The "NSEC3 proving non-existence" of this zone is broken. See https://dnsviz.net/d/riecis.nl/dnssec/?rr=all&a=all&ds=all&doe=on&ta=.&tk=
You can workaround this issue by setting a NTA for it on your Recursors. It is recommended to inform the owner of the zone in order to fix the root cause. Winfried Am 22. September 2022 09:27:20 MESZ schrieb Leeflangetje via Pdns-users <pdns-users@mailman.powerdns.com>: >Hi, > >Since we upgraded to pdns-recursor 4.6 we sometimes experience some >weird behaviour with queries via pdns-recursor. > >Sometimes, when a previously queried record expires through it's TTL, >the recursor does not provide an answer anymore, until it's restarted. > >Unfortunately I am not able to reproduce this. It happens occasionally. >When it happens, we see this: > >Faulty server: > >dig @ns1 riecis.nl A > >; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @ns1 riecis.nl A >; (1 server found) >;; global options: +cmd >;; Got answer: >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27148 >;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > >;; OPT PSEUDOSECTION: >; EDNS: version: 0, flags:; udp: 512 >;; QUESTION SECTION: >;riecis.nl. IN A > >;; AUTHORITY SECTION: >riecis.nl. 2828 IN SOA ns1.minvenj.nl. hostmaster.solvinity.com. >2022010301 1800 300 604800 3600 > >;; Query time: 2 msec >;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx) >;; WHEN: Tue Sep 20 12:16:55 CEST 2022 >;; MSG SIZE rcvd: 110 > >other server: > >dig @ns2 riecis.nl A > >; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @ns2 riecis.nl A >; (1 server found) >;; global options: +cmd >;; Got answer: >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61517 >;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > >;; OPT PSEUDOSECTION: >; EDNS: version: 0, flags:; udp: 512 >;; QUESTION SECTION: >;riecis.nl. IN A > >;; ANSWER SECTION: >riecis.nl. 224 IN A 159.46.204.40 > >;; Query time: 1 msec >;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx) >;; WHEN: Tue Sep 20 12:17:03 CEST 2022 >;; MSG SIZE rcvd: 54 > > >We have a fairly simple configuration, just on what address and port to > listen on, to use the same address for outgoing queries, en a short li >st of addresses that are allowed to query. > >I have confirmed this problem upto and including version 4.6.3 > >Anyone an idea on how to approach this matter? > >Regards > > >
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
