[Pdns-users] Recursive Forwarders

Holmes, Timothy tholmes at holycross.edu
Wed Aug 24 20:49:32 UTC 2022 

Bingo, THANK you. There was another config file (probably some old legacy
thing given the versioning) in /etc/powerdns/recursor.d that was taking
precedence. It's off to the races now.

Aug 24 16:46:50 cache1 pdns_recursor[494188]: Redirecting queries for zone
'.' with recursion to: 9.9.9.9:53, 1.1.1.2:53

Cheers,

Best, Tim

forward-zones-recurse+=opcenter.aws=10.40.1.4,webdev.aws=10.40.1.4,webprod.aws=1
                                  0.40.1.4

On Wed, Aug 24, 2022 at 4:27 PM Otto Moerbeek <otto at drijf.net> wrote:

> On Wed, Aug 24, 2022 at 04:16:49PM -0400, Holmes, Timothy wrote:
>
> > Full(er) log, I dont see any reference to the forwarders..
> > Best, Tim
>
> Indeed, no log lin wrt recursive forwarding. You do have in your config:
>
> include-dir=/etc/powerdns/recursor.d
>
> So it could be a file in there overriding things.
>
> *BUT* you edited the log. Please do not do that. It makes it hard for
> us to help you.
>
> Your local address from your posted config is 127.0.0.1. But the log shows
> x.x.x.x.
>
> See
> https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/
>
>         -Otto
>
>
> >
> > Aug 24 16:12:17 cache1 systemd[1]: Stopping PowerDNS Recursor...
> > Aug 24 16:12:17 cache1 systemd[1]: pdns-recursor.service: Succeeded.
> > Aug 24 16:12:17 cache1 systemd[1]: Stopped PowerDNS Recursor.
> > Aug 24 16:12:17 cache1 systemd[1]: Starting PowerDNS Recursor...
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Aug 24 16:12:17 Asked to
> run
> > with pdns-distributes-queries set but no distributor threads, raising to
> 1
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS Recursor 4.2.1 (C)
> > 2001-2019 PowerDNS.COM BV
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Using 64-bits mode. Built
> > using gcc 9.2.1 20200202.
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS comes with
> > ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to
> > redistribute it according to the terms of the GPL version 2.
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: NOT using IPv6 for outgoing
> > queries - set 'query-local-address6=::' to enable
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Only allowing queries from:
> > 10.0.0.0/8, 127.0.0.1/32, 192.133.83.0/24, 192.168.0.0/16, 172.31.8.0/22
> ,
> > 172.31.12.0/22, 172.31.32.0/20, 172.31.64.0/20, 172.31.0.0/22,
> > 172.31.16.0/20, 172.31.80.0/20, 172.31.48.0/20, 172.31.4.0/22
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Loaded the Public Suffix
> List
> > from '/usr/share/publicsuffix/public_suffix_list.dat'
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Will not send queries to:
> > 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16,
> > 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24,
> > 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96,
> > ::ffff:0:0/96, 100::/64, 2001:db8::/32, 0.0.0.0, ::
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS Recursor itself
> will
> > distribute queries over threads
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Redirecting queries for
> zone '
> > holycross.edu' to: x.x.x.x
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Inserting rfc 1918 private
> > space zones
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Will not overwrite zone
> > '10.in-addr.arpa' already loaded
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Listening for UDP queries
> on
> > x.x.x.x:53
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Enabled TCP data-ready
> filter
> > for (slight) DoS protection
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Listening for TCP queries
> on
> > x.x.x.x:53
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Set effective group id to
> 121
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Set effective user id to
> 114
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Launching 1 distributor
> > threads
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Launching 2 worker threads
> > Aug 24 16:12:17 cache1 systemd[1]: Started PowerDNS Recursor.
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Done priming cache with
> root
> > hints
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Done priming cache with
> root
> > hints
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: message repeated 2 times: [
> > Done priming cache with root hints]
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Enabled 'epoll' multiplexer
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 199 questions, 1279
> > cache entries, 31 negative entries, 3% cache hits
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: throttle map: 0, ns
> > speeds: 668, failed ns: 0, ednsmap: 269
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: outpacket/query
> ratio
> > 248%, 0% throttled, 0 no-delegation drops
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 3 outgoing tcp
> > connections, 33 queries running, 0 outgoing timeouts
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 145 packet cache
> > entries, 7% packet cache hits
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: thread 0 has been
> > distributed 109 queries
> > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: thread 1 has been
> > distributed 87 queries
> >
> > On Wed, Aug 24, 2022 at 4:02 PM Otto Moerbeek via Pdns-users <
> > pdns-users at mailman.powerdns.com> wrote:
> >
> > > On Wed, Aug 24, 2022 at 09:51:49PM +0200, Leendert Meyer via Pdns-users
> > > wrote:
> > >
> > > > Hello Timothy,
> > > >
> > > > On Wednesday, 24 August 2022 20:09:11 CEST Holmes, Timothy via
> > > Pdns-users
> > > > wrote:
> > > >
> > > > <snip>
> > > >
> > > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2
> > > > > and also tried forward-zones-recurse=.=9.9.9.9
> > > > >
> > > > > Each time pushed a restart and verified. Each time the root name
> hints
> > > seem
> > > > > to still be the default behavior including after removing the
> > > referenced
> > > > > root hint file entry.
> > > >
> > > > <snip>
> > > >
> > > > > Am I missing something obvious, or will the root hints always take
> > > > > precedence?
> > > >
> > > > Whithout testing, the ‘=.=’ seems odd.
> > > >
> > > > You probably have to change ‘=.=’ into ‘=’.
> > >
> > > Npe, that is the syntax to forward everything:
> > >
> > > forward-zones-recurse=.=9.9.9.9;1.1.1.1
> > >
> > > Leads to:
> > >
> > > Aug 24 22:00:33 Redirecting queries for zone '.' with recursion to:
> > > 9.9.9.9:53, 1.1.1.1:53
> > >
> > > It basically turns a full recursor into just a cache. Plus you are now
> > > depdendent on the forwarded-to resolvers. So there are drawbacks.
> > >
> > >         -Otto
> > >
> > > >
> > > > Kind regards,
> > > >
> > > > Leen
> > >
> > > > _______________________________________________
> > > > Pdns-users mailing list
> > > > Pdns-users at mailman.powerdns.com
> > > > https://mailman.powerdns.com/mailman/listinfo/pdns-users
> > >
> > > _______________________________________________
> > > Pdns-users mailing list
> > > Pdns-users at mailman.powerdns.com
> > > https://mailman.powerdns.com/mailman/listinfo/pdns-users
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220824/899ec336/attachment-0001.htm>

More information about the Pdns-users mailing list