I don't think that is the issue. From the recursor logs, see the bolded part: I therefore think I do not need to. Besides, it is answering queries for domains other than those whose DNS servers are hosted within my forwarders space.
Apr 8 15:48:15 jaribu pdns_recursor[87243]: Operating in 64 bits mode Apr 8 15:48:15 jaribu pdns_recursor[87243]: Reading random entropy from '/dev/urandom' *Apr 8 15:48:15 jaribu pdns_recursor[87243]: Only allowing queries from: 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16,* 172.16.0.0/12, ::1/128, fe80::/10 Apr 8 15:48:15 jaribu pdns_recursor[87243]: Will not send queries to: 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 17 2.16.0.0/12, ::1/128, fe80::/10, 0.0.0.0, :: Apr 8 15:48:15 jaribu pdns_recursor[87243]: NOT using IPv6 for outgoing queries - set 'query-local-address6=::' to enable Apr 8 15:48:15 jaribu pdns_recursor[87243]: Inserting rfc 1918 private space zones Apr 8 15:48:15 jaribu pdns_recursor[87243]: Listening for UDP queries on 127.0.0.1:53 Apr 8 15:48:15 jaribu pdns_recursor[87243]: Listening for TCP queries on 127.0.0.1:53 Apr 8 15:48:15 jaribu pdns_recursor[87243]: Calling daemonize, going to background Apr 8 15:48:15 jaribu pdns_recursor[87247]: Launching 2 threads Apr 8 15:48:15 jaribu pdns_recursor[87247]: Done priming cache with root hints Apr 8 15:48:15 jaribu pdns_recursor[87247]: Done priming cache with root hints Apr 8 15:48:15 jaribu pdns_recursor[87247]: Enabled 'kqueue' multiplexer Apr 8 15:48:16 jaribu pdns_recursor[87247]: Refreshed . records On 8 April 2013 12:45, abang <[email protected]> wrote: > Don't know what went wrong. But you should add 127.0.0.1 to allow-from if > you ask from 127.0.0.1 > > > > Am 08.04.2013 11:32, schrieb Odhiambo Washington: > >> I have a situation with pdns-recursor that I need help with. >> >> I am running it on 127.0.0.1:53 <http://127.0.0.1:53> >> >> >> My configuration is as below: >> >> allow-from=192.168.0.0/16 <http://192.168.0.0/16> >> >> #allow-from= >> dont-query= >> config-dir=/usr/local/etc/pdns >> daemon=yes >> quiet=yes >> etc-hosts-file=/etc/hosts >> export-etc-hosts=yes >> forward-zones-recurse=.=196.**200.16.2,.=196.200.16.27 >> local-address=127.0.0.1 >> local-port=53 >> log-common-errors=yes >> logging-facility=0 >> socket-dir=/var/run/ >> threads=18 >> trace=on >> >> Now, those two IPs listed in forward-zones-recurse are my ISPs DNS >> servers. >> The problem is that whenever I do an nslookup for any domains whose DNS >> records are handled by my ISP, including my ISPs domain name itself, I >> get a failure. I however get success when I query for domains outside my >> ISPs DNS servers: >> >> Here are my test results: >> >> [root@jaribu] /usr/local/etc/pdns# nslookup www.accesskenya.com >> <http://www.accesskenya.com> >> >> ;; Got SERVFAIL reply from 127.0.0.1, trying next server >> ;; connection timed out; no servers could be reached >> >> [root@jaribu] /usr/local/etc/pdns# nslookup www.gmail.com >> <http://www.gmail.com> >> >> Server: 127.0.0.1 >> Address: 127.0.0.1#53 >> >> Non-authoritative answer: >> www.gmail.com <http://www.gmail.com> canonical name = mail.google.com >> <http://mail.google.com>. >> mail.google.com <http://mail.google.com> canonical name = >> googlemail.l.google.com >> <http://googlemail.l.google.**com<http://googlemail.l.google.com> >> >. >> Name: googlemail.l.google.com >> <http://googlemail.l.google.**com<http://googlemail.l.google.com> >> > >> Address: 173.194.34.117 >> Name: googlemail.l.google.com >> <http://googlemail.l.google.**com<http://googlemail.l.google.com> >> > >> >> Address: 173.194.34.118 >> >> [root@jaribu] /usr/local/etc/pdns# nslookup gw.cmehtanbo.com >> <http://gw.cmehtanbo.com> >> >> ;; Got SERVFAIL reply from 127.0.0.1, trying next server >> ;; connection timed out; no servers could be reached >> >> [root@jaribu] /usr/local/etc/pdns# nslookup gw.kictanet.or.ke >> <http://gw.kictanet.or.ke> >> >> Server: 127.0.0.1 >> Address: 127.0.0.1#53 >> >> Non-authoritative answer: >> Name: gw.kictanet.or.ke <http://gw.kictanet.or.ke> >> >> Address: 62.8.64.102 >> >> >> >> Is it that my configuration is bungled or that of my ISP is? Or is this >> something known? >> >> >> >> -- >> Best regards, >> Odhiambo WASHINGTON, >> Nairobi,KE >> +254733744121/+254722743223 >> "I can't hear you -- I'm using the scrambler." >> > > > ______________________________**_________________ > Pdns-users mailing list > [email protected].**com <[email protected]> > http://mailman.powerdns.com/**mailman/listinfo/pdns-users<http://mailman.powerdns.com/mailman/listinfo/pdns-users> > -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
