[Pdns-users] Unable to forward-zone to primary PowerDNS server

Clarence Mills cmmills at protonmail.com
Mon Jul 6 21:07:11 UTC 2020 

Brian,

Okay, updated the recursor.conf file to use forward-zones=millsresidence.com.=192.168.0.32

Here's the output of the dig commmand

pi at compute-2:/etc/powerdns $ dig +norec @192.168.0.32 millsresidence.com. soa

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Raspbian <<>> +norec @192.168.0.32 millsresidence.com. soa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27291
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;millsresidence.com.            IN      SOA

;; ANSWER SECTION:
millsresidence.com.     3600    IN      SOA     ns1.millsresidence.com. hostmaster.millsresidence.com. 1 10800 3600 604800 3600

;; Query time: 0 msec
;; SERVER: 192.168.0.32#53(192.168.0.32)
;; WHEN: Mon Jul 06 22:05:19 BST 2020
;; MSG SIZE  rcvd: 98



Sent from ProtonMail, encrypted email based in Switzerland.

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, 6 July 2020 13:31, Brian Candler <b.candler at pobox.com> wrote:

> On 06/07/2020 17:13, Clarence Mills via Pdns-users wrote:
>
> > Just recently set up a network containing  1 dnsdist, 1 reccursor  and
> > 1 PDNS server. I'm unable to resolve my internal domain 
> > millsresidence.com. I'm
> > using forward-zones-recurse=millsresidence.com=192.168.0.32 within my
> > recursor. i've attached my config below.
> >
> > -   dnsdist: 192.168.0.18
> > -   recursor: 192.168.0.22
> > -   PDNS server: 192.168.0.32
>
> If you're forwarding to an authoritative server, it should be
> "forward-zones" not "forward-zones-recurse".  You'd use
> forward-zones-recurse if forwarding to another recursive server, like
> 9.9.9.9.
>
> However I don't think this will stop it working, i.e. pdns-auth will
> probably answer correctly even if RD is set.
>
> What does
>
> dig +norec @192.168.0.32 millsresidence.com. soa
>
> show?
>
> Other than that, I'd look at server logs, and tcpdump to see if traffic
> is going between recursor and auth.

More information about the Pdns-users mailing list