[Pdns-users] Recursor and subdomain forward

Giovanni Vecchi g.vecchi at certego.net
Fri Mar 20 15:05:39 UTC 2020

Hi Brian

sudo rec_control version

sudo dpkg -l | grep pdns-recursor
*ii  pdns-recursor                         4.3.0-1pdns.bionic
               amd64        PowerDNS Recursor*

No queries arrive at all even with negative trust anchor:

sudo rec_control get-ntas

*Configured Negative Trust Anchors:domain.sec*

Same result disabling DNSSEC at all.


On Fri, 20 Mar 2020 at 12:03, Brian Candler <b.candler at pobox.com> wrote:

> On 20/03/2020 10:56, Giovanni Vecchi via Pdns-users wrote:
> @Brian: my bad, my local domain isn't an ".local" one but ".sec", so
> please consider domain.sec as root domain
> The current behaviour is that public root domain are queried for every
> *.domain.sec from recursor instead the authoritative one!
> My conf:
> config-dir=/etc/powerdns
> local-address=
> local-port=53
> setgid=pdns
> setuid=pdns
> allow-from=
> logging-facility=1
> loglevel=9
> quiet=no
> version-string=Mind your own business…
> webserver=yes
> webserver-address=
> webserver-allow-from=
> webserver-port=8082
> forward-zones=domain.sec=
> Do no queries arrive at at all?  What version of
> pdns-recursor are you using?
> It's possible that you need to set a negative trust anchor for
> domain.sec.  See:
> https://doc.powerdns.com/recursor/dnssec.html#negative-trust-anchors


Giovanni Vecchi
Infrastructure Lead Engineer, Certego
<http://twitter.com/Certego_IRT>  <http://github.com/certego>
Use of the information within this document constitutes acceptance for
use in an "as is" condition. There are no warranties with regard to
this information; Certego has verified the data as thoroughly as
possible. Any use of this information lies within the user's
responsibility. In no event shall Certego be liable for any
consequences or damages, including direct, indirect, incidental,
consequential, loss of business profits or special damages, arising
out of or in connection with the use or spread of this information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200320/1913c0ad/attachment.htm>

More information about the Pdns-users mailing list