[Pdns-users] Unable to forward-zone to primary PowerDNS server
Clarence Mills
cmmills at protonmail.com
Mon Jul 6 21:07:11 UTC 2020
Brian,
Okay, updated the recursor.conf file to use forward-zones=millsresidence.com.=192.168.0.32
Here's the output of the dig commmand
pi at compute-2:/etc/powerdns $ dig +norec @192.168.0.32 millsresidence.com. soa
; <<>> DiG 9.11.5-P4-5.1+deb10u1-Raspbian <<>> +norec @192.168.0.32 millsresidence.com. soa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27291
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;millsresidence.com. IN SOA
;; ANSWER SECTION:
millsresidence.com. 3600 IN SOA ns1.millsresidence.com. hostmaster.millsresidence.com. 1 10800 3600 604800 3600
;; Query time: 0 msec
;; SERVER: 192.168.0.32#53(192.168.0.32)
;; WHEN: Mon Jul 06 22:05:19 BST 2020
;; MSG SIZE rcvd: 98
Sent from ProtonMail, encrypted email based in Switzerland.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, 6 July 2020 13:31, Brian Candler <b.candler at pobox.com> wrote:
> On 06/07/2020 17:13, Clarence Mills via Pdns-users wrote:
>
> > Just recently set up a network containing 1 dnsdist, 1 reccursor and
> > 1 PDNS server. I'm unable to resolve my internal domain
> > millsresidence.com. I'm
> > using forward-zones-recurse=millsresidence.com=192.168.0.32 within my
> > recursor. i've attached my config below.
> >
> > - dnsdist: 192.168.0.18
> > - recursor: 192.168.0.22
> > - PDNS server: 192.168.0.32
>
> If you're forwarding to an authoritative server, it should be
> "forward-zones" not "forward-zones-recurse". You'd use
> forward-zones-recurse if forwarding to another recursive server, like
> 9.9.9.9.
>
> However I don't think this will stop it working, i.e. pdns-auth will
> probably answer correctly even if RD is set.
>
> What does
>
> dig +norec @192.168.0.32 millsresidence.com. soa
>
> show?
>
> Other than that, I'd look at server logs, and tcpdump to see if traffic
> is going between recursor and auth.
More information about the Pdns-users
mailing list