Hi Tony,
So from what I understand, your issue is with resolving domains that are not
yours through the PowerDNS Recursor?
And that your authoritative servers are not involved in this issue?
Which version of the PowerDNS Recursor do you run? Please note that version 3.3
is rather more strict in its interpretation of DNS rules than 3.5.1, and that
this might be the issue.
Does the log file have anything relevant to say? Are the domains you mention
the specific ones with issues, or is it generic .au, .uk?
Bert
On May 24, 2013, at 7:53 PM, Tony DeMatteis wrote:
> Hello,
>
> We have PDNS running for several years w/o any issues. Our setup is two
> Authoritative, two resolvers, and a mySQL backend. Problem that has been
> brought to my attention by customers is that certain domains are unreachable.
> I can reach those sites reported via the IP Address. Google resolves the
> site(s) fine. We've verified reachability from other ISP's, i.e. they
> resolve the domains. I don't have any firewall rules that would prohibit
> reaching an key IP. Here's what I see.
>
> Thank you for your input!!
>
> tonyd
>
>
> # dig my primary resolver (same for secondary)
> root@tonyd# dig @216.19.2.83 unitedserviceclub.com.au
>
> ; <<>> DiG 9.7.3 <<>> @216.19.2.83 unitedserviceclub.com.au
> ; (1 server found)
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
>
>
>
> # dig my primary resolver a second time
> root@tonyd# dig @216.19.2.83 unitedserviceclub.com.au
>
> ; <<>> DiG 9.7.3 <<>> @216.19.2.83 unitedserviceclub.com.au
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6159
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;unitedserviceclub.com.au. IN A
>
> ;; Query time: 2459 msec
> ;; SERVER: 216.19.2.83#53(216.19.2.83)
> ;; WHEN: Fri May 24 10:39:51 2013
> ;; MSG SIZE rcvd: 42
>
>
>
> # dig my primary authoritative
> root@tonyd# dig @216.19.2.80 unitedserviceclub.com.au
>
> ; <<>> DiG 9.7.3 <<>> @216.19.2.80 unitedserviceclub.com.au
> ; (1 server found)
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
>
>
>
> # dig primary resolver with +norec
> root@tonyd# dig @216.19.2.83 unitedserviceclub.com.au +norec
>
> ; <<>> DiG 9.7.3 <<>> @216.19.2.83 unitedserviceclub.com.au +norec
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12017
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;unitedserviceclub.com.au. IN A
>
> ;; AUTHORITY SECTION:
> com.au. 101509 IN NS w.au.
> com.au. 101509 IN NS x.au.
> com.au. 101509 IN NS y.au.
> com.au. 101509 IN NS z.au.
>
> ;; ADDITIONAL SECTION:
> z.au. 101469 IN A 37.209.198.2
> y.au. 101469 IN A 37.209.196.2
> w.au. 101469 IN A 37.209.192.2
> x.au. 101469 IN A 37.209.194.2
>
> ;; Query time: 1 msec
> ;; SERVER: 216.19.2.83#53(216.19.2.83)
> ;; WHEN: Fri May 24 10:40:01 2013
> ;; MSG SIZE rcvd: 170
>
>
> # dig 8.8.8.8 BINGO!
> root@tonyd# dig @8.8.8.8 unitedserviceclub.com.au
>
> ; <<>> DiG 9.7.3 <<>> @8.8.8.8 unitedserviceclub.com.au
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39625
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;unitedserviceclub.com.au. IN A
>
> ;; ANSWER SECTION:
> unitedserviceclub.com.au. 1800 IN A 68.171.219.193
>
> ;; Query time: 188 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Fri May 24 10:41:01 2013
> ;; MSG SIZE rcvd: 58
>
>
>
> # dig Random site from our resolvers
> root@tonyd# dig @216.19.2.83 devry.edu
>
> ; <<>> DiG 9.7.3 <<>> @216.19.2.83 devry.edu
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36779
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;devry.edu. IN A
>
> ;; ANSWER SECTION:
> devry.edu. 600 IN A 166.78.67.22
>
> ;; AUTHORITY SECTION:
> devry.edu. 600 IN NS adns1.devry.net.
> devry.edu. 600 IN NS adns3.devry.net.
> devry.edu. 600 IN NS adns4.devry.net.
> devry.edu. 600 IN NS adns2.devry.net.
>
> ;; ADDITIONAL SECTION:
> adns2.devry.net. 3599 IN A 206.209.110.52
> adns1.devry.net. 3599 IN A 206.209.110.51
> adns3.devry.net. 3599 IN A 206.209.104.51
> adns4.devry.net. 3599 IN A 206.209.104.52
>
> ;; Query time: 200 msec
> ;; SERVER: 216.19.2.83#53(216.19.2.83)
> ;; WHEN: Fri May 24 10:45:53 2013
> ;; MSG SIZE rcvd: 196
>
>
>
> root@tonyd# dig @216.19.2.83 earthlink.net
>
> ; <<>> DiG 9.7.3 <<>> @216.19.2.83 earthlink.net
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62913
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 2, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;earthlink.net. IN A
>
> ;; ANSWER SECTION:
> earthlink.net. 1794 IN A 209.86.93.205
> earthlink.net. 1794 IN A 209.86.93.206
> earthlink.net. 1794 IN A 209.86.93.207
> earthlink.net. 1794 IN A 209.86.93.208
> earthlink.net. 1794 IN A 209.86.93.209
> earthlink.net. 1794 IN A 209.86.93.210
> earthlink.net. 1794 IN A 209.86.93.211
> earthlink.net. 1794 IN A 209.86.93.201
> earthlink.net. 1794 IN A 209.86.93.202
> earthlink.net. 1794 IN A 209.86.93.203
> earthlink.net. 1794 IN A 209.86.93.204
>
> ;; AUTHORITY SECTION:
> earthlink.net. 839 IN NS scratchy.earthlink.net.
> earthlink.net. 839 IN NS itchy.earthlink.net.
>
> ;; Query time: 0 msec
> ;; SERVER: 216.19.2.83#53(216.19.2.83)
> ;; WHEN: Fri May 24 10:46:24 2013
> ;; MSG SIZE rcvd: 250
>
>
>
> _______________________________________________
> Pdns-users mailing list
> [email protected]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
