[Pdns-users] pdns-recursor suddenly started to answer with content from . zone instead of what is configured in forward.zones.
Otto Moerbeek
otto at drijf.net
Tue Sep 21 18:10:48 UTC 2021
On Tue, Sep 21, 2021 at 06:20:16PM +0200, Peter van Dijk via Pdns-users wrote:
> Hello Thomas,
>
> On Tue, 2021-09-21 at 13:53 +0200, Thomas Mieslinger via Pdns-users
> wrote:
> > dog. 80 IN NSEC domains. NS DS RRSIG NSEC
>
> This looks like aggressive NSEC reuse (
> https://datatracker.ietf.org/doc/html/rfc8198) and/or NXDOMAIN: There
> Really Is Nothing Underneath (
> https://datatracker.ietf.org/doc/html/rfc8020).
>
> Can you try aggressive-nsec-cache-size=0 (on 4.5.1) and/or
> nothing-below-nxdomain=no (4.3.5 and 4.5.1) please?
>
> Kind regards,
> --
> Peter van Dijk
> PowerDNS.COM BV - https://www.powerdns.com/
It also is possible that the IPs being forwarded to are throttled.
This can happen on (intermittent) network issues by the recursor, or
by the servers serving those IPs. The first case can be solved adding
the IPs to the dont-throttle-netmasks list:
https://docs.powerdns.com/recursor/settings.html#dont-throttle-netmasks
Potential throttling by the servers being forwarded to should be
investigated on those servers.
-Otto
More information about the Pdns-users
mailing list