[Pdns-users] stupid recursor question

Curtis Maurand curtis at maurand.com
Tue Dec 6 17:41:39 UTC 2022


You can use either xyonet.com or cybernexus.net



On 12/6/22 12:26, Brian Candler wrote:
> On 06/12/2022 17:06, Curtis Maurand via Pdns-users wrote:
>> On the authoritative server I host a domain that I'll call domain.tld 
>> as the example.
>
> It really helps if you give the real domain, since many problems can 
> be diagnosed easily by querying the auth nameserver. See
>
> https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/
>
> Is this a real domain, i.e. does your authoritative server have a 
> public IP address and NS records pointing at it?  I am guessing that 
> it is, since you say it's dnssec signed.  Is your auth server behind 
> any sort of NAT?
>
>
>> All seems to be well, until I query the local recursor which returns 
>> nothing.  It answers, but doesn't return a response.
>
> Define "nothing": NOERROR with no records, NXDOMAIN, SERVFAIL, 
> something else?
>
> Can your recursor reach the authoritative server on its public IP address?
>
> That is, from the shell of the recursor, can you query the auth server 
> like this:
>
> dig +norec @x.x.x.x domain.tld. a
>
>
>>  I've tried forward-zones = domain.tld=192.168.100.30; and that 
>> doesn't seem to work.
>
> You can run tcpdump to see whether the recursor is sending queries to 
> 192.168.100.30, and if so, what response it gets.
>
> tcpdump -i eth0 -nn -s0 -v port 53 and host 192.168.100.30
>
>

-- 
Curtis
https://curtis.maurand.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20221206/4d5f5814/attachment.htm>


More information about the Pdns-users mailing list