[Pdns-users] recursor can't refresh the . records
Justin Hammond
justin at dynam.ac
Fri Aug 10 17:27:51 UTC 2007
Hi,
maybe just co-incidence, but I also had my recursor die yesterday on
me with exactly the same error message. Restarting the recursor fixed
the error:
Aug 9 01:50:46 dilbert pdns_recursor[3395]: Failed to update .
records, RCODE=2
Aug 9 01:53:42 dilbert pdns_recursor[3395]: Failed to update .
records, RCODE=2
Aug 9 01:56:55 dilbert pdns_recursor[3395]: Failed to update .
records, RCODE=2
Aug 9 02:00:17 dilbert pdns_recursor[3395]: Failed to update .
records, RCODE=2
Aug 9 02:03:41 dilbert pdns_recursor[3395]: Failed to update .
records, RCODE=2
Aug 9 02:07:16 dilbert pdns_recursor[3395]: Failed to update .
records, RCODE=2
Aug 9 02:10:25 dilbert pdns_recursor[3395]: Failed to update .
records, RCODE=2
(that timing is GMT+8).
Did maybe something funky on the net happen yesterday?
Thanks
Justin
On 10 Aug 2007, at 5:01 AM, bert hubert wrote:
> On Thu, Aug 09, 2007 at 10:42:30PM +0200, thomas polnik wrote:
>
>>> You may want to try without the firewall.
>>>
>>>
>> without iptables is perhaps a bad idea :), but I will change it to
>> iptables -I INPUT 1 -p udp --dport 53 -j ACCEPT
>> iptables -I INPUT 2 -p tcp --dport 53 -j ACCEPT
>
> This is wrong - you need to accept packets *coming* from port 53 for
> answers as well.
>
> Otherwise PowerDNS can't receive answers to the questions it is
> sending out!
>
> The trick is to rely on stateful iptables filtering.
>
> Good luck!
>
> --
> http://www.PowerDNS.com Open source, database driven DNS Software
> http://netherlabs.nl Open and Closed source services
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list