[Pdns-users] pdns recursor forward zone to consul

prochazka at cortex.cz prochazka at cortex.cz
Tue Aug 13 08:26:27 UTC 2024 

Hi,

CZ domain is signed by CZNIC, but cortex.cz and it's subdomains aren't 
signed. We don't use lua yet so i tried to set "dnssec=off" and it's 
done = working.

This come to second question. Consul returns ttl 0, dnsmasq returns by 
default ttl 0 too. Recursor returns with ttl 3600, those are unchanged 
defaults:

# max-cache-bogus-ttl	maximum number of seconds to keep a Bogus 
(positive or negative) cached entry in memory
# max-cache-bogus-ttl=3600
# max-cache-ttl	maximum number of seconds to keep a cached entry in 
memory
# max-cache-ttl=86400
# max-negative-ttl	maximum number of seconds to keep a negative cached 
entry in memory
# max-negative-ttl=3600
# minimum-ttl-override	The minimum TTL
# minimum-ttl-override=1

So it's handled with max-cache-bogus-ttl? And setting it per domain will 
require lua?

Thanks
Martin Prochazka

Dne 2024-08-09 16:37, Peter van Dijk via Pdns-users napsal:
> On Tue, 2024-08-06 at 09:30 +0200, Prochazka via Pdns-users wrote:
>> Hi,
>> 
>> i set forward-zone for consul domain in the recursor, but queries 
>> fail.
>> 
>> Tested consul nodes are 192.168.200.205-207.
>> Tested patroni nodes (vith consul agent) are 192.168.200.201-202,
>> current master is test-patroni-02.sub.domain.tld (.202)
>> Tested recursor node 192.168.200.55
>> 
>> Working query via dnsmasq (local) test-patroni-01 node:
>> 
>> Pdns-recursor config snippet:
>> ...
>> forward-zones+=...
>> forward-zones+=...
>> forward-zones+=...
>> forward-zones+=consul=192.168.200.205:8600;192.168.200.206:8600;192.168.200.207:8600
>> #tryied with forward-zones-recure too
>> 
>> Failing query via pdns-recursor, client to pdns:
>> 09:00:28.995582 IP 192.168.200.201.39364 > 192.168.200.55.domain: 
>> 62027+
>> [1au] A? master.testcluster.service.consul. (74)
>> 09:00:30.980241 IP 192.168.200.55.domain > 192.168.200.201.39364: 
>> 62027
>> ServFail 0/0/1 (62)
> 
> Please read the IMPORTANT note at
> https://doc.powerdns.com/recursor/settings.html?highlight=forward#forward-zones
> and see if it helps.
> 
> Kind regards,

More information about the Pdns-users mailing list