[Pdns-users] Recursive Forwarders

Otto Moerbeek otto at drijf.net
Wed Aug 24 19:35:32 UTC 2022 

On Wed, Aug 24, 2022 at 03:27:15PM -0400, Holmes, Timothy wrote:

> Thanks Otto, definitely is the correct config file, if for instance I
> change the host-hints-file look up to no, the service fails to load and
> indicates it cant find the file named no (assume we're not on that version
> yet... separate issue.. )
> 
> I conclude it's ignoring the forward zones recurse because at the
> enterprise edge firewall the only dns lookups I see coming from the box (by
> the vast volumes) and heading outside are heading to other name servers
> than anything I specified. Looks like typical root hint type recursive
> lookups. Not a single instance for the specified forwarder(s).
> 
> I did confirm that dig's etc to 9.9.9.9 etc in CLI do allow just fine, so
> there is no local firewall blockage.
> 
> Any other thoughts? Seems odd, but I am new to PDNS..

Please show the startup log.

	-Otto

> 
> Best, Tim
> 
> 
> 
> On Wed, Aug 24, 2022 at 3:13 PM Otto Moerbeek <otto at drijf.net> wrote:
> 
> > On Wed, Aug 24, 2022 at 09:05:46PM +0200, Otto Moerbeek via Pdns-users
> > wrote:
> >
> > > On Wed, Aug 24, 2022 at 02:09:11PM -0400, Holmes, Timothy via Pdns-users
> > wrote:
> > >
> > > > Hi Team,
> > > >
> > > > I have what I hope is a simple question I'm unable to find a better
> > answer
> > > > for. I would like to add some external forwarders to our recursor
> > > > instances. These are live running prod instances. I verified the live
> > paths
> > > > and updated the recursor.config's to reflect
> > > >
> > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2
> > > > and also tried forward-zones-recurse=.=9.9.9.9
> > > >
> > > > Each time pushed a restart and verified. Each time the root name hints
> > seem
> > > > to still be the default behavior including after removing the
> > referenced
> > > > root hint file entry.
> > > >
> > > > sudo service pdns-recursor restart
> > > > sudo service pdns-recursor status
> > > >
> > > > Am I missing something obvious, or will the root hints always take
> > > > precedence?
> > > >
> > > > Thanks, Tim
> > > > --
> > > >
> > > > [image: College of the Holy Cross Logo]
> > > >
> > > > *TIM HOLMES*
> > > > *Chief Information Security Officer*
> > > > Information Technology Services
> > > > tholmes at holycross.edu
> > > > Pronouns: He/Him/His
> > >
> > > Syntax loogs good. Checks the log, when starting up the recusor logs
> > > the redirects configged. If it does not do that, you are using another
> > > config file than you are editing. Maybe an alternate --config-dir?
> >
> > Also, how do you conclude it is ingnoring the forward-zones-recurse?
> >
> >         -Otto
> >

More information about the Pdns-users mailing list