[Pdns-users] pdns recursor forward zone to consul

prochazka at cortex.cz prochazka at cortex.cz
Thu Aug 15 09:56:08 UTC 2024 

Ok,

my fail. Pdns recursor returns

;; ANSWER SECTION:
master.testcluster.service.consul. 1 
IN	CNAME	test-patroni-02.sub.domain.tld
test-patroni-02.sub.domain.tld.	3581 IN	A	192.168.200.202

TTL 1 is ok for me.

So i just need to handle dnssec setting someway. The problem is 
resolved.

Thanks.

Dne 2024-08-13 10:26, Prochazka via Pdns-users napsal:
> Hi,
> 
> CZ domain is signed by CZNIC, but cortex.cz and it's subdomains aren't
> signed. We don't use lua yet so i tried to set "dnssec=off" and it's
> done = working.
> 
> This come to second question. Consul returns ttl 0, dnsmasq returns by
> default ttl 0 too. Recursor returns with ttl 3600, those are unchanged
> defaults:
> 
> # max-cache-bogus-ttl	maximum number of seconds to keep a Bogus
> (positive or negative) cached entry in memory
> # max-cache-bogus-ttl=3600
> # max-cache-ttl	maximum number of seconds to keep a cached entry in 
> memory
> # max-cache-ttl=86400
> # max-negative-ttl	maximum number of seconds to keep a negative cached
> entry in memory
> # max-negative-ttl=3600
> # minimum-ttl-override	The minimum TTL
> # minimum-ttl-override=1
> 
> So it's handled with max-cache-bogus-ttl? And setting it per domain
> will require lua?
> 
> Thanks
> Martin Prochazka
> 
> Dne 2024-08-09 16:37, Peter van Dijk via Pdns-users napsal:
>> On Tue, 2024-08-06 at 09:30 +0200, Prochazka via Pdns-users wrote:
>>> Hi,
>>> 
>>> i set forward-zone for consul domain in the recursor, but queries 
>>> fail.
>>> 
>>> Tested consul nodes are 192.168.200.205-207.
>>> Tested patroni nodes (vith consul agent) are 192.168.200.201-202,
>>> current master is test-patroni-02.sub.domain.tld (.202)
>>> Tested recursor node 192.168.200.55
>>> 
>>> Working query via dnsmasq (local) test-patroni-01 node:
>>> 
>>> Pdns-recursor config snippet:
>>> ...
>>> forward-zones+=...
>>> forward-zones+=...
>>> forward-zones+=...
>>> forward-zones+=consul=192.168.200.205:8600;192.168.200.206:8600;192.168.200.207:8600
>>> #tryied with forward-zones-recure too
>>> 
>>> Failing query via pdns-recursor, client to pdns:
>>> 09:00:28.995582 IP 192.168.200.201.39364 > 192.168.200.55.domain: 
>>> 62027+
>>> [1au] A? master.testcluster.service.consul. (74)
>>> 09:00:30.980241 IP 192.168.200.55.domain > 192.168.200.201.39364: 
>>> 62027
>>> ServFail 0/0/1 (62)
>> 
>> Please read the IMPORTANT note at
>> https://doc.powerdns.com/recursor/settings.html?highlight=forward#forward-zones
>> and see if it helps.
>> 
>> Kind regards,
> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list