On Wed, Aug 24, 2022 at 03:39:06PM -0400, Holmes, Timothy wrote: > I dont believe we have those configured currently..at least not any named > way.. I do have: > > pdns-recursor.service - PowerDNS Recursor > Loaded: loaded (/lib/systemd/system/pdns-recursor.service; enabled; > vendor preset: enabled) > Active: active (running) since Wed 2022-08-24 15:19:00 EDT; 3s ago > Docs: man:pdns_recursor(1) > man:rec_control(1) > https://doc.powerdns.com > Main PID: 490386 (pdns_recursor) > Tasks: 5 (limit: 9437) > Memory: 10.1M > CGroup: /system.slice/pdns-recursor.service > └─490386 /usr/sbin/pdns_recursor --daemon=no --write-pid=no > --disable-syslog --log-timestamp=no > > Aug 24 15:19:00 cache1.holycross.edu pdns_recursor[490386]: Done priming > cache with root hints > Aug 24 15:19:00 cache1.holycross.edu pdns_recursor[490386]: Done priming > cache with root hints > Aug 24 15:19:00 cache1.holycross.edu pdns_recursor[490386]: Enabled 'epoll' > multiplexer > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: 187 > questions, 1221 cache entries, 19 negative entries, 1% cache hits > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: throttle > map: 1, ns speeds: 677, failed ns: 0, ednsmap: 257 > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: > outpacket/query ratio 250%, 0% throttled, 0 no-delegation drops > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: 5 > outgoing tcp connections, 18 queries running, 0 outgoing timeouts > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: 151 > packet cache entries, 6% packet cache hits > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: thread 0 > has been distributed 87 queries > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: thread 1 > has been distributed 98 queries
We need all the lines, starting with the Copyright banner. -Otto > > On Wed, Aug 24, 2022 at 3:35 PM Otto Moerbeek <o...@drijf.net> wrote: > > > On Wed, Aug 24, 2022 at 03:27:15PM -0400, Holmes, Timothy wrote: > > > > > Thanks Otto, definitely is the correct config file, if for instance I > > > change the host-hints-file look up to no, the service fails to load and > > > indicates it cant find the file named no (assume we're not on that > > version > > > yet... separate issue.. ) > > > > > > I conclude it's ignoring the forward zones recurse because at the > > > enterprise edge firewall the only dns lookups I see coming from the box > > (by > > > the vast volumes) and heading outside are heading to other name servers > > > than anything I specified. Looks like typical root hint type recursive > > > lookups. Not a single instance for the specified forwarder(s). > > > > > > I did confirm that dig's etc to 9.9.9.9 etc in CLI do allow just fine, so > > > there is no local firewall blockage. > > > > > > Any other thoughts? Seems odd, but I am new to PDNS.. > > > > Please show the startup log. > > > > -Otto > > > > > > > > Best, Tim > > > > > > > > > > > > On Wed, Aug 24, 2022 at 3:13 PM Otto Moerbeek <o...@drijf.net> wrote: > > > > > > > On Wed, Aug 24, 2022 at 09:05:46PM +0200, Otto Moerbeek via Pdns-users > > > > wrote: > > > > > > > > > On Wed, Aug 24, 2022 at 02:09:11PM -0400, Holmes, Timothy via > > Pdns-users > > > > wrote: > > > > > > > > > > > Hi Team, > > > > > > > > > > > > I have what I hope is a simple question I'm unable to find a better > > > > answer > > > > > > for. I would like to add some external forwarders to our recursor > > > > > > instances. These are live running prod instances. I verified the > > live > > > > paths > > > > > > and updated the recursor.config's to reflect > > > > > > > > > > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 > > > > > > and also tried forward-zones-recurse=.=9.9.9.9 > > > > > > > > > > > > Each time pushed a restart and verified. Each time the root name > > hints > > > > seem > > > > > > to still be the default behavior including after removing the > > > > referenced > > > > > > root hint file entry. > > > > > > > > > > > > sudo service pdns-recursor restart > > > > > > sudo service pdns-recursor status > > > > > > > > > > > > Am I missing something obvious, or will the root hints always take > > > > > > precedence? > > > > > > > > > > > > Thanks, Tim > > > > > > -- > > > > > > > > > > > > [image: College of the Holy Cross Logo] > > > > > > > > > > > > *TIM HOLMES* > > > > > > *Chief Information Security Officer* > > > > > > Information Technology Services > > > > > > thol...@holycross.edu > > > > > > Pronouns: He/Him/His > > > > > > > > > > Syntax loogs good. Checks the log, when starting up the recusor logs > > > > > the redirects configged. If it does not do that, you are using > > another > > > > > config file than you are editing. Maybe an alternate --config-dir? > > > > > > > > Also, how do you conclude it is ingnoring the forward-zones-recurse? > > > > > > > > -Otto > > > > > > _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users