[Pdns-users] Recursor / pdns installation help
Patrick Coffin
patrick at islandtechnologies.net
Tue Dec 21 02:03:46 UTC 2010
Hi,
This is the first time posting to this board. If I am posting to the wrong list, sorry, and please advise where I should post this request for assistance.
We are setting up a new installation of pdns and recursor.
We have been running pdns for a couple years without issue. I am attempting to implement recursor and pdns to avoid a potential DOS attack and pass security compliance, which under the current version I am running will not pass.
Currently we have 3 servers running pdns 2.9.22 in a Centos 5.5 environment. Each with their own mysql slave db. Al l works great except for the DOS issue.
I setup a new testing server with pdns 2.9.21 and recursor 3.3 also a Centos 5.5 box and I now pass security compliance, but am not getting the expected responses on DNS queries.
I setup recursor to respond on port 53 and pdns to respond on 5300.
recursor.conf entries
# forward-zones=
forward-zones=x.x.x.x:5300
local-port=53
pdns.conf entries
local-address=x.x.x.x
local-port=5300
If I query on a domain using dig I get the following error. "dig mytestdomain.com @ns5
------------------
; <<>> DiG 9.6.0-APPLE-P2 <<>> mytestdomain.com @ns5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18559
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
; mytestdomain.com. IN A
;; Query time: 6 msec
;; SERVER: 209.3.87.44#53(209.3.87.44)
;; WHEN: Mon Dec 20 17:55:34 2010
;; MSG SIZE rcvd: 28
------------------
logs output -
Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: Resolved 'mytestdomain.com.' NS ns5.mydomain. to: xx.xx.xx.xx
Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: Trying IP xx.xx.xx.xx:53, asking 'mytestdomain.com.|A'
Dec 20 17:43:25 xx pdns_recursor[9187]: 0 question answered from packet cache from xx.xx.xx.xx
Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: Got 0 answers from ns5.mydomain.net. (xx.xx.xx.xx), rcode=0, in 3ms
Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: determining status after receiving this packet
Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: status=noerror, other types may exist, but we are done
Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: Starting additional processing
Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: Done with additional processing
Dec 20 17:43:25 xx pdns_recursor[9187]: 0 [3] answer to question 'mytestdomain.com.|A': 0 answers, 0 additional, took 6 packets, 0 throttled, 0 timeouts, 0 tcp connections, rcode=0
Dec 20 17:43:59 xx pdns_recursor[9187]: 1 question answered from packet cache from xx.xx.xx.xx
It looks as if it is trying the local dns server on 53, but it is not getting a reply. Also I do not see any queries hitting the database.
If any additional information is needed, LMK
Any help would be appreciated.
Thanks,
Patrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20101220/8f6a94d5/attachment.html>
More information about the Pdns-users
mailing list