[Pdns-users] Change of behaviour for dont-query between pdns-recursor 4.3 and 4.4

[Kim Covil]

Hi,

I haven't managed to find a similar issue while searching. We are testing
Vyos 1.4 which uses powerdns recursor as its caching/forwarding name
service. We have noticed a behaviour change between pdns-recursor versions
4.3.7-1pdns.buster and 4.4.2-3 (from debian bullseye).

As far as I can tell our configuration for the two versions is the same and
we have a few forward-zones which we redirect to an internally reachable
DNS server on a 10.0.0.0/8 address. On the 4.3 version any addresses in
these internal forward zones resolve correctly, however on the 4.4 version
via trace I can see that the lookups are being dropped with a message of
"not sending query to 10.x.x.x, blocked by 'dont-query' setting".

>From the documentation for the dont-query parameter, it says:
"Queries to addresses for zones as configured in any of the settings
forward-zones, forward-zones-file or forward-zones-recurse are performed
regardless of these limitations."
This seems to be the behaviour we see with the 4.3 version, but seems to no
longer be the case with the 4.4 version.

Can someone tell me if the behaviour change is intentional and if I am
misreading the documentation?

Kind Regards,

Kim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210809/fd365a41/attachment.htm>