[Pdns-users] pdns_recursor issue

Peter van Dijk peter.van.dijk at powerdns.com
Thu Jan 26 16:28:21 UTC 2023

Hi Arien,

On Thu, 2023-01-26 at 13:30 +0100, Arien Vijn via Pdns-users wrote:
> Greetings,
> We recently upgraded pdns_recursor from version 4.4.5 to 4.8.0. It seems that we run in into the following issue ever since.
> 1/ Client queries for an A-record for xdsl-serviceweb.kpn.com.
> 2/ Recursor queries the domain tree and receives the CNAME-record that points to: xdsl-c-serviceweb.gslb.kpn.com. from the authoritative DNS server.
> 3/ Recursor queries and receives the subsequent an A-record from the authoritative DNS server for that A-record.
> 4/ Recursor answers the client mentioned in 1/.
> So far so good, until the A-record of xdsl-c-serviceweb.gslb.kpn.com. expires out of the 'main record cache' but not from the 'main packet cache'. The CNAME remains in both caches. Please note this excerpt from: rec_control dump-cache below:

After some brief investigation we somewhat suspect this is aggressive
NSEC caching. Can you see if aggressive-nsec-cache-size=0 makes the
problem go away?

Kind regards,
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

More information about the Pdns-users mailing list