[Pdns-users] ZoneToCache for root zone not working

Otto Moerbeek otto at drijf.net
Tue Dec 21 08:48:33 UTC 2021 

On Tue, Dec 21, 2021 at 01:06:03PM +0500, Jahanzeb Arshad wrote:

> Thanks for the clarity. 
> 
> I tried to resolve some top level domains NS and still getting high
> latency.
> 
> 
> $ dig ae ns @localhost
> 
> ;; omitting
> 
> ;; ANSWER SECTION:
> ae. 3600 IN NS ns2.aedns.ae.
> ae. 3600 IN NS ns4.apnic.net.
> ae. 3600 IN NS nsext-pch.aedns.ae.
> ae. 3600 IN NS ns1.aedns.ae.
> 
> ;; Query time: 152 msec
> 
> 
> $ dig art ns @localhost
> 
> ;; omitting
> 
> ;; ANSWER SECTION:
> art. 164969 IN NS b.nic.art.
> art. 164969 IN NS c.nic.art.
> art. 164969 IN NS a.nic.art.
> art. 164969 IN NS d.nic.art.
> 
> ;; Query time: 244 msec

Oops, my test advice was wrong. A ns query also queries for
authoritative data. A dig soa . would get you an immediate answer.
Alternatively, try querying DS records of a TLD. The root zone also
hold authoritative data for those. With some extra logging:

Dec 21 09:46:13 2 [1/1] answer to question 'nl|DS': 1 answers, 1 additional, took 0 packets, 0 netw ms, 0 tot ms, 0 throttled, 0
timeouts, 0/0 tcp/dot connections, rcode=0, dnssec=Secure

The "took 0 packets" is key here.

But as I said earlier, do note that internally the recursor will use
data from the cached zone to determine delegations.

	-Otto


> 
> 
> -- 
> Regards
> Jahanzeb Arshad
> VP Operations
> 
> On Tue, 2021-12-21 at 07:49 +0100, Otto Moerbeek wrote:
> > On Tue, Dec 21, 2021 at 10:28:53AM +0500, Jahanzeb Arshad via Pdns-
> > users wrote:
> > 
> > > Greeting,
> > > 
> > > I am having trouble in getting zonetocache working for the root
> > > zone. I
> > > am using PowerDNS Recursor 4.6.0.
> > > 
> > > I have following in my /etc/powerdns/recursor.lua configuration:
> > > 
> > > dofile("/usr/share/pdns-recursor/lua-config/rootkeys.lua")
> > > zoneToCache(".", "url",
> > > "https://www.internic.net/domain/root.zone", {
> > > refreshPeriod = 0 })
> > > 
> > > 
> > > When I start the server I get the following message in the logs:
> > > 
> > > Dec 21 09:17:13 server.nayatel.com pdns-recursor[19209]:
> > > msg="Loaded
> > > zone into cache" subsystem="ztc" level=0 ts="1640060233.959"
> > > refresh="0" zone="."
> > > 
> > > 
> > > But when I do dig for the records in the root.zone I get high Query
> > > time. On subsequent queries I get 0 msec time which means it was
> > > cached
> > > after I did query for the record.
> > > 
> > > $ dig b.nic.aaa
> > > 
> > > ;; omitting output
> > > 
> > > ;; ANSWER SECTION:
> > > b.nic.aaa. 86400 IN A 37.209.194.9
> > > 
> > > ;; Query time: 512 msec
> > > 
> > > 
> > > -- 
> > > Regards
> > > Jahanzeb Arshad
> > 
> > The root zone has no autoritative data for b.nic.aaa, only
> > non-authoritative data. Digging for b.nic.aaa asks for authoritiative
> > data.
> > 
> > Non-autoritative data *will* be used to get the addresses of
> > namservers of delegated zones.
> > 
> > Try asking your server for NS aaa. This query only uses root-zone
> > data. You should get an immediate response, including additional
> > data.
> > 
> >         -Otto

More information about the Pdns-users mailing list