[Pdns-users] stupid recursor question
Curtis Maurand
curtis at maurand.com
Tue Dec 6 17:41:39 UTC 2022
You can use either xyonet.com or cybernexus.net
On 12/6/22 12:26, Brian Candler wrote:
> On 06/12/2022 17:06, Curtis Maurand via Pdns-users wrote:
>> On the authoritative server I host a domain that I'll call domain.tld
>> as the example.
>
> It really helps if you give the real domain, since many problems can
> be diagnosed easily by querying the auth nameserver. See
>
> https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/
>
> Is this a real domain, i.e. does your authoritative server have a
> public IP address and NS records pointing at it? I am guessing that
> it is, since you say it's dnssec signed. Is your auth server behind
> any sort of NAT?
>
>
>> All seems to be well, until I query the local recursor which returns
>> nothing. It answers, but doesn't return a response.
>
> Define "nothing": NOERROR with no records, NXDOMAIN, SERVFAIL,
> something else?
>
> Can your recursor reach the authoritative server on its public IP address?
>
> That is, from the shell of the recursor, can you query the auth server
> like this:
>
> dig +norec @x.x.x.x domain.tld. a
>
>
>> I've tried forward-zones = domain.tld=192.168.100.30; and that
>> doesn't seem to work.
>
> You can run tcpdump to see whether the recursor is sending queries to
> 192.168.100.30, and if so, what response it gets.
>
> tcpdump -i eth0 -nn -s0 -v port 53 and host 192.168.100.30
>
>
--
Curtis
https://curtis.maurand.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20221206/4d5f5814/attachment.htm>
More information about the Pdns-users
mailing list