[Pdns-users] pdns-recursor help

Bill MacAllister bill at ca-zephyr.org
Sat Feb 17 20:08:08 UTC 2024 

On 2024-02-17 00:31, Otto Moerbeek wrote:
> On Sat, Feb 17, 2024 at 12:22:06AM -0800, Bill MacAllister via 
> Pdns-users wrote:
> 
>> I am new to Power DNS and am attempting to setup a Power DNS recursor
>> server.  I am using Debian bookworm and I have installed the 
>> pdns-recursor
>> package.  The server is listening and dig can connect to the server,
>> but dig returns a status of SERVFAIL.  What should I look at?  What am
>> I missing?
>> 
>> Ahh, finally figured out how to get queries into syslog.  Here is what 
>> I am
>> seeing there:
>> 
>> 2024-02-17T08:11:50.536920+00:00 zoot-bookworm pdns_recursor[10110]:
>> msg="Question" subsystem="syncres" level="0" prio="Info" tid="2"
>> ts="1708157510.535" ecs="" mtid="1" proto="udp" 
>> qname="web.stanford.edu"
>> qtype="A" remote="10.0.0.32:55021"
>> 
>> 2024-02-17T08:11:50.846316+00:00 zoot-bookworm pdns_recursor[10110]:
>> msg="Sending SERVFAIL during resolve" error="Server Failure while 
>> retrieving
>> DS records for edu" subsystem="syncres" level="0" prio="Notice" 
>> tid="2"
>> ts="1708157510.845" ecs="" mtid="1" proto="udp" 
>> qname="web.stanford.edu"
>> qtype="A" remote="10.0.0.32:55021"
>> 
>> 2024-02-17T08:11:50.846977+00:00 zoot-bookworm pdns_recursor[10110]:
>> msg="Answer" subsystem="syncres" level="0" prio="Info" tid="2"
>> ts="1708157510.846" additional="1" answers="0" dotout="0" ecs="" 
>> mtid="1"
>> netms="306.381000" outqueries="28" proto="udp" 
>> qname="web.stanford.edu"
>> qtype="A" rcode="2" rd="1" remote="10.0.0.32:55021" tcpout="0" 
>> throttled="0"
>> timeouts="0" totms="310.015000" validationState="Indeterminate"
>> 
>> Thanks in advance for your help,
>> 
>> Bill
> 
> Your recursor is not able to get an answer from the root servers, at
> least not for DS queries.
> 
> A run with --trace as a command line option will reveal more details
> of what is going on.
> 
> Also: please show your config file.
> 
> 	-Otto

Here is my configuration file: https://pastebin.com/jatVMq42

BUT, this morning the recursor was working for a bit.  Now it is
failing again. I suspect comcast, but only because I have not made
any changes to my internal network.  Gremlins are other suspects.

Here is the command line that I used to get a trace:

   /usr/sbin/pdns_recursor --daemon=no --write-pid=no \
         --log-timestamp=no --trace --socket-dir=/run

The trace output is here: https://pastebin.com/Bke0qXtJ

Thanks for your help,

Bill

-- 
My heart is warm with the friends I make,
   And better friends I'll not be knowing,
Yet there isn't a train I wouldn't take,
   No matter where it's going.

Edna St Vincent Millay

More information about the Pdns-users mailing list