Hi Pieter, dnssec=off did the trick indeed. Hope you can fix this, because dnssec was the reason I went to 4.x in the first place :)
If I can be of any help here, just let me know. Best regards. > Am 09.03.2016 um 10:05 schrieb Pieter Lexis <pieter.le...@powerdns.com>: > > Hi Michael, > > Please keep replies on the mailinglist (mails reproduced below). > > Judging by your log and some of my testing, I think you uncovered a bug in > the DNSSEC implementation. Could you try this with `dnssec=off` in the > recursor.conf? > > Best regards, > > Pieter > > On Wed, 9 Mar 2016 07:46:49 +0100 > Bit World Computing - Michael Mertel <michael.mer...@bwc.de> wrote: > >> Hello Pieter, >> >> thanks for helping me out on this. >> >>> Am 08.03.2016 um 18:57 schrieb Pieter Lexis <pieter.le...@powerdns.com>: >>> >>> Hello Michael, >>> >>> On Tue, 8 Mar 2016 16:32:26 +0100 >>> Bit World Computing - Michael Mertel <michael.mer...@bwc.de> wrote: >>> >>>> I was wondering why an apt-get update cannot resolve repo.powerdns.com, >>>> but a ping is able to do so. This only happens if /etc/resolv.conf points >>>> to my recursor. If I use 8.8.8.8 as nameserver everything works as >>>> expected. >>>> >>>> This is somewhat strange, because 8.8.8.8 is the forwarding dns for my >>>> local recursor. >>> >>> Do you use the `forward-zones-recurse`[1] or the `forward-zones`[2] option? >>> When forwarding to google (8.8.8.8), the `forward-zone-recurse` option is >>> needed (i.e. `forward-zones-recurse=.=8.8.8.8` in your recursor.conf). This >>> will set the Recursion Desired-bit on the query sent out. Google sends >>> SERVFAIL to clients without the RD-bit set. >>> >> I currently use this forward statements in my recursor.conf: >> >> forward-zones-file=/etc/powerdns/forward-zones >> forward-zones-recurse=.=8.8.8.8 >> >> The forward-zones file points to some internal nameservers, all 8.8.8.8 >> related is done through forward-zones-recurse. >> >> >>> If this is the case and you still have these issues, could you enable the >>> `trace`[3] option and query your local resolver for repo.powerdns.com and >>> email the traces? >>> >> I attached the trace log, hope it includes everything you need. I tried to >> kept the noise as low as possible, but some other systems queried the >> recursor as well. >> >>>> Maybe it’s how the apt-get tries to resolve the name? The only thing I >>>> found was, that getent is not returning the correct results. >>> >>> apt, ping and getent all seem to use the getaddrinfo(3) call. >>> >> I was 100% sure that a ping worked, but it do not work now, >> repo.powerdns.com is not resolving anywhere. repo1.powerdns.com is a >> different story: >> >> root@dns-1:/var/log# ping repo.powerdns.com >> ping: unknown host repo.powerdns.com >> root@dns-1:/var/log# getent hosts repo1.poerdns.com >> root@dns-1:/var/log# ping repo1.powerdns.com >> PING repo1.powerdns.com (188.166.116.224) 56(84) bytes of data. >> 64 bytes from repo1.powerdns.com (188.166.116.224): icmp_seq=1 ttl=58 >> time=42.9 ms >> 64 bytes from repo1.powerdns.com (188.166.116.224): icmp_seq=2 ttl=58 >> time=42.9 ms > > > On Wed, 9 Mar 2016 08:28:05 +0100 > Bit World Computing - Michael Mertel <michael.mer...@bwc.de> wrote: > >> Hi Pieter, >> >> sorry I overlooked a typo. >> >> root@dns-1:/var/log# getent hosts repo.powerdns.com >> 2a03:b0c0:2:d0::4a4:6001 repo1.powerdns.com repo.powerdns.com >> root@dns-1:/var/log# getent hosts repo1.powerdns.com >> 2a03:b0c0:2:d0::4a4:6001 repo1.powerdns.com >> >> Does this mean my recursor is preferring ipv6 over ipv4. I don’t use ipv6 at >> all. >> >> > -- > Pieter Lexis > PowerDNS.COM BV -- https://www.powerdns.com -- IT-Security Lösungen von DELL SonicWALL und Sophos von Ihrem zertifizierten Partner Bit World Computing. Michael Mertel Inhaber / company owner Bit World Computing e.K. Wredestraße 18 97082 Wuerzburg Deutschland / Germany Fon: +49 (0)931 45335-0 Fax: +49 (0)931 45335-99 E-Mail: michael.mer...@bwc.de <mailto:michael.mer...@bwc.de> GoogleTalk / Skype: bwc.michael Web: http://www.bwc.de <http://www.bwc.de/> Amtsgericht Wuerzburg HRA 4937, Ust-ID DE155288065 Geschäftsführer / company owner: Michael Mertel BWC ... one bit ahead ... since 1993
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
