Hi Tamer, On 21-Jul-2019 22:10 CEST, <tame...@gmail.com> wrote:
> Hello, > > I have setup PowerDNS 4.2.0-rc2 through the CentOS 7 repository. Everything > works fine except SOA replies in AUTHORITY SECTIONs with DNSSEC enabled. We > are testing the domain through the well-known validator Internet.nl and it > results in a BOGUS validation. They state that it's because test.nizari.nl > is not returning SOA records in the AUTHORITY SECTION. so the zone you're testing with is test.nizari.nl, right? It seems there's no delegation for this zone, hence no SOA. > The following works and returns a proper SOA answer: > dig soa nizari.nl > dig soa test.nizari.nl @ns1.nizari.nl > dig soa test.nizari.nl @1.1.1.1 > dig soa test.nizari.nl @8.8.8.8 +cd > > The following does not work and results in a SERVFAIL: > dig soa test.nizari.nl > dig soa test.nizari.nl @8.8.8.8 > > Is this normal behaviour or is there something wrong with my config? The > nameservers run simply in a MySQL cluster. > > pdns.conf: > local-address=0.0.0.0 > local-ipv6=:: > local-port=5300 > launch=gmysql,geoip > gmysql-host= > gmysql-user= > gmysql-dbname= > gmysql-password= > geoip-database-files > loglevel=9 > enable-lua-records=yes > edns-subnet-processing=yes > log-dns-queries=yes > gmysql-dnssec=yes > disable-syslog=yes > resolver=8.8.8.8,[2001:4860:4860::8888] Also, why are you using the 'resolver' setting without 'expand-alias'? This setting is not meant to specify the resolver to send recursive requests to, but is related to the ALIAS records (https://doc.powerdns.com/authoritative/guides/alias.html). Cheers, -- Nico > If there is something wrong with my config, why does 1.1.1.1 work and > 8.8.8.8 not? > I see no errors in the logs and all other DNS related stuff is working. > > DNSVIZ results are OK. > > Any help or tips can be of use, I have been debugging this for three days > now. Thank you for reading! _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users