[Pdns-users] DNAME randomly failing on Linux clients

[Adam Cecile]

On 4/6/22 11:18, Brian Candler wrote:
> If I understand that right: you have dnsdist and auth running on the 
> local server, and recursor is on a remote server?
>
> If your requirements are simple, for basic DNS querying you may not 
> need dnsdist at all.  Just run the recursor on port 53, and use 
> forward-zones / forward-zones-recurse as you do today. Looking at your 
> config though, maybe it's to do with AXFR/IXFR requirements though.
>
>
>> Any idea ? I can definitely make TCPDumps at some point but I'm not 
>> sure to able to understand them ;-)
> If the above statement is true, you'll need two simultaneously, in 
> separate windows:
>
> tcpdump -i lo -nn -s0 -v port 53 or port 5353
>
> tcpdump -i eth0 -nn -s0 -v port 53
>
> It should decode the packets for you, so it should be clear. (Except 
> port 5353. New version of tcpdump have "-T domain" to force decoding 
> as DNS, but you'll need a very recent version; Ubuntu 20.04 is not new 
> enough)
>
> The tcpdumps will show:
>
> - queries from dig to dnsdist (53) and dnsdist to auth (5353)
> - queries from dnsdist to recursor
>
No I have actually three identical servers shared a MySQL cluster used 
as PowerDNS backend for authoritative zones

I need some recursion / logging facilities so I added on top of them 
(same machine) pdns-recursor or dnsdist. I first went for recursor but 
ended up thinking dnsdist was more flexible (especially on filtering 
updates / axfr, you're right).

That's why I basically have both of them available on each server and 
can very easily switch between them for testing purpose.

I'll check the tcpdump thinggy, should be trivial task to backport 
Debian's version to stable.


Adam.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220406/dfb14eea/attachment.htm>