[Pdns-users] recursive server failing

Remi Gacogne remi.gacogne at powerdns.com
Thu Aug 3 20:04:52 UTC 2017


On 08/03/2017 09:37 PM, Charles Sprickman wrote:
> FWIW, “trace-regex” gave me an error, so I just did a full trace and
> then cleaned up the results.
> https://gist.github.com/sporkman/1b1b01a3b33ca3e2029728cb90a1eee8
>> We can then find out the problem for you, or perhaps you see it already.
> I don’t see it, I can’t really follow since I’m actually seeing many of
> the records I want but then it all seems to fall apart at the end…

So, the recursor sends UDP queries asking the answer for dot.nyc.gov MX
to the authoritative NS for nyc.gov, vwall1a.nyc.gov, vwall2a.nyc.gov,
vwall3a.nyc.gov and vwall4a.nyc.gov for but never get an answer from any
of them.
Given that it previously did get an answer from vwall1a.nyc.gov for
dot.nyc.gov A and that the answer for MX is much larger than the one for
A, it looks like a UDP fragmentation issue at the network level.
Can you check whether Bind get an answer over UDP or if it has to
fallback to TCP?

Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20170803/c7561f3b/attachment.sig>

More information about the Pdns-users mailing list