[Pdns-users] Recursive Forwarders

Holmes, Timothy tholmes at holycross.edu
Wed Aug 24 19:27:15 UTC 2022 

Thanks Otto, definitely is the correct config file, if for instance I
change the host-hints-file look up to no, the service fails to load and
indicates it cant find the file named no (assume we're not on that version
yet... separate issue.. )

I conclude it's ignoring the forward zones recurse because at the
enterprise edge firewall the only dns lookups I see coming from the box (by
the vast volumes) and heading outside are heading to other name servers
than anything I specified. Looks like typical root hint type recursive
lookups. Not a single instance for the specified forwarder(s).

I did confirm that dig's etc to 9.9.9.9 etc in CLI do allow just fine, so
there is no local firewall blockage.

Any other thoughts? Seems odd, but I am new to PDNS..

Best, Tim



On Wed, Aug 24, 2022 at 3:13 PM Otto Moerbeek <otto at drijf.net> wrote:

> On Wed, Aug 24, 2022 at 09:05:46PM +0200, Otto Moerbeek via Pdns-users
> wrote:
>
> > On Wed, Aug 24, 2022 at 02:09:11PM -0400, Holmes, Timothy via Pdns-users
> wrote:
> >
> > > Hi Team,
> > >
> > > I have what I hope is a simple question I'm unable to find a better
> answer
> > > for. I would like to add some external forwarders to our recursor
> > > instances. These are live running prod instances. I verified the live
> paths
> > > and updated the recursor.config's to reflect
> > >
> > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2
> > > and also tried forward-zones-recurse=.=9.9.9.9
> > >
> > > Each time pushed a restart and verified. Each time the root name hints
> seem
> > > to still be the default behavior including after removing the
> referenced
> > > root hint file entry.
> > >
> > > sudo service pdns-recursor restart
> > > sudo service pdns-recursor status
> > >
> > > Am I missing something obvious, or will the root hints always take
> > > precedence?
> > >
> > > Thanks, Tim
> > > --
> > >
> > > [image: College of the Holy Cross Logo]
> > >
> > > *TIM HOLMES*
> > > *Chief Information Security Officer*
> > > Information Technology Services
> > > tholmes at holycross.edu
> > > Pronouns: He/Him/His
> >
> > Syntax loogs good. Checks the log, when starting up the recusor logs
> > the redirects configged. If it does not do that, you are using another
> > config file than you are editing. Maybe an alternate --config-dir?
>
> Also, how do you conclude it is ingnoring the forward-zones-recurse?
>
>         -Otto
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220824/de9bc6c4/attachment.htm>

More information about the Pdns-users mailing list