I’ve been running a pdns_recursor install for a little over 11 months now, and
I had about 9 months’ uptime on the machine running it. Tonight, suddenly,
without my making any changes, ALL DNS queries through the recursor started
returning SERVFAIL. I spent the better part of an hour diagnosing it. Finally,
on a hunch, I enabled
"dnssec-log-bogus=yes," and voila. Every. Single. Request. Every domain. From
Google to Facebook to Microsoft. EVERYTHING was “Bogus.” (Important reminder
here: I didn’t make ANY changes.)
The only way I was able to get DNS working again was to change the dnssec
setting to "dnssec=process-no-validate.” But I sure don’t feel really good
about that.
Anyone have any clue what happened? Did the world break or something?
Nick
Here’s some diag info for whatever it’s worth:
Oct 11 21:19:51 PowerDNS Recursor 4.0.4 (C) 2001-2016 PowerDNS.COM BV
Oct 11 21:19:51 Using 32-bits mode. Built using gcc 4.9.2.
Oct 11 21:19:51 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free
software, and you are welcome to redistribute it according to the terms of the
GPL version 2.
Oct 11 21:19:51 Features: openssl lua
Oct 11 21:19:51 Configured with: " '--build=arm-linux-gnueabihf'
'--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
'--disable-silent-rules' '--libdir=${prefix}/lib/arm-linux-gnueabihf'
'--libexecdir=${prefix}/lib/arm-linux-gnueabihf' '--disable-maintainer-mode'
'--disable-dependency-tracking' '--sysconfdir=/etc/powerdns'
'--enable-reproducible' '--with-lua' '--with-protobuf=yes' '--enable-systemd'
'--with-systemd=/lib/systemd/system' 'build_alias=arm-linux-gnueabihf'
'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security'
'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now -latomic'
'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong
-Wformat -Werror=format-security
-DPACKAGEVERSION='\''"4.0.4-1~bpo8+1.Debian"'\'''"
_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users
