[Pdns-users] Analysis sometimes succeeds sometimes unsuccessful

姜伯洋 15555513217 at 163.com
Thu Aug 22 08:16:53 UTC 2019 

The following is the configuration file of the recursive node


cat recursor.conf
local-address=10.3.9.100
local-port=53
forward-zones=test.com=10.3.9.140:5300
forward-zones-recurse=.=223.4.


When the parsing fails, it’s like this But if there are a total of ten resolutions, there may be 3-4 failures.
user.test.com This domain name is the internal domain name. I specified that if it is the resolution of the internal domain name, it will go to my internal authoritative server.


[root at ops-tmp-app-2 ~]# dig user.test.com @10.3.9.100
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> user.test.com @10.3.9.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52896
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;user.test.com.INA


;; AUTHORITY SECTION:
test.com.206INSOAops-dns-authoritative-1. hostmaster.test.com. 2019081904 10800 3600 604800 3600


;; Query time: 3 msec
;; SERVER: 10.3.9.100#53(10.3.9.100)
;; WHEN: Thu Aug 22 15:29:24 CST 2019
;; MSG SIZE  rcvd: 116







At 2019-08-22 15:52:13, "Brian Candler" <b.candler at pobox.com> wrote:
>On 22/08/2019 08:35, 姜伯洋 wrote:
>> Like the following, I have added a good domain name, sometimes it can 
>> be parsed, but often, the parsing fails.
>> The version of my recursive server is:
>> rpm -qa |grep pdns
>> pdns-recursor-4.1.9-1.el7.x86_64
>>
>>
>> [root at ops-tmp-app-2 ~]# dig user.test.com @10.3.9.100 +short
>> [root at ops-tmp-app-2 ~]# dig user.test.com @10.3.9.100 +short
>> 10.3.18.43
>
> From here, "user.test.com" resolves to 69.172.200.109.
>
>So, are you actually trying to resolve "user.test.com"?  If not, then 
>you need to tell us what the real domain is.  See: 
>https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/
>
>If it is a fully delegated domain in the public DNS, then we can check it.
>
>If it is *not* a fully delegated domain in the public DNS, this means 
>you must have other configuration which is relevant (e.g. a private 
>authoritative server, and recursor configuration to forward to it).  
>Therefore, show us that configuration.
>
>Finally, try running dig without +short.  What status you see when there 
>are no results - NXDOMAIN, NOERROR, SERVFAIL, REFUSED, something else?






 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190822/7fd6e48e/attachment-0001.html>

More information about the Pdns-users mailing list