[Pdns-users] Problems with PowerDNS and specific Domain
Winfried Angele
abang at t-ipnet.net
Thu Feb 2 11:54:23 UTC 2023
Hello Markus,
See also
https://docs.powerdns.com/recursor/settings.html#server-down-throttle-time
https://docs.powerdns.com/recursor/settings.html#dont-throttle-names
https://docs.powerdns.com/recursor/settings.html#dont-throttle-netmasks
Winfried
On 02.02.23 12:11, Winfried Angele via Pdns-users wrote:
> Hello Markus,
>
> ns1.namecity.com (62.128.193.35) and ns2.namecity.com (84.22.161.171)
> does not respond reliably. Many timeouts. But sometimes they answer
> anyway. I guess it was a coincidence that it worked with unbound.
>
> Winfried
>
> On 02.02.23 11:52, Markus Ehrlicher via Pdns-users wrote:
>> Hello Winfried,
>>
>> thanks for your feedback. I thought the same, so I made another test
>> with unbound on a testserver. Unbound can do the lookup, pdns-recursor
>> not. Both recursors are completely "unconfigured" (nothing changed
>> after install) on this testsystem:
>>
>> root at TESTSERVER:~# service unbound start
>> * Starting recursive DNS server
>> unbound [ OK ]
>> root at TESTSERVER:~# unbound-control flush_zone igspn.com ok removed 0
>> rrsets, 0 messages and 0 key entries root at TESTSERVER:~# netstat
>> -tulpen | grep ":53"
>> tcp 0 0 0.0.0.0:53 0.0.0.0:*
>> LISTEN 0 22791 4846/unbound
>> udp 0 0 0.0.0.0:53
>> 0.0.0.0:* 0 22790 4846/unbound
>> root at TESTSERVER:~# dig ws.igspn.com @localhost
>>
>> ; <<>> DiG 9.9.5-3ubuntu0.19+esm9-Ubuntu <<>> ws.igspn.com @localhost
>> ;; global options: +cmd ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55176 ;; flags: qr
>> rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;ws.igspn.com. IN A
>>
>> ;; ANSWER SECTION:
>> ws.igspn.com. 3132 IN A 210.118.78.162
>>
>> ;; Query time: 2 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Thu Feb 02 11:46:26 CET 2023
>> ;; MSG SIZE rcvd: 57
>>
>> root at TESTSERVER:~# service unbound stop
>> * Stopping recursive DNS server
>> unbound [ OK ]
>> root at TESTSERVER:~# service pdns-recursor start
>> * Starting PowerDNS recursor
>> pdns-recursor [ OK ]
>> root at TESTSERVER:~# rec_control wipe-cache igspn.com$ wiped 0 records,
>> 0 negative records root at TESTSERVER:~# netstat -tulpen | grep ":53"
>> tcp 0 0 127.0.0.1:53 0.0.0.0:*
>> LISTEN 0 23092 5036/pdns_recursor
>> udp 0 0 127.0.0.1:53
>> 0.0.0.0:* 0 23091
>> 5036/pdns_recursor
>> root at TESTSERVER:~# dig ws.igspn.com @localhost
>>
>> ; <<>> DiG 9.9.5-3ubuntu0.19+esm9-Ubuntu <<>> ws.igspn.com @localhost
>> ;; global options: +cmd ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29960 ;; flags:
>> qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;ws.igspn.com. IN A
>>
>> ;; Query time: 3037 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Thu Feb 02 11:47:05 CET 2023
>> ;; MSG SIZE rcvd: 30
>>
>> root at TESTSERVER:~#
>>
>> best regards,
>> Markus
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Pdns-users <pdns-users-bounces at mailman.powerdns.com> Im Auftrag
>> von Winfried Angele via Pdns-users
>> Gesendet: Donnerstag, 2. Februar 2023 11:29
>> An: pdns-users at mailman.powerdns.com
>> Betreff: Re: [Pdns-users] Problems with PowerDNS and specific Domain
>>
>> ----------------------------------------------------------------------------------------------------
>> ACHTUNG: Diese Nachricht kommt von Extern
>>
>> Links und Anhänge können Schadcode enthalten oder nachladen.
>> Auffällige E-Mails zur Prüfung bitte an virencheck at komsa.de weiterleiten.
>> ----------------------------------------------------------------------------------------------------
>>
>>
>>
>>
>> Hello Markus,
>>
>> The Authoritative nameservers does not talk to your Recursors (timeouts):
>>
>> Feb 2 08:33:39 ns1 pdns_recursor[916]: ws.igspn.com: Trying IP
>> 62.128.193.35:53, asking 'ws.igspn.com|A'
>> Feb 2 08:33:39 ns1 pdns_recursor[916]: ws.igspn.com: timeout
>> resolving after 1574.81msec Feb 2 08:33:39 ns1 pdns_recursor[916]:
>> ws.igspn.com: Trying to resolve NS 'ns2.namecity.com' (2/2) Feb 2
>> 08:33:39 ns1 pdns_recursor[916]: ws.igspn.com: Resolved 'igspn.com' NS
>> ns2.namecity.com to: 84.22.161.171 Feb 2 08:33:39 ns1
>> pdns_recursor[916]: ws.igspn.com: Trying IP 84.22.161.171:53, asking
>> 'ws.igspn.com|A'
>> Feb 2 08:33:39 ns1 pdns_recursor[916]: ws.igspn.com: timeout
>> resolving after 1514.68msec Feb 2 08:33:39 ns1 pdns_recursor[916]:
>> ws.igspn.com: Failed to resolve via any of the 2 offered NS at level
>> 'igspn.com'
>>
>> This might mean that your Recursor IP addresses are blocked there or
>> it is a routing problem.
>>
>> Winfried
>>
>>
>> On 02.02.23 11:13, Markus Ehrlicher via Pdns-users wrote:
>>> Hello together,
>>>
>>> since a few days, we have massive problems with DNS-lookup for a
>>> specific domain (ws.igspn.com) from our two recursors (PDNS-Recursor
>>> 4.8.2 on Ubuntu 18.04LTS). On my first investigation, I thought that
>>> bad latency to the responsible nameservers is the problem, but if I
>>> do a forward-zones-recurse to Google
>>> (forward-zones-recurse=igspn.com=8.8.8.8), everything works like a
>>> charm. I traced both lookups, but I can't find a clue, what could be
>>> wrong on our side. Can someone test from another location, to rule
>>> out that it is a PowerDNS problem? Any other suggestions?
>>> ...
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list