[Pdns-users] Powerdns server is not passing Authority parameter
Dedan Irungu
dedanirungu at gmail.com
Tue Jan 19 10:07:09 UTC 2021
The server is now working as expected.
I have checked via Dns checker and the result is as shown on the link below.
https://mxtoolbox.com/SuperTool.aspx?action=dns%3aessyfortunes.com&run=toolpage
The issue was on dnsdist configuration it worked by changing.
recursive_ips:addMask('0.0.0.0/ <http://127.0.0.1/8>0')
to
recursive_ips:addMask('127.0.0.1/8')
Thank you for your assistance.
On Tue, Jan 19, 2021 at 12:56 PM Markus Ehrlicher via Pdns-users <
pdns-users at mailman.powerdns.com> wrote:
> This is normal behavior. The aa-flag is the right point to look at and at
> your dig-results to port 5300, this flag ist set.
>
> Compare your results with „dig google.de @ns1.google.com“:
>
>
>
> ; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>> www.google.de @ns1.komsa.net SOA
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16618
>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
>
>
> ;; OPT PSEUDOSECTION:
>
> ; EDNS: version: 0, flags:; udp: 512
>
> ;; QUESTION SECTION:
>
> ;www.google.de. IN SOA
>
>
>
> ;; AUTHORITY SECTION:
>
> google.de. 60 IN SOA ns1.google.com.
> dns-admin.google.com. 352375909 900 900 1800 60
>
>
>
> ;; Query time: 27 msec
>
> ;; SERVER: 217.119.211.10#53(217.119.211.10)
>
> ;; WHEN: Tue Jan 19 10:43:36 CET 2021
>
> ;; MSG SIZE rcvd: 102
>
>
>
> root at markusehrlicher:~# dig google.de @ns1.google.com
>
>
>
> ; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>> google.de @ns1.google.com
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42438
>
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; WARNING: recursion requested but not available
>
>
>
> ;; OPT PSEUDOSECTION:
>
> ; EDNS: version: 0, flags:; udp: 512
>
> ;; QUESTION SECTION:
>
> ;google.de. IN A
>
>
>
> ;; ANSWER SECTION:
>
> google.de. 300 IN A 172.217.18.99
>
>
>
>
>
> *Von:* Dedan Irungu <dedanirungu at gmail.com>
> *Gesendet:* Dienstag, 19. Januar 2021 10:51
> *An:* Markus Ehrlicher <Markus.Ehrlicher at komsa.de>
> *Betreff:* Re: [Pdns-users] Powerdns server is not passing Authority
> parameter
>
>
>
> When I perform a dig the section on Authority is zero.
>
>
>
> dig @85.10.203.183 gifsitebuilder.com A -p 53
>
> ; <<>> DiG 9.16.1-Ubuntu <<>> @85.10.203.183 gifsitebuilder.com A -p 53
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31345
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
>
>
> Also dns checker was returning as not authoritative.
>
>
>
>
> https://mxtoolbox.com/SuperTool.aspx?action=dns%3aessyfortunes.com&run=toolpage
>
>
>
>
>
>
>
> On Tue, Jan 19, 2021 at 12:40 PM Markus Ehrlicher via Pdns-users <
> pdns-users at mailman.powerdns.com> wrote:
>
> Hello,
>
>
>
> where do you get the information from your dig-answer, that the server is
> not authoritative?
>
>
>
> Best regards,
>
> Markus
>
>
>
>
>
> *Von:* Pdns-users <pdns-users-bounces at mailman.powerdns.com> *Im Auftrag
> von *frank+pdns--- via Pdns-users
> *Gesendet:* Dienstag, 19. Januar 2021 10:21
> *An:* Dedan Irungu <dedanirungu at gmail.com>
> *Cc:* pdns-users-ml <pdns-users at mailman.powerdns.com>
> *Betreff:* Re: [Pdns-users] Powerdns server is not passing Authority
> parameter
>
>
>
> Hi,
>
>
>
> Could you share the configuration of the PDNS Auth server please?
>
>
>
> Frank Louwers
>
> Certified PowerDNS Consultant @ Kiwazo.be
>
>
>
> On 19 Jan 2021, at 10:08, Dedan Irungu via Pdns-users <
> pdns-users at mailman.powerdns.com> wrote:
>
>
>
> I have made the changes request as soon below. The server does not
> serve authoritative results.
>
>
>
> setLocal('85.10.203.183')
> setACL({'0.0.0.0/0', '::/0'}) -- Allow all IPs access
>
> newServer({address='85.10.203.183:5300', pool='auth'})
> newServer({address='85.10.203.183:5301', pool='recursor'})
>
> recursive_ips = newNMG()
> recursive_ips:addMask('127.0.0.1/8') -- These network masks are the
> ones from allow-recursion in the Authoritative Server
>
>
> addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
> addAction(AllRule(), PoolAction('auth'))
>
>
>
>
>
>
>
> I have tried to target powerdns directly via port 5300 but the result is
> the same. Any dig performed on port 5300 should be authoritative but in
> this case it is not.
>
>
>
> dig @85.10.203.183 gifsitebuilder.com A -p 5300
>
>
>
>
>
>
>
>
>
> On Tue, Jan 19, 2021 at 11:51 AM Brian Candler <b.candler at pobox.com>
> wrote:
>
> On 19/01/2021 08:40, Dedan Irungu via Pdns-users wrote:
>
> recursive_ips:addMask('0.0.0.0/0') -- These network masks are the
> ones from allow-recursion in the Authoritative Server
>
> addAction(NetmaskGroupRule(recursive_ips), PoolAction('recursor'))
>
> These two lines together say: "for incoming queries from *any* IP
> addresses: send them to the recursor".
>
> Try changing the first one to something like:
>
> recursive_ips:addMask('192.168.0.0/16 <http://0.0.0.0/0>') --
> netblock containing your local clients
>
> Then queries from 192.168.x.x will go to the recursor, whereas queries
> from any *other* addresses will go to the authoritative server.
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
>
> Frank Louwers
> PowerDNS Certified Consultant @ Kiwazo.be
>
>
>
>
>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210119/c6df15a0/attachment-0001.htm>
More information about the Pdns-users
mailing list