Hi, On 08/03/2017 09:37 PM, Charles Sprickman wrote: > FWIW, “trace-regex” gave me an error, so I just did a full trace and > then cleaned up the results. > > https://gist.github.com/sporkman/1b1b01a3b33ca3e2029728cb90a1eee8 > >> We can then find out the problem for you, or perhaps you see it already. > > I don’t see it, I can’t really follow since I’m actually seeing many of > the records I want but then it all seems to fall apart at the end…
So, the recursor sends UDP queries asking the answer for dot.nyc.gov MX to the authoritative NS for nyc.gov, vwall1a.nyc.gov, vwall2a.nyc.gov, vwall3a.nyc.gov and vwall4a.nyc.gov for but never get an answer from any of them. Given that it previously did get an answer from vwall1a.nyc.gov for dot.nyc.gov A and that the answer for MX is much larger than the one for A, it looks like a UDP fragmentation issue at the network level. Can you check whether Bind get an answer over UDP or if it has to fallback to TCP? -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
