[Pdns-users] How to set up pdns recursor to repeat the query if it does not get an answer

Winfried Angele abang at t-ipnet.net
Mon Sep 21 13:36:33 UTC 2020

> but an unsatisfied client will still query again.

Yes, but the Recursor will answer this client retries with SERVFAIL for <packetcache-servfail-ttl> seconds without asking the Auth again. And it will not ask an unresponsive Auth for <server-down-throttle-time> seconds.


Am 21. September 2020 15:14:49 MESZ schrieb Mira Krejci via Pdns-users <pdns-users at mailman.powerdns.com>:
>Thanks Winfried and Brian for the anwers. This appears to be a PDNS
>recursor property that cannot be configured by configuration.
>I understand that repeated query is another burden for an overloaded
>authoritative server, but an unsatisfied client will still query again.
>Dne 18. 09. 20 v 17:42 Winfried Angele napsal(a):
>> Hi Mira,
>> I think if a Resolver retries on possibly overloaded or attacked
>> authoritative DNS servers, it gets even worse for them. So I'd
>> recommend to try to contact the people in charge for that domain and
>> try to convince them to solve the problem on their side. And again,
>> the Recursor tries on each Nameservers address listed in the NS
>> So it does retries, but not on the same address. That means, in your
>> case, all DNS servers of that domain are overloaded or broken or
>> Winfried
>> Am 18. September 2020 16:05:04 MESZ schrieb Mira Krejci
><krejci at i3.cz>:
>>     Hi Winfried,
>>     thank you for your reply.
>>     If it's a feature and can't be changed, I have a big problem that
>>     I'll have to solve by changing the software to another.
>>     For example, Bind asks more than once if answer does not come.
>>     Users are angry that DNS resolving does not work for them (of
>>     course, it is to blame for authoritative servers of a specific
>>     domain).
>>     But I have to solve it somehow.
>>     Thanks.
>>     Mira
>>     Dne 18. 09. 20 v 15:34 Winfried Angele napsal(a):
>>>     Hi Mira,
>>>     Yes the Recursor does no retry on *this* auth. But it tries on
>>>     the other nameservers from the NS RR set. IPv4 and IPv6. So if
>>>     you have only one auth, Recursor tries two times, IPv4 and IPv6
>>>     if available.
>>>     Winfried
>>>     Am 18. September 2020 14:47:49 MESZ schrieb Mira Krejci via
>>>     Pdns-users <pdns-users at mailman.powerdns.com>:
>>>         Hi,
>>>         I have a problem that I can't force the pdns recursor to
>query the
>>>         authoritative servers repeatedly if they do not answer.
>Recursor tries
>>>         the query only once and then return an error (SERVFAIL) to
>the client.
>>>         This is very problematic when the authoritative server is
>overloaded or
>>>         there are some problems on the network. I didn't find any
>way in the
>>>         configuration to change it.
>>>         Server version: 4.2.2-1 (from EPEL repo on CentOS 8)
>>>         Can anyone help?
>>>         Thanks.
>>>         Mira
>>>         Pdns-users mailing list
>>>         Pdns-users at mailman.powerdns.com
>>>         https://mailman.powerdns.com/mailman/listinfo/pdns-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200921/ec6735ce/attachment-0001.htm>

More information about the Pdns-users mailing list