[Pdns-users] recursor getting ServFail from public DNS servers?
Mohamed Lrhazi
lrhazi at gmail.com
Sat Sep 29 01:51:47 UTC 2018
Yup. I just figured it out too :) I was using this forward-zones when I
should be using forward-zones-recurse
Somehow, some queries did work, which confused me more..
Thanks a lot.
On Fri, Sep 28, 2018 at 9:35 PM David <opendak at shaw.ca> wrote:
> On 2018-09-28 4:40 PM, Mohamed Lrhazi wrote:
> > I trying a new deployment, with PowerDNS Recursor 4.1.4
> > And I seem to be getting failures systematically for some records, such
> > as this example :
> >
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: initial validation status
> > for mit.edu <http://mit.edu> is Indeterminate
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Cache consultations done,
> > have 1 NS to contact
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Domain has hardcoded
> > nameservers
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Resolved '.' NS (empty)
> > to: 1.1.1.1, 1.0.0.1, 8.8.8.8, 8.8.4.4
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Trying IP 1.1.1.1:53
> > <http://1.1.1.1:53>, asking 'mit.edu <http://mit.edu>|TXT'
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: (empty) (1.1.1.1)
> returned
> > a ServFail, trying sibling IP or NS
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Trying IP 1.0.0.1:53
> > <http://1.0.0.1:53>, asking 'mit.edu <http://mit.edu>|TXT'
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: (empty) (1.0.0.1)
> returned
> > a ServFail, trying sibling IP or NS
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Trying IP 8.8.8.8:53
> > <http://8.8.8.8:53>, asking 'mit.edu <http://mit.edu>|TXT'
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: (empty) (8.8.8.8)
> returned
> > a ServFail, trying sibling IP or NS
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Trying IP 8.8.4.4:53
> > <http://8.8.4.4:53>, asking 'mit.edu <http://mit.edu>|TXT'
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: (empty) (8.8.4.4)
> returned
> > a ServFail, trying sibling IP or NS
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Failed to resolve via any
> > of the 1 offered NS at level '.'
> > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: failed (res=-1)
> > Sep 28 20:21:35 2 [8/1] answer to question 'mit.edu
> > <http://mit.edu>|TXT': 0 answers, 1 additional, took 4 packets, 12.764
> > netw ms, 13.769 tot ms, 0 throttled, 0 timeouts, 0 tcp connections,
> rcode=2
> >
> >
> >
> > Trying another record, say, mx mit.edu <http://mit.edu> or txt
> > harvard.edu <http://harvard.edu> or yahoo.com <http://yahoo.com> works.
> >
> > What could be causing such issue?
>
> Did you do forward-zones-recurse or add a + to your definitions? It
> looks like you are sending rd=0 queries (eg none of the options above)
> and that's why these might be returning servfail to you.
>
> dig does rd=1 by default, which is why it works.
>
> Also set root-nx-trust=no to prevent issues.
>
> >
> > Thanks a lot,
> > Mohamed.
> >
> >
> > _______________________________________________
> > Pdns-users mailing list
> > Pdns-users at mailman.powerdns.com
> > https://mailman.powerdns.com/mailman/listinfo/pdns-users
> >
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20180928/ffd7be46/attachment.html>
More information about the Pdns-users
mailing list