[Pdns-users] Low ttl with combination of forward zones makes queries fail
Otto Moerbeek
otto at drijf.net
Tue Feb 8 12:32:44 UTC 2022
On Tue, Feb 08, 2022 at 12:15:42PM +0000, Brian Candler via Pdns-users wrote:
> On 08/02/2022 12:08, Prochazka via Pdns-users wrote:
> >
> > Pdns recursor config:
> >
> > ...
> > forward-zones=
> > forward-zones+=some.domain.tld=AUTH1_ipv6
> > forward-zones+=some.domain.tld=AUTH1_ipv4
> > forward-zones+=some.domain.tld=AUTH2_ipv6
> > forward-zones+=some.domain.tld=AUTH2_ipv4
> > forward-zones+=some.domain.tld=AUTH3_ipv6
> > forward-zones+=some.domain.tld=AUTH3_ipv4
> > forward-zones+=some.domain.tld=AUTH4_ipv6
> > forward-zones+=some.domain.tld=AUTH4_ipv4
> > ...
>
> Have you tried listing the destinations on the same line, separated by
> semicolons <https://docs.powerdns.com/recursor/settings.html#forward-zones>?
>
> forward-zones+=some.domain.tld=AUTH1_ipv6;AUTH1_ipv4;AUTH2_ipv6;...etc
Bright is right, the config above boils down to having a single
some.domain.tld forward with the last auth mentioned.
Check the startup logs, it should something like:
Feb 08 13:31:53 Redirecting queries for zone 'some.domain.tld' to: 1.2.3.4:53, 3.4.5.6:53
Feb 08 13:31:53 Redirecting queries for zone 'other.domain.tld' to: 4.5.6.7:53, 8.9.10.11:53
If it shows multiple lines with the same target domain, only the last
will be effective.
-Otto
>
> Personally I would use forward-zones-file to make this cleaner. Also, I
> wouldn't forward to both ipv4 and ipv6 on the same server; if the server is
> down, it's going to be unreachable via both.
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list