[Pdns-users] Recursive Forwarders

Otto Moerbeek otto at drijf.net
Wed Aug 24 19:48:36 UTC 2022 

On Wed, Aug 24, 2022 at 03:39:06PM -0400, Holmes, Timothy wrote:

> I dont believe we have those configured currently..at least not any named
> way..  I do have:
> 
> pdns-recursor.service - PowerDNS Recursor
>      Loaded: loaded (/lib/systemd/system/pdns-recursor.service; enabled;
> vendor preset: enabled)
>      Active: active (running) since Wed 2022-08-24 15:19:00 EDT; 3s ago
>        Docs: man:pdns_recursor(1)
>              man:rec_control(1)
>              https://doc.powerdns.com
>    Main PID: 490386 (pdns_recursor)
>       Tasks: 5 (limit: 9437)
>      Memory: 10.1M
>      CGroup: /system.slice/pdns-recursor.service
>              └─490386 /usr/sbin/pdns_recursor --daemon=no --write-pid=no
> --disable-syslog --log-timestamp=no
> 
> Aug 24 15:19:00 cache1.holycross.edu pdns_recursor[490386]: Done priming
> cache with root hints
> Aug 24 15:19:00 cache1.holycross.edu pdns_recursor[490386]: Done priming
> cache with root hints
> Aug 24 15:19:00 cache1.holycross.edu pdns_recursor[490386]: Enabled 'epoll'
> multiplexer
> Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: 187
> questions, 1221 cache entries, 19 negative entries, 1% cache hits
> Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: throttle
> map: 1, ns speeds: 677, failed ns: 0, ednsmap: 257
> Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats:
> outpacket/query ratio 250%, 0% throttled, 0 no-delegation drops
> Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: 5
> outgoing tcp connections, 18 queries running, 0 outgoing timeouts
> Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: 151
> packet cache entries, 6% packet cache hits
> Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: thread 0
> has been distributed 87 queries
> Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: thread 1
> has been distributed 98 queries

We need all the lines, starting with the Copyright banner.

	-Otto
> 
> On Wed, Aug 24, 2022 at 3:35 PM Otto Moerbeek <otto at drijf.net> wrote:
> 
> > On Wed, Aug 24, 2022 at 03:27:15PM -0400, Holmes, Timothy wrote:
> >
> > > Thanks Otto, definitely is the correct config file, if for instance I
> > > change the host-hints-file look up to no, the service fails to load and
> > > indicates it cant find the file named no (assume we're not on that
> > version
> > > yet... separate issue.. )
> > >
> > > I conclude it's ignoring the forward zones recurse because at the
> > > enterprise edge firewall the only dns lookups I see coming from the box
> > (by
> > > the vast volumes) and heading outside are heading to other name servers
> > > than anything I specified. Looks like typical root hint type recursive
> > > lookups. Not a single instance for the specified forwarder(s).
> > >
> > > I did confirm that dig's etc to 9.9.9.9 etc in CLI do allow just fine, so
> > > there is no local firewall blockage.
> > >
> > > Any other thoughts? Seems odd, but I am new to PDNS..
> >
> > Please show the startup log.
> >
> >         -Otto
> >
> > >
> > > Best, Tim
> > >
> > >
> > >
> > > On Wed, Aug 24, 2022 at 3:13 PM Otto Moerbeek <otto at drijf.net> wrote:
> > >
> > > > On Wed, Aug 24, 2022 at 09:05:46PM +0200, Otto Moerbeek via Pdns-users
> > > > wrote:
> > > >
> > > > > On Wed, Aug 24, 2022 at 02:09:11PM -0400, Holmes, Timothy via
> > Pdns-users
> > > > wrote:
> > > > >
> > > > > > Hi Team,
> > > > > >
> > > > > > I have what I hope is a simple question I'm unable to find a better
> > > > answer
> > > > > > for. I would like to add some external forwarders to our recursor
> > > > > > instances. These are live running prod instances. I verified the
> > live
> > > > paths
> > > > > > and updated the recursor.config's to reflect
> > > > > >
> > > > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2
> > > > > > and also tried forward-zones-recurse=.=9.9.9.9
> > > > > >
> > > > > > Each time pushed a restart and verified. Each time the root name
> > hints
> > > > seem
> > > > > > to still be the default behavior including after removing the
> > > > referenced
> > > > > > root hint file entry.
> > > > > >
> > > > > > sudo service pdns-recursor restart
> > > > > > sudo service pdns-recursor status
> > > > > >
> > > > > > Am I missing something obvious, or will the root hints always take
> > > > > > precedence?
> > > > > >
> > > > > > Thanks, Tim
> > > > > > --
> > > > > >
> > > > > > [image: College of the Holy Cross Logo]
> > > > > >
> > > > > > *TIM HOLMES*
> > > > > > *Chief Information Security Officer*
> > > > > > Information Technology Services
> > > > > > tholmes at holycross.edu
> > > > > > Pronouns: He/Him/His
> > > > >
> > > > > Syntax loogs good. Checks the log, when starting up the recusor logs
> > > > > the redirects configged. If it does not do that, you are using
> > another
> > > > > config file than you are editing. Maybe an alternate --config-dir?
> > > >
> > > > Also, how do you conclude it is ingnoring the forward-zones-recurse?
> > > >
> > > >         -Otto
> > > >
> >

More information about the Pdns-users mailing list