Hi, This is the first time posting to this board. If I am posting to the wrong list, sorry, and please advise where I should post this request for assistance.
We are setting up a new installation of pdns and recursor. We have been running pdns for a couple years without issue. I am attempting to implement recursor and pdns to avoid a potential DOS attack and pass security compliance, which under the current version I am running will not pass. Currently we have 3 servers running pdns 2.9.22 in a Centos 5.5 environment. Each with their own mysql slave db. Al l works great except for the DOS issue. I setup a new testing server with pdns 2.9.21 and recursor 3.3 also a Centos 5.5 box and I now pass security compliance, but am not getting the expected responses on DNS queries. I setup recursor to respond on port 53 and pdns to respond on 5300. recursor.conf entries # forward-zones= forward-zones=x.x.x.x:5300 local-port=53 pdns.conf entries local-address=x.x.x.x local-port=5300 If I query on a domain using dig I get the following error. "dig mytestdomain.com @ns5 ------------------ ; <<>> DiG 9.6.0-APPLE-P2 <<>> mytestdomain.com @ns5 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18559 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ; mytestdomain.com. IN A ;; Query time: 6 msec ;; SERVER: 209.3.87.44#53(209.3.87.44) ;; WHEN: Mon Dec 20 17:55:34 2010 ;; MSG SIZE rcvd: 28 ------------------ logs output - Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: Resolved 'mytestdomain.com.' NS ns5.mydomain. to: xx.xx.xx.xx Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: Trying IP xx.xx.xx.xx:53, asking 'mytestdomain.com.|A' Dec 20 17:43:25 xx pdns_recursor[9187]: 0 question answered from packet cache from xx.xx.xx.xx Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: Got 0 answers from ns5.mydomain.net. (xx.xx.xx.xx), rcode=0, in 3ms Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: determining status after receiving this packet Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: status=noerror, other types may exist, but we are done Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: Starting additional processing Dec 20 17:43:25 xx pdns_recursor[9187]: [3] mytestdomain.com.: Done with additional processing Dec 20 17:43:25 xx pdns_recursor[9187]: 0 [3] answer to question 'mytestdomain.com.|A': 0 answers, 0 additional, took 6 packets, 0 throttled, 0 timeouts, 0 tcp connections, rcode=0 Dec 20 17:43:59 xx pdns_recursor[9187]: 1 question answered from packet cache from xx.xx.xx.xx It looks as if it is trying the local dns server on 53, but it is not getting a reply. Also I do not see any queries hitting the database. If any additional information is needed, LMK Any help would be appreciated. Thanks, Patrick
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
