[Pdns-users] DNS Forwarding on Master/Slave Servers

Frank Louwers frank+pdns at tembo.be
Fri May 7 07:54:50 UTC 2021 

Hi Steven,

There are a couple of problems with your domain that prevent it from functioning correctly.

First up, it seems like the ns1/ns2/ns3.opensourceserver.io <http://ns3.opensourceserver.io/> glue records at the .IO cctld are all registered with the same IP address. That's probably not correct?

; <<>> DiG 9.10.6 <<>> A ns3.opensourceserver.io @a2.nic.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7480
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ns3.opensourceserver.io.	IN	A

;; AUTHORITY SECTION:
opensourceserver.io.	86400	IN	NS	ns3.opensourceserver.io.
opensourceserver.io.	86400	IN	NS	ns1.opensourceserver.io.
opensourceserver.io.	86400	IN	NS	ns2.opensourceserver.io.

;; ADDITIONAL SECTION:
ns3.opensourceserver.io. 86400	IN	A	76.76.238.10
ns2.opensourceserver.io. 86400	IN	A	76.76.238.10
ns1.opensourceserver.io. 86400	IN	A	76.76.238.10


When I query the SOA record at the real IPs (as listed in the zone itself, not the glue records) I get a REFUSED when I query ip 47.225.208.154 and no reply at all when I query 207.177.51.156.

Best to verify the configurations on those hosts (firewall, allow-query lists etc).

Kind Regards,

Frank

> On May 7, 2021, at 7:14 AM, Steven Garner via Pdns-users <pdns-users at mailman.powerdns.com> wrote:
> 
> I have a noob question about DNS forwarding - just implemented pdns version 4.2.1 on three servers on separate networks, intending for one to be a master (primary) and the other two to be slaves (secondaries).  So far I love it, but I think I may be doing something wrong with DNS forwarding.
> 
> I have records for some 383 domains in MySQL as a backend.
> 
> I have the master set up with:
> 
> master=yes
> 
> ... and the slaves set up with:
> 
> slave=yes
> 
> ... all in /etc/powerdns/pdns.conf
> 
> Also the master/slave state is configured on a per domain basis in the domains table with the type column set to either MASTER or SLAVE respectively. The slave has the master node IP addresses set for each domain in the master column in the domains table.
> 
> dig would seem to indicate that everything is working fine:
> 
> ==========================================
> 
> dig soa opensourceserver.io <http://opensourceserver.io/> @ns3.opensourceserver.io <http://ns3.opensourceserver.io/>
> 
> ; <<>> DiG 9.10.6 <<>> soa opensourceserver.io <http://opensourceserver.io/> @ns3.opensourceserver.io <http://ns3.opensourceserver.io/>
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6728
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ;; QUESTION SECTION:
> ;opensourceserver.io <http://opensourceserver.io/>. IN SOA
> 
> ;; ANSWER SECTION:
> opensourceserver.io <http://opensourceserver.io/>. 86400 IN SOA ns1.opensourceserver.io <http://ns1.opensourceserver.io/>. hostmaster.embode.net <http://hostmaster.embode.net/>. 2021050501 10380 3600 1814400 3796
> 
> ;; Query time: 168 msec
> ;; SERVER: 47.225.208.154#53(47.225.208.154)
> ;; WHEN: Fri May 07 00:01:21 CDT 2021
> ;; MSG SIZE  rcvd: 147
> 
> ==========================================
> 
> Yet other methods seem to indicate there may be problems:
> 
> 1) When I test opensourceserver.io <http://opensourceserver.io/> on https://mxtoolbox.com/SuperTool.aspx?action=dns <https://mxtoolbox.com/SuperTool.aspx?action=dns>, it shows a good response from the master but no response from the slaves, stating that:
> 
> At least one name server failed to respond in a timely manner
> Failure detail: 207.177.51.156 <br/>Failure detail: 47.225.208.154
> 
> The slave servers are i3 class machines running on gigabit optical Internet connections, so I think there may be other issues?
> 
> 2) When I test opensourceserver.io <http://opensourceserver.io/> on https://www.site24x7.com/dns-lookup.html <https://www.site24x7.com/dns-lookup.html>, it states there is a "Possible DNS forwarding issue." for each server.
> 
> 
> Steve Garner
> +1 302 364 0325 (USA)
> stevenjgarner at gmail.com <mailto:stevenjgarner at gmail.com>_______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210507/76375daf/attachment-0001.htm>

More information about the Pdns-users mailing list