[Pdns-users] Failures of recursor from within pod/coredns OR dig

Chad chad at mercuryemail.net
Wed Oct 20 22:20:47 UTC 2021


I used these instructions and it was up and running within minutes. 

https://doc.powerdns.com/recursor/PowerDNS-Recursor.pdf

Make sure you have your allow list and your listening on IP 127.0.0.1 and the IP address of your Ethernet card 



On Oct 20, 2021, at 5:42 PM, Alessandro Dentella via Pdns-users <pdns-users at mailman.powerdns.com> wrote:


Hi,


I setup a PowerDNS Recursor that I would like to use as forwarder for a tiny
kubernetes cluster made with microk8s (that uses coredns).

I experiment failures of all queries to an internal domain (that has an
authorative PowerDNS isntance and is declared via forward-zones=thux.lan=...)
if made within a pod (and forwarded by coredns)

I cannot understand if there's something wrong in how I setup the domain, the
recursor or coredns.


If I operate from the node (as opposed to within the container), I notice that
`host` always work while dig does not:

 adk-c1:/home/src/setup-cluster/12-dns # dig dns1b.thux.lan @10.2.201.135

 ; <<>> DiG 9.16.1-Ubuntu <<>> dns1b.thux.lan @10.2.201.135
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3509
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 512
 ;; QUESTION SECTION:
 ;dns1b.thux.lan.            IN    A

 ;; Query time: 4 msec
 ;; SERVER: 10.2.201.135#53(10.2.201.135)
 ;; WHEN: Wed Oct 20 21:26:59 UTC 2021
 ;; MSG SIZE  rcvd: 43

 adk-c1:/home/src/setup-cluster/12-dns # host dns1b.thux.lan 10.2.201.135
 Using domain server:
 Name: 10.2.201.135
 Address: 10.2.201.135#53
 Aliases: 

 dns1b.thux.lan has address 10.2.201.135


I tried setting:

 edns-subnet-allow-list=thux.lan

but the problem persists. Can I configure PowerDNS recursor so that it answers
correctly to coredns and dig?

If I go directly to the Authoritative, it always answers correctly.

Below the tcpdum -vv of the 3 situations:

a) failing 'dig'
b) working 'host'
c) failing nslookup via coredns

TIA
sandro
*:-)

failing dig
===========

3:36:57.685822 IP (tos 0x0, ttl 62, id 7456, offset 0, flags [none], proto UDP (17), length 83)
   10.1.201.111.50970 > 10.2.201.135.53: [udp sum ok] 5350+ [1au] A? dns1b.thux.lan. ar: . OPT UDPsize=4096 [COOKIE 5793a6f5b3b006fd] (55)
23:36:57.686197 IP (tos 0x0, ttl 63, id 45508, offset 0, flags [none], proto UDP (17), length 71)
   10.2.201.135.53 > 10.1.201.111.50970: [bad udp cksum 0xa73e -> 0x6d47!] 5350 ServFail q: A? dns1b.thux.lan. 0/0/1 ar: . OPT UDPsize=512 (43)


working 'host'
==============

tcpdump: listening on ens19, link-type EN10MB (Ethernet), snapshot length 262144 bytes
23:36:44.554022 IP (tos 0x0, ttl 62, id 4657, offset 0, flags [none], proto UDP (17), length 60)
   10.1.201.111.57686 > 10.2.201.135.53: [udp sum ok] 52844+ A? dns1b.thux.lan. (32)
23:36:44.554368 IP (tos 0x0, ttl 63, id 43433, offset 0, flags [none], proto UDP (17), length 76)
   10.2.201.135.53 > 10.1.201.111.57686: [bad udp cksum 0xa743 -> 0x2d04!] 52844 q: A? dns1b.thux.lan. 1/0/0 dns1b.thux.lan. A 10.2.201.135 (48)
23:36:44.555049 IP (tos 0x0, ttl 62, id 4658, offset 0, flags [none], proto UDP (17), length 60)
   10.1.201.111.49752 > 10.2.201.135.53: [udp sum ok] 21562+ AAAA? dns1b.thux.lan. (32)
23:36:44.555328 IP (tos 0x0, ttl 63, id 43434, offset 0, flags [none], proto UDP (17), length 141)
   10.2.201.135.53 > 10.1.201.111.49752: [bad udp cksum 0xa784 -> 0x38d6!] 21562 q: AAAA? dns1b.thux.lan. 0/1/0 ns: thux.lan. SOA a.misconfigured.dns.server.invalid. hostmaster.thux.lan. 2021092801 10800 3600 604800 3600 (113)
23:36:44.555887 IP (tos 0x0, ttl 62, id 4659, offset 0, flags [none], proto UDP (17), length 60)
   10.1.201.111.52413 > 10.2.201.135.53: [udp sum ok] 54816+ MX? dns1b.thux.lan. (32)
23:36:44.556049 IP (tos 0x0, ttl 63, id 43435, offset 0, flags [none], proto UDP (17), length 141)
   10.2.201.135.53 > 10.1.201.111.52413: [bad udp cksum 0xa784 -> 0xa739!] 54816 q: MX? dns1b.thux.lan. 0/1/0 ns: thux.lan. SOA a.misconfigured.dns.server.invalid. hostmaster.thux.lan. 2021092801 10800 3600 604800 3600 (113)


failing nslookup via coredns
============================

23:38:24.832545 IP (tos 0x0, ttl 61, id 38473, offset 0, flags [DF], proto UDP (17), length 60)
   10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 10465+ A? dns1b.thux.lan. (32)
23:38:24.832545 IP (tos 0x0, ttl 61, id 38474, offset 0, flags [DF], proto UDP (17), length 60)
   10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 12060+ AAAA? dns1b.thux.lan. (32)
23:38:24.832941 IP (tos 0x0, ttl 63, id 789, offset 0, flags [none], proto UDP (17), length 60)
   10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x24bd!] 10465 ServFail q: A? dns1b.thux.lan. 0/0/0 (32)
23:38:24.833031 IP (tos 0x0, ttl 63, id 790, offset 0, flags [none], proto UDP (17), length 60)
   10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x1e67!] 12060 ServFail q: AAAA? dns1b.thux.lan. 0/0/0 (32)
23:38:24.833495 IP (tos 0x0, ttl 61, id 38475, offset 0, flags [DF], proto UDP (17), length 60)
   10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 10465+ A? dns1b.thux.lan. (32)
23:38:24.833495 IP (tos 0x0, ttl 61, id 38476, offset 0, flags [DF], proto UDP (17), length 60)
   10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 12060+ AAAA? dns1b.thux.lan. (32)
23:38:24.833611 IP (tos 0x0, ttl 63, id 791, offset 0, flags [none], proto UDP (17), length 60)
   10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x24bd!] 10465 ServFail q: A? dns1b.thux.lan. 0/0/0 (32)
23:38:24.833648 IP (tos 0x0, ttl 63, id 792, offset 0, flags [none], proto UDP (17), length 60)
   10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x1e67!] 12060 ServFail q: AAAA? dns1b.thux.lan. 0/0/0 (32)
23:38:24.834003 IP (tos 0x0, ttl 61, id 38477, offset 0, flags [DF], proto UDP (17), length 60)
   10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 10465+ A? dns1b.thux.lan. (32)
23:38:24.834076 IP (tos 0x0, ttl 63, id 793, offset 0, flags [none], proto UDP (17), length 60)
   10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x24bd!] 10465 ServFail q: A? dns1b.thux.lan. 0/0/0 (32)
23:38:24.834099 IP (tos 0x0, ttl 61, id 38478, offset 0, flags [DF], proto UDP (17), length 60)
   10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 12060+ AAAA? dns1b.thux.lan. (32)
23:38:24.834165 IP (tos 0x0, ttl 63, id 794, offset 0, flags [none], proto UDP (17), length 60)
   10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x1e67!] 12060 ServFail q: AAAA? dns1b.thux.lan. 0/0/0 (32)


_______________________________________________
Pdns-users mailing list
Pdns-users at mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20211020/6af2c99b/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2341 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20211020/6af2c99b/attachment-0001.bin>


More information about the Pdns-users mailing list