> On Jul 29, 2017, at 5:19 AM, bert hubert <[email protected]> wrote: > > On Sat, Jul 29, 2017 at 12:19:11AM -0400, Charles Sprickman wrote: >> Here’s a few things I’ve tried: >> >> - Verify with DNSVIZ: http://dnsviz.net/d/dot.nyc.gov/dnssec/ >> - Update PowerDNS to powerdns-recursor-4.0.6 >> - Remove “scrub” rules from pf configuration >> - Change pf rules to be stateless >> - Look for denied traffic by running tcpdump against pflog device while >> performing query >> - Checked record by querying BIND on same host >> - Checked record elsewhere (successful) > > Thank you for specifying this in so much detail, very appreciated. > >> >> Any ideas where to start with this? Anyone else seeing the same issue with >> this record? > > We have not heard of this. What we recommend is to enable 'trace' or if that > is too much, 'trace-regex' for dot.nyc.gov. This will give a ton of detail > on what is going on.
FWIW, “trace-regex” gave me an error, so I just did a full trace and then cleaned up the results. https://gist.github.com/sporkman/1b1b01a3b33ca3e2029728cb90a1eee8 <https://gist.github.com/sporkman/1b1b01a3b33ca3e2029728cb90a1eee8> > We can then find out the problem for you, or perhaps you see it already. I don’t see it, I can’t really follow since I’m actually seeing many of the records I want but then it all seems to fall apart at the end… Thanks, Charles > > Good luck and let us know! > > Bert
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
