[Pdns-users] pdns-recursor suddenly started to answer with content from . zone instead of what is configured in forward.zones.

Otto Moerbeek otto at drijf.net
Tue Sep 21 18:10:48 UTC 2021

On Tue, Sep 21, 2021 at 06:20:16PM +0200, Peter van Dijk via Pdns-users wrote:

> Hello Thomas,
> On Tue, 2021-09-21 at 13:53 +0200, Thomas Mieslinger via Pdns-users
> wrote:
> > dog.                    80 IN NSEC domains. NS DS RRSIG NSEC
> This looks like aggressive NSEC reuse (
> https://datatracker.ietf.org/doc/html/rfc8198) and/or NXDOMAIN: There
> Really Is Nothing Underneath (
> https://datatracker.ietf.org/doc/html/rfc8020).
> Can you try aggressive-nsec-cache-size=0 (on 4.5.1) and/or
> nothing-below-nxdomain=no (4.3.5 and 4.5.1) please?
> Kind regards,
> -- 
> Peter van Dijk
> PowerDNS.COM BV - https://www.powerdns.com/

It also is possible that the IPs being forwarded to are throttled.
This can happen on (intermittent) network issues by the recursor, or
by the servers serving those IPs. The first case can be solved adding
the IPs to the dont-throttle-netmasks list:

Potential throttling by the servers being forwarded to should be
investigated on those servers.


More information about the Pdns-users mailing list