[Pdns-users] pdns-recursor works but pdns discards responses

rooster yawowb+pdns-users at nuclei.ca
Fri Feb 20 02:48:06 UTC 2015 

> On 2015-01-26, at 5:38 PM, rooster <yawowb+pdns-users at nuclei.ca> wrote:
> 
> Hello list,
> 
> 	I have pdns-recursor and pdns on the same host and port but on different IP’s. When I query pdns and it can not answer, so it passes the query on to pdns-recursor, which then responds with the answer but then pdns discards the packets. What did I do wrong? I have tried this with the firewall both on and off and the result is the same. Below is a snippet of the log file with the error, followed by my configuration for the recursor and pdns itself. The host is a PowerPC computer running ubuntu 14.04 LTS.
> 
> /var/log/syslog
> 
> Jan 26 16:45:55 host pdns_recursor[29993]: 0 question answered from packet cache from 127.0.0.1
> Jan 26 16:45:55 host pdns[26791]: Discarding untracked packet from recursor backend with id 49601. Conntrack table size=1
> Jan 26 16:46:00 host pdns_recursor[29993]: 1 [42] question for ‘google.com.|A' from 127.0.0.1
> Jan 26 16:46:01 host pdns[26791]: Discarding untracked packet from recursor backend with id 49345. Conntrack table size=2
> Jan 26 16:46:01 host pdns_recursor[29993]: 1 [42] answer to question ‘google.com.|A': 1 answers, 0 additional, took 2 packets, 0 throttled, 0 timeouts, 0 tcp connections, rcode=0
> Jan 26 16:46:05 host pdns_recursor[29993]: 0 question answered from packet cache from 127.0.0.1
> Jan 26 16:46:05 host pdns[26791]: Discarding untracked packet from recursor backend with id 50113. Conntrack table size=3

<snip>

Here is a final update with success.

	I removed recursor=127.0.0.1 from pdns.local.conf.

	I will also note that, my original problem was not so much a problem caused by a bug or some other such issue but more precisely, it was a configuration error.
	I theorize that the error I was seeing in my logs was not so much an error but an indication of the configuration error. In short, I had misconfigured the auth server to allow recursion. As such, when a non-authorized query came in, auth server passed it on to the recursor like it was configured to do and the recursor would respond correctly but the auth server then would drop the packets instead of routing them back to the source of the query.

	If anyone else has theories or additional input, please feel free to post a message to the list. As I mentioned, I’d mark this as solved and not as a bug in the pdns auth server code (big endian vs. little endian) but instead a user configuration error. Thank you everyone for your assistance on this "problem".

--

More information about the Pdns-users mailing list