[Pdns-users] recursor is giving conflicting results for /etc/hosts entries
Remi Gacogne
remi.gacogne at powerdns.com
Sat Jan 4 17:43:51 UTC 2020
Hi Mike,
On 1/4/20 6:39 PM, Mike wrote:
> I hate replying to my own message, but...
>
> The culprit was 'dnssec=validate'. Stupid me. Recursor is doing what
> I told it to do, and there's no way for it dnssec validate etc/hosts
> supplied entries.
>
> There still is the open question why it seems the first query would
> be responded to with the data in question, perhaps that is some other
> network issue (we anycast our resolvers).
>
> The next question would be - is there any way to specify 'dont
> dnssec validate entries loaded from etc/hosts', or perhaps this would be
> a job better suited to a lua script (which I am not up to speed on)?
I believe you are looking for addNTA(), see [1].
[1]: https://docs.powerdns.com/recursor/dnssec.html#negative-trust-anchors
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200104/fdd598cb/attachment.sig>
More information about the Pdns-users
mailing list