[Pdns-users] stupid recursor question

Curtis Maurand curtis at maurand.com
Tue Dec 6 17:41:39 UTC 2022

You can use either xyonet.com or cybernexus.net

On 12/6/22 12:26, Brian Candler wrote:
> On 06/12/2022 17:06, Curtis Maurand via Pdns-users wrote:
>> On the authoritative server I host a domain that I'll call domain.tld 
>> as the example.
> It really helps if you give the real domain, since many problems can 
> be diagnosed easily by querying the auth nameserver. See
> https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/
> Is this a real domain, i.e. does your authoritative server have a 
> public IP address and NS records pointing at it?  I am guessing that 
> it is, since you say it's dnssec signed.  Is your auth server behind 
> any sort of NAT?
>> All seems to be well, until I query the local recursor which returns 
>> nothing.  It answers, but doesn't return a response.
> Define "nothing": NOERROR with no records, NXDOMAIN, SERVFAIL, 
> something else?
> Can your recursor reach the authoritative server on its public IP address?
> That is, from the shell of the recursor, can you query the auth server 
> like this:
> dig +norec @x.x.x.x domain.tld. a
>>  I've tried forward-zones = domain.tld=; and that 
>> doesn't seem to work.
> You can run tcpdump to see whether the recursor is sending queries to 
>, and if so, what response it gets.
> tcpdump -i eth0 -nn -s0 -v port 53 and host

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20221206/4d5f5814/attachment.htm>

More information about the Pdns-users mailing list