[Pdns-users] DiG _trace: no response, no fail, nothing
stancs3
scruise56 at gmail.com
Fri Feb 17 04:40:40 UTC 2017
Thanks for the quick reply.
Yes, I did see this info at one point, and so I tried briefly to run
the recursor in front on its own, but I have not got it working yet.
Also,I did try the auth pdns as a recursor itself as I figured it
should work as an integrated server. But, I got the exact same results
- i.e. zero response to +trace.
-------------------------------------------------
Stepping back, is it not a doable config to have a private auth server,
that hands off to a recursor, all internal, private?
If not, then at least I do need the auth server, so I can get basic
name serving for my internal network.
Would I then simply send all my recursive queries to my router's dns,
as is now the case? i.e. more nameservers listed in resov.conf of
clients.
Clearly neophyte questions re dns. Feel free to point me somewhere, but
so far all 'tutorials' have led me here.
The frustrating part is that most comprehensive dns documentation is
releative to BIND. I have been close to taking a break from pdns and
start over with BIND to learn things better. But, then pdns begins to
work so nicely it seems...... :). I hope to hear back ....
Stan
On Thu, 2017-02-16 at 21:04 -0700, David wrote:
> On 2017-02-16 6:29 PM, stancs3 wrote:
> >
> > I have seen this problem posted in various places over the years.
> > It is
> > not clear if it is a bug, a bad config, or just non-functional.
>
> https://github.com/PowerDNS/pdns/issues/4353
>
> In your case (auth pointing to recursor) is a fairly broken config
> to
> begin with, so this may be unlikely for you to get working. In order
> for
> auth to respond to "NS ." without recursion you'd have to host the
> root
> zone on there.
>
> Recursor in front and forwarding your internal zones to auth
> would work
> (most) of the time unless your cache doesn't have the root primed
> already.
>
> >
> >
> > My set up:
> >
> > VM running Centos 7, up to date.
> > pdns install using postgresql db.
> > pdns-recursor install.
> >
> > pdns is running as an authoritive ns, standalone, replicated via
> > postgresql to a second VM, pretty much identical.
> >
> >
> > pdns is set with recursor=local-address:5300
> >
> > pdns-recursor is set with local-address equal to pdns local-address
> > above
> >
> > pdns-recursor is set with local-port equal to pdns 5300 above.
> >
> > It all seems to work.
> >
> > The authoritive nameserver is private, and is populated with a few
> > records which work.
> >
> > The recursor is being tested with DiG. (and with typical surfing).
> > I have verified that the VM has no other dns function working in
> > parallel.
> >
> > All DiG commands so far work with the exception of +trace.
> >
> > I have logs running, and can easily see logs generated for DiG
> > commands that work.
> >
> > I have attached a console example. The logs and console indicate
> > that the DiG command with +trace doesn't fail; it just doesn't even
> > respond.
> >
> > If I target the same DiG +trace command at my router's dnsmasq, it
> > responds as expected with a whole bunch of trace info.
> >
> > I have tried for days/hours with all variations I can think of and
> > all manner of surfing for solutions. If there were failure logs it
> > would help, but absolutely zero logs with the +trace command is
> > issued to pdns.
> >
> > I have also dumped my cache and it has many NS records.
> >
> > I am tempted to simply ignore this and just use the thing as it
> > seems to work. I only tried DiG +trace to see how it all
> > works......
> >
> >
> >
> > _______________________________________________
> > Pdns-users mailing list
> > Pdns-users at mailman.powerdns.com
> > https://mailman.powerdns.com/mailman/listinfo/pdns-users
> >
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list