[Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

abang at t-ipnet.net abang at t-ipnet.net
Thu Sep 22 08:26:51 UTC 2022


True, TCP is broken as well.

Am 22. September 2022 10:01:58 MESZ schrieb Otto Moerbeek <otto at drijf.net>:
>On Thu, Sep 22, 2022 at 09:41:57AM +0200, abang--- via Pdns-users wrote:
>
>> The "NSEC3 proving non-existence" of this zone is broken. See
>>  https://dnsviz.net/d/riecis.nl/dnssec/?rr=all&a=all&ds=all&doe=on&ta=.&tk=
>> 
>> You can workaround this issue by setting a NTA for it on your Recursors. It is recommended to inform the owner of the zone in order to fix the root cause.
>> 
>> Winfried 
>
>Agreed, but given my findings in the other post I'm not convinced it
>will solve *all* issues with that domain.
>
>	-Otto
>
>> 
>> 
>> 
>> Am 22. September 2022 09:27:20 MESZ schrieb Leeflangetje via Pdns-users <pdns-users at mailman.powerdns.com>:
>> >Hi,
>> >
>> >Since we upgraded to pdns-recursor 4.6 we sometimes experience some
>> >weird behaviour with queries via pdns-recursor.
>> >
>> >Sometimes, when a previously queried record expires through it's TTL,
>> >the recursor does not provide an answer anymore, until it's restarted.
>> >
>> >Unfortunately I am not able to reproduce this. It happens occasionally.
>> >When it happens, we see this: 
>> >
>> >Faulty server:
>> >
>> >dig @ns1 riecis.nl A
>> >
>> >; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @ns1 riecis.nl A
>> >; (1 server found)
>> >;; global options: +cmd
>> >;; Got answer:
>> >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27148
>> >;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>> >
>> >;; OPT PSEUDOSECTION:
>> >; EDNS: version: 0, flags:; udp: 512
>> >;; QUESTION SECTION:
>> >;riecis.nl.         IN  A
>> >
>> >;; AUTHORITY SECTION:
>> >riecis.nl.      2828    IN  SOA ns1.minvenj.nl. hostmaster.solvinity.com. 2022010301 1800 300 604800 3600
>> >
>> >;; Query time: 2 msec
>> >;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
>> >;; WHEN: Tue Sep 20 12:16:55 CEST 2022
>> >;; MSG SIZE  rcvd: 110
>> >
>> >other server:
>> >
>> >dig @ns2  riecis.nl A
>> >
>> >; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @ns2 riecis.nl A
>> >; (1 server found)
>> >;; global options: +cmd
>> >;; Got answer:
>> >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61517
>> >;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>> >
>> >;; OPT PSEUDOSECTION:
>> >; EDNS: version: 0, flags:; udp: 512
>> >;; QUESTION SECTION:
>> >;riecis.nl.         IN  A
>> >
>> >;; ANSWER SECTION:
>> >riecis.nl.      224 IN  A   159.46.204.40
>> >
>> >;; Query time: 1 msec
>> >;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
>> >;; WHEN: Tue Sep 20 12:17:03 CEST 2022
>> >;; MSG SIZE  rcvd: 54
>> >
>> >
>> >We have a fairly simple configuration, just on what address and port to
>> > listen on, to use the same address for outgoing queries, en a short li
>> >st of addresses that are allowed to query.
>> >
>> >I have confirmed this problem upto and including version 4.6.3
>> >
>> >Anyone an idea on how to approach this matter?
>> >
>> >Regards
>> >
>> >
>> >
>
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220922/47938318/attachment.htm>


More information about the Pdns-users mailing list