[Pdns-users] How to set up pdns recursor to repeat the query if it does not get an answer
Winfried Angele
abang at t-ipnet.net
Mon Sep 21 13:36:33 UTC 2020
> but an unsatisfied client will still query again.
Yes, but the Recursor will answer this client retries with SERVFAIL for <packetcache-servfail-ttl> seconds without asking the Auth again. And it will not ask an unresponsive Auth for <server-down-throttle-time> seconds.
Winfried
Am 21. September 2020 15:14:49 MESZ schrieb Mira Krejci via Pdns-users <pdns-users at mailman.powerdns.com>:
>Thanks Winfried and Brian for the anwers. This appears to be a PDNS
>recursor property that cannot be configured by configuration.
>I understand that repeated query is another burden for an overloaded
>authoritative server, but an unsatisfied client will still query again.
>
>Mira
>
>Dne 18. 09. 20 v 17:42 Winfried Angele napsal(a):
>> Hi Mira,
>>
>> I think if a Resolver retries on possibly overloaded or attacked
>> authoritative DNS servers, it gets even worse for them. So I'd
>> recommend to try to contact the people in charge for that domain and
>> try to convince them to solve the problem on their side. And again,
>> the Recursor tries on each Nameservers address listed in the NS
>RRset.
>> So it does retries, but not on the same address. That means, in your
>> case, all DNS servers of that domain are overloaded or broken or
>attacked.
>>
>> Winfried
>>
>>
>> Am 18. September 2020 16:05:04 MESZ schrieb Mira Krejci
><krejci at i3.cz>:
>>
>>
>> Hi Winfried,
>>
>> thank you for your reply.
>> If it's a feature and can't be changed, I have a big problem that
>> I'll have to solve by changing the software to another.
>> For example, Bind asks more than once if answer does not come.
>> Users are angry that DNS resolving does not work for them (of
>> course, it is to blame for authoritative servers of a specific
>> domain).
>> But I have to solve it somehow.
>>
>> Thanks.
>> Mira
>>
>> Dne 18. 09. 20 v 15:34 Winfried Angele napsal(a):
>>> Hi Mira,
>>>
>>> Yes the Recursor does no retry on *this* auth. But it tries on
>>> the other nameservers from the NS RR set. IPv4 and IPv6. So if
>>> you have only one auth, Recursor tries two times, IPv4 and IPv6
>>> if available.
>>>
>>> Winfried
>>>
>>>
>>>
>>> Am 18. September 2020 14:47:49 MESZ schrieb Mira Krejci via
>>> Pdns-users <pdns-users at mailman.powerdns.com>:
>>>
>>> Hi,
>>>
>>> I have a problem that I can't force the pdns recursor to
>query the
>>> authoritative servers repeatedly if they do not answer.
>Recursor tries
>>> the query only once and then return an error (SERVFAIL) to
>the client.
>>> This is very problematic when the authoritative server is
>overloaded or
>>> there are some problems on the network. I didn't find any
>way in the
>>> configuration to change it.
>>>
>>> Server version: 4.2.2-1 (from EPEL repo on CentOS 8)
>>>
>>> Can anyone help?
>>> Thanks.
>>>
>>> Mira
>>>
>------------------------------------------------------------------------
>>> Pdns-users mailing list
>>> Pdns-users at mailman.powerdns.com
>>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200921/ec6735ce/attachment-0001.htm>
More information about the Pdns-users
mailing list