[Pdns-users] PowerDNS Recursion / Forward-Zone (Strange issue)

Devin Acosta linuxguru.co at gmail.com
Fri Feb 15 14:07:22 UTC 2019 

Bert,
If I remove that it fails, show SERVFAIL, if I added the *., it will resolve the forward-zone?
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @10.234.13.42 jira.domain.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33388 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;jira.domain.com. IN A
I don’t even see the TCP packet for DNS even make it to my forwarded server? Could something else be wrong?
Devin
On Fri, Feb 15, 2019 at 6:51 AM, bert hubert <bert.hubert at powerdns.com> wrote:
Hi Devin,

First thing of note, you forward using
'forward-zones=*.domain.com=10.13.13.13:53'.

This is never going to work, you should remove "*.".

Can you see if that helps?

Bert


> Dear Users, I am running the latest version of PowerDNS Recursion
> software, and I had an outage this morning in Production and experienced
> some strangeness that I couldn’t explain, was hoping someone might have an
> explanation of what happened. So the recursion configuration had a single
> domain that was listed in the forward-zones section like this:
> forward-zones=*.domain.com=10.13.13.31:53 A user added some records to the
> Authoritative domain and the Authoritative domain when queried would
> return the result, however the Recursion was returning (no records) for
> the newly added records. As far as I know the record never was requested
> before it was added to DNS, so it should’t have been cached in the
> negative response which seems to be for a day cached by default. It was
> resolving older records just not the new ones. I then restarted the
> powerdns recursion daemon, and all of a sudden it stopped answering for
> all forward requests for the zone “domain.com” in my example here. After
> some time it started resolving all domains and the new records, but I had
> to in a hurry change back to our old Bind system because it caused an
> outage. I’m a bit worried why it completely stopped responding for a
> period of time for all records, then now appears to be happy. I am not
> sure if it has something to do with the Caching between the Authoritative
> server and the Recursion, but something happened. Any help would be
> greatly appreciated. Devin Acosta

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190215/fec4c070/attachment.html>

More information about the Pdns-users mailing list