[Pdns-users] pdns-recursor help
Otto Moerbeek
otto at drijf.net
Sun Feb 18 07:30:30 UTC 2024
On Sat, Feb 17, 2024 at 06:07:16PM -0800, Bill MacAllister wrote:
> On 2024-02-17 12:08, Bill MacAllister via Pdns-users wrote:
> > On 2024-02-17 00:31, Otto Moerbeek wrote:
>
> > > Your recursor is not able to get an answer from the root servers, at
> > > least not for DS queries.
> > >
> > > A run with --trace as a command line option will reveal more details
> > > of what is going on.
> > >
> > > Also: please show your config file.
> > >
> > > -Otto
> >
> > Here is my configuration file: https://pastebin.com/jatVMq42
> >
> > BUT, this morning the recursor was working for a bit. Now it is
> > failing again. I suspect comcast, but only because I have not made
> > any changes to my internal network. Gremlins are other suspects.
> >
> > Here is the command line that I used to get a trace:
> >
> > /usr/sbin/pdns_recursor --daemon=no --write-pid=no \
> > --log-timestamp=no --trace --socket-dir=/run
> >
> > The trace output is here: https://pastebin.com/Bke0qXtJ
>
> Okay, I set "dnssec=off" and look ups are working now. Guess I
> need to educate myself about dnssec. I would like to make the
> dnssec default work if I can. Pointers welcomed.
>
> Bill
Looking at the trace your upstream mangles DNS. DNSSEC was designed to
prtotect against that.
-Otto
More information about the Pdns-users
mailing list