Hi Steven, There are a couple of problems with your domain that prevent it from functioning correctly.
First up, it seems like the ns1/ns2/ns3.opensourceserver.io <http://ns3.opensourceserver.io/> glue records at the .IO cctld are all registered with the same IP address. That's probably not correct? ; <<>> DiG 9.10.6 <<>> A ns3.opensourceserver.io @a2.nic.io ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7480 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;ns3.opensourceserver.io. IN A ;; AUTHORITY SECTION: opensourceserver.io. 86400 IN NS ns3.opensourceserver.io. opensourceserver.io. 86400 IN NS ns1.opensourceserver.io. opensourceserver.io. 86400 IN NS ns2.opensourceserver.io. ;; ADDITIONAL SECTION: ns3.opensourceserver.io. 86400 IN A 76.76.238.10 ns2.opensourceserver.io. 86400 IN A 76.76.238.10 ns1.opensourceserver.io. 86400 IN A 76.76.238.10 When I query the SOA record at the real IPs (as listed in the zone itself, not the glue records) I get a REFUSED when I query ip 47.225.208.154 and no reply at all when I query 207.177.51.156. Best to verify the configurations on those hosts (firewall, allow-query lists etc). Kind Regards, Frank > On May 7, 2021, at 7:14 AM, Steven Garner via Pdns-users > <pdns-users@mailman.powerdns.com> wrote: > > I have a noob question about DNS forwarding - just implemented pdns version > 4.2.1 on three servers on separate networks, intending for one to be a master > (primary) and the other two to be slaves (secondaries). So far I love it, > but I think I may be doing something wrong with DNS forwarding. > > I have records for some 383 domains in MySQL as a backend. > > I have the master set up with: > > master=yes > > ... and the slaves set up with: > > slave=yes > > ... all in /etc/powerdns/pdns.conf > > Also the master/slave state is configured on a per domain basis in the > domains table with the type column set to either MASTER or SLAVE > respectively. The slave has the master node IP addresses set for each domain > in the master column in the domains table. > > dig would seem to indicate that everything is working fine: > > ========================================== > > dig soa opensourceserver.io <http://opensourceserver.io/> > @ns3.opensourceserver.io <http://ns3.opensourceserver.io/> > > ; <<>> DiG 9.10.6 <<>> soa opensourceserver.io <http://opensourceserver.io/> > @ns3.opensourceserver.io <http://ns3.opensourceserver.io/> > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6728 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 1232 > ;; QUESTION SECTION: > ;opensourceserver.io <http://opensourceserver.io/>. IN SOA > > ;; ANSWER SECTION: > opensourceserver.io <http://opensourceserver.io/>. 86400 IN SOA > ns1.opensourceserver.io <http://ns1.opensourceserver.io/>. > hostmaster.embode.net <http://hostmaster.embode.net/>. 2021050501 10380 3600 > 1814400 3796 > > ;; Query time: 168 msec > ;; SERVER: 47.225.208.154#53(47.225.208.154) > ;; WHEN: Fri May 07 00:01:21 CDT 2021 > ;; MSG SIZE rcvd: 147 > > ========================================== > > Yet other methods seem to indicate there may be problems: > > 1) When I test opensourceserver.io <http://opensourceserver.io/> on > https://mxtoolbox.com/SuperTool.aspx?action=dns > <https://mxtoolbox.com/SuperTool.aspx?action=dns>, it shows a good response > from the master but no response from the slaves, stating that: > > At least one name server failed to respond in a timely manner > Failure detail: 207.177.51.156 <br/>Failure detail: 47.225.208.154 > > The slave servers are i3 class machines running on gigabit optical Internet > connections, so I think there may be other issues? > > 2) When I test opensourceserver.io <http://opensourceserver.io/> on > https://www.site24x7.com/dns-lookup.html > <https://www.site24x7.com/dns-lookup.html>, it states there is a "Possible > DNS forwarding issue." for each server. > > > Steve Garner > +1 302 364 0325 (USA) > stevenjgar...@gmail.com > <mailto:stevenjgar...@gmail.com>_______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
