Hi Brian sudo rec_control version *4.3.0*
sudo dpkg -l | grep pdns-recursor *ii pdns-recursor 4.3.0-1pdns.bionic amd64 PowerDNS Recursor* No queries arrive at all even with negative trust anchor: sudo rec_control get-ntas *Configured Negative Trust Anchors:domain.sec* Same result disabling DNSSEC at all. Thanks On Fri, 20 Mar 2020 at 12:03, Brian Candler <b.cand...@pobox.com> wrote: > On 20/03/2020 10:56, Giovanni Vecchi via Pdns-users wrote: > > @Brian: my bad, my local domain isn't an ".local" one but ".sec", so > please consider domain.sec as root domain > The current behaviour is that public root domain are queried for every > *.domain.sec from recursor instead the authoritative one! > My conf: > > config-dir=/etc/powerdns > local-address=0.0.0.0 > local-port=53 > setgid=pdns > setuid=pdns > allow-from=0.0.0.0 > logging-facility=1 > loglevel=9 > quiet=no > version-string=Mind your own business… > webserver=yes > webserver-address=0.0.0.0 > webserver-allow-from=127.0.0.1 > webserver-port=8082 > api-key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > forward-zones=domain.sec=127.0.0.1:5300 > > Do no queries arrive at 127.0.0.1:5300 at all? What version of > pdns-recursor are you using? > > It's possible that you need to set a negative trust anchor for > domain.sec. See: > > https://doc.powerdns.com/recursor/dnssec.html#negative-trust-anchors > > > -- <http://www.certego.net/> Giovanni Vecchi Infrastructure Lead Engineer, Certego +39-059-7353333 <http://www.linkedin.com/company/certego> <http://twitter.com/Certego_IRT> <http://github.com/certego> <http://www.youtube.com/CERTEGOsrl> <http://plus.google.com/117641917176532015312> Use of the information within this document constitutes acceptance for use in an "as is" condition. There are no warranties with regard to this information; Certego has verified the data as thoroughly as possible. Any use of this information lies within the user's responsibility. In no event shall Certego be liable for any consequences or damages, including direct, indirect, incidental, consequential, loss of business profits or special damages, arising out of or in connection with the use or spread of this information.
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users