[Pdns-users] Failures of recursor from within pod/coredns OR dig
Chad
chad at mercuryemail.net
Wed Oct 20 22:20:47 UTC 2021
I used these instructions and it was up and running within minutes.
https://doc.powerdns.com/recursor/PowerDNS-Recursor.pdf
Make sure you have your allow list and your listening on IP 127.0.0.1 and the IP address of your Ethernet card
On Oct 20, 2021, at 5:42 PM, Alessandro Dentella via Pdns-users <pdns-users at mailman.powerdns.com> wrote:
Hi,
I setup a PowerDNS Recursor that I would like to use as forwarder for a tiny
kubernetes cluster made with microk8s (that uses coredns).
I experiment failures of all queries to an internal domain (that has an
authorative PowerDNS isntance and is declared via forward-zones=thux.lan=...)
if made within a pod (and forwarded by coredns)
I cannot understand if there's something wrong in how I setup the domain, the
recursor or coredns.
If I operate from the node (as opposed to within the container), I notice that
`host` always work while dig does not:
adk-c1:/home/src/setup-cluster/12-dns # dig dns1b.thux.lan @10.2.201.135
; <<>> DiG 9.16.1-Ubuntu <<>> dns1b.thux.lan @10.2.201.135
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3509
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;dns1b.thux.lan. IN A
;; Query time: 4 msec
;; SERVER: 10.2.201.135#53(10.2.201.135)
;; WHEN: Wed Oct 20 21:26:59 UTC 2021
;; MSG SIZE rcvd: 43
adk-c1:/home/src/setup-cluster/12-dns # host dns1b.thux.lan 10.2.201.135
Using domain server:
Name: 10.2.201.135
Address: 10.2.201.135#53
Aliases:
dns1b.thux.lan has address 10.2.201.135
I tried setting:
edns-subnet-allow-list=thux.lan
but the problem persists. Can I configure PowerDNS recursor so that it answers
correctly to coredns and dig?
If I go directly to the Authoritative, it always answers correctly.
Below the tcpdum -vv of the 3 situations:
a) failing 'dig'
b) working 'host'
c) failing nslookup via coredns
TIA
sandro
*:-)
failing dig
===========
3:36:57.685822 IP (tos 0x0, ttl 62, id 7456, offset 0, flags [none], proto UDP (17), length 83)
10.1.201.111.50970 > 10.2.201.135.53: [udp sum ok] 5350+ [1au] A? dns1b.thux.lan. ar: . OPT UDPsize=4096 [COOKIE 5793a6f5b3b006fd] (55)
23:36:57.686197 IP (tos 0x0, ttl 63, id 45508, offset 0, flags [none], proto UDP (17), length 71)
10.2.201.135.53 > 10.1.201.111.50970: [bad udp cksum 0xa73e -> 0x6d47!] 5350 ServFail q: A? dns1b.thux.lan. 0/0/1 ar: . OPT UDPsize=512 (43)
working 'host'
==============
tcpdump: listening on ens19, link-type EN10MB (Ethernet), snapshot length 262144 bytes
23:36:44.554022 IP (tos 0x0, ttl 62, id 4657, offset 0, flags [none], proto UDP (17), length 60)
10.1.201.111.57686 > 10.2.201.135.53: [udp sum ok] 52844+ A? dns1b.thux.lan. (32)
23:36:44.554368 IP (tos 0x0, ttl 63, id 43433, offset 0, flags [none], proto UDP (17), length 76)
10.2.201.135.53 > 10.1.201.111.57686: [bad udp cksum 0xa743 -> 0x2d04!] 52844 q: A? dns1b.thux.lan. 1/0/0 dns1b.thux.lan. A 10.2.201.135 (48)
23:36:44.555049 IP (tos 0x0, ttl 62, id 4658, offset 0, flags [none], proto UDP (17), length 60)
10.1.201.111.49752 > 10.2.201.135.53: [udp sum ok] 21562+ AAAA? dns1b.thux.lan. (32)
23:36:44.555328 IP (tos 0x0, ttl 63, id 43434, offset 0, flags [none], proto UDP (17), length 141)
10.2.201.135.53 > 10.1.201.111.49752: [bad udp cksum 0xa784 -> 0x38d6!] 21562 q: AAAA? dns1b.thux.lan. 0/1/0 ns: thux.lan. SOA a.misconfigured.dns.server.invalid. hostmaster.thux.lan. 2021092801 10800 3600 604800 3600 (113)
23:36:44.555887 IP (tos 0x0, ttl 62, id 4659, offset 0, flags [none], proto UDP (17), length 60)
10.1.201.111.52413 > 10.2.201.135.53: [udp sum ok] 54816+ MX? dns1b.thux.lan. (32)
23:36:44.556049 IP (tos 0x0, ttl 63, id 43435, offset 0, flags [none], proto UDP (17), length 141)
10.2.201.135.53 > 10.1.201.111.52413: [bad udp cksum 0xa784 -> 0xa739!] 54816 q: MX? dns1b.thux.lan. 0/1/0 ns: thux.lan. SOA a.misconfigured.dns.server.invalid. hostmaster.thux.lan. 2021092801 10800 3600 604800 3600 (113)
failing nslookup via coredns
============================
23:38:24.832545 IP (tos 0x0, ttl 61, id 38473, offset 0, flags [DF], proto UDP (17), length 60)
10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 10465+ A? dns1b.thux.lan. (32)
23:38:24.832545 IP (tos 0x0, ttl 61, id 38474, offset 0, flags [DF], proto UDP (17), length 60)
10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 12060+ AAAA? dns1b.thux.lan. (32)
23:38:24.832941 IP (tos 0x0, ttl 63, id 789, offset 0, flags [none], proto UDP (17), length 60)
10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x24bd!] 10465 ServFail q: A? dns1b.thux.lan. 0/0/0 (32)
23:38:24.833031 IP (tos 0x0, ttl 63, id 790, offset 0, flags [none], proto UDP (17), length 60)
10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x1e67!] 12060 ServFail q: AAAA? dns1b.thux.lan. 0/0/0 (32)
23:38:24.833495 IP (tos 0x0, ttl 61, id 38475, offset 0, flags [DF], proto UDP (17), length 60)
10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 10465+ A? dns1b.thux.lan. (32)
23:38:24.833495 IP (tos 0x0, ttl 61, id 38476, offset 0, flags [DF], proto UDP (17), length 60)
10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 12060+ AAAA? dns1b.thux.lan. (32)
23:38:24.833611 IP (tos 0x0, ttl 63, id 791, offset 0, flags [none], proto UDP (17), length 60)
10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x24bd!] 10465 ServFail q: A? dns1b.thux.lan. 0/0/0 (32)
23:38:24.833648 IP (tos 0x0, ttl 63, id 792, offset 0, flags [none], proto UDP (17), length 60)
10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x1e67!] 12060 ServFail q: AAAA? dns1b.thux.lan. 0/0/0 (32)
23:38:24.834003 IP (tos 0x0, ttl 61, id 38477, offset 0, flags [DF], proto UDP (17), length 60)
10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 10465+ A? dns1b.thux.lan. (32)
23:38:24.834076 IP (tos 0x0, ttl 63, id 793, offset 0, flags [none], proto UDP (17), length 60)
10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x24bd!] 10465 ServFail q: A? dns1b.thux.lan. 0/0/0 (32)
23:38:24.834099 IP (tos 0x0, ttl 61, id 38478, offset 0, flags [DF], proto UDP (17), length 60)
10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 12060+ AAAA? dns1b.thux.lan. (32)
23:38:24.834165 IP (tos 0x0, ttl 63, id 794, offset 0, flags [none], proto UDP (17), length 60)
10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x1e67!] 12060 ServFail q: AAAA? dns1b.thux.lan. 0/0/0 (32)
_______________________________________________
Pdns-users mailing list
Pdns-users at mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20211020/6af2c99b/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2341 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20211020/6af2c99b/attachment-0001.bin>
More information about the Pdns-users
mailing list