a><br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Loaded the Public Suffix List<br>
> from '/usr/share/publicsuffix/public_suffix_list.dat'<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Will not send queries to:<br>
> <a href="http://127.0.0.0/8" rel="noreferrer" target="_blank">127.0.0.0/8</a>, <a href="http://10.0.0.0/8" rel="noreferrer" target="_blank">10.0.0.0/8</a>, <a href="http://100.64.0.0/10" rel="noreferrer" target="_blank">100.64.0.0/10</a>, <a href="http://169.254.0.0/16" rel="noreferrer" target="_blank">169.254.0.0/16</a>, <a href="http://192.168.0.0/16" rel="noreferrer" target="_blank">192.168.0.0/16</a>,<br>
> <a href="http://172.16.0.0/12" rel="noreferrer" target="_blank">172.16.0.0/12</a>, ::1/128, fc00::/7, fe80::/10, <a href="http://0.0.0.0/8" rel="noreferrer" target="_blank">0.0.0.0/8</a>, <a href="http://192.0.0.0/24" rel="noreferrer" target="_blank">192.0.0.0/24</a>,<br>
> <a href="http://192.0.2.0/24" rel="noreferrer" target="_blank">192.0.2.0/24</a>, <a href="http://198.51.100.0/24" rel="noreferrer" target="_blank">198.51.100.0/24</a>, <a href="http://203.0.113.0/24" rel="noreferrer" target="_blank">203.0.113.0/24</a>, <a href="http://240.0.0.0/4" rel="noreferrer" target="_blank">240.0.0.0/4</a>, ::/96,<br>
> ::ffff:0:0/96, 100::/64, 2001:db8::/32, 0.0.0.0, ::<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS Recursor itself will<br>
> distribute queries over threads<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Redirecting queries for zone '<br>
> <a href="http://holycross.edu" rel="noreferrer" target="_blank">holycross.edu</a>' to: x.x.x.x<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Inserting rfc 1918 private<br>
> space zones<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Will not overwrite zone<br>
> '10.in-addr.arpa' already loaded<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Listening for UDP queries on<br>
> x.x.x.x:53<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Enabled TCP data-ready filter<br>
> for (slight) DoS protection<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Listening for TCP queries on<br>
> x.x.x.x:53<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Set effective group id to 121<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Set effective user id to 114<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Launching 1 distributor<br>
> threads<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Launching 2 worker threads<br>
> Aug 24 16:12:17 cache1 systemd[1]: Started PowerDNS Recursor.<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Done priming cache with root<br>
> hints<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Done priming cache with root<br>
> hints<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: message repeated 2 times: [<br>
> Done priming cache with root hints]<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: Enabled 'epoll' multiplexer<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 199 questions, 1279<br>
> cache entries, 31 negative entries, 3% cache hits<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: throttle map: 0, ns<br>
> speeds: 668, failed ns: 0, ednsmap: 269<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: outpacket/query ratio<br>
> 248%, 0% throttled, 0 no-delegation drops<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 3 outgoing tcp<br>
> connections, 33 queries running, 0 outgoing timeouts<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 145 packet cache<br>
> entries, 7% packet cache hits<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: thread 0 has been<br>
> distributed 109 queries<br>
> Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: thread 1 has been<br>
> distributed 87 queries<br>
> <br>
> On Wed, Aug 24, 2022 at 4:02 PM Otto Moerbeek via Pdns-users <<br>
> <a href="mailto:pdns-users@mailman.powerdns.com" target="_blank">pdns-users@mailman.powerdns.com</a>> wrote:<br>
> <br>
> > On Wed, Aug 24, 2022 at 09:51:49PM +0200, Leendert Meyer via Pdns-users<br>
> > wrote:<br>
> ><br>
> > > Hello Timothy,<br>
> > ><br>
> > > On Wednesday, 24 August 2022 20:09:11 CEST Holmes, Timothy via<br>
> > Pdns-users<br>
> > > wrote:<br>
> > ><br>
> > > <snip><br>
> > ><br>
> > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2<br>
> > > > and also tried forward-zones-recurse=.=9.9.9.9<br>
> > > ><br>
> > > > Each time pushed a restart and verified. Each time the root name hints<br>
> > seem<br>
> > > > to still be the default behavior including after removing the<br>
> > referenced<br>
> > > > root hint file entry.<br>
> > ><br>
> > > <snip><br>
> > ><br>
> > > > Am I missing something obvious, or will the root hints always take<br>
> > > > precedence?<br>
> > ><br>
> > > Whithout testing, the ‘=.=’ seems odd.<br>
> > ><br>
> > > You probably have to change ‘=.=’ into ‘=’.<br>
> ><br>
> > Npe, that is the syntax to forward everything:<br>
> ><br>
> > forward-zones-recurse=.=9.9.9.9;1.1.1.1<br>
> ><br>
> > Leads to:<br>
> ><br>
> > Aug 24 22:00:33 Redirecting queries for zone '.' with recursion to:<br>
> > <a href="http://9.9.9.9:53" rel="noreferrer" target="_blank">9.9.9.9:53</a>, <a href="http://1.1.1.1:53" rel="noreferrer" target="_blank">1.1.1.1:53</a><br>
> ><br>
> > It basically turns a full recursor into just a cache. Plus you are now<br>
> > depdendent on the forwarded-to resolvers. So there are drawbacks.<br>
> ><br>
> > -Otto<br>
> ><br>
> > ><br>
> > > Kind regards,<br>
> > ><br>
> > > Leen<br>
> ><br>
> > > _______________________________________________<br>
> > > Pdns-users mailing list<br>
> > > <a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a><br>
> > > <a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" rel="noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
> ><br>
> > _______________________________________________<br>
> > Pdns-users mailing list<br>
> > <a href="mailto:Pdns-users@mailman.powerdns.com" target="_blank">Pdns-users@mailman.powerdns.com</a><br>
> > <a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" rel="noreferrer" target="_blank">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
> ><br>
</blockquote></div>