Thank you for digging into the issue with that domain :) The reason we never encountered this before the upgrade to 4.6 must be the change in default behaviour regarding dnssec , which went from "process-no-validate" to "process", I assume. (We came from 4.2)
On Thu, 2022-09-22 at 10:26 +0200, abang--- via Pdns-users wrote: > True, TCP is broken as well. > > Am 22. September 2022 10:01:58 MESZ schrieb Otto Moerbeek > <o...@drijf.net>: > > On Thu, Sep 22, 2022 at 09:41:57AM +0200, abang--- via Pdns-users > > wrote: > > > > > The "NSEC3 proving non-existence" of this zone is broken. See > > > https://dnsviz.net/d/riecis.nl/dnssec/?rr=all&a=all&ds=all&doe=o > > > n&ta=.&tk= > > > > > > You can workaround this issue by setting a NTA for it on your > > > Recursors. It is recommended to inform the owner of the zone in > > > order to fix the root cause. > > > > > > Winfried > > > > > > > Agreed, but given my findings in the other post I'm not convinced > > it > > will solve *all* issues with that domain. > > > > -Otto > > > > > > > > > > > > > > Am 22. September 2022 09:27:20 MESZ schrieb Leeflangetje via > > > Pdns-users <pdns-users@mailman.powerdns.com>: > > > > Hi, > > > > > > > > Since we upgraded to pdns-recursor 4.6 we sometimes experience > > > > some > > > > weird behaviour with queries via pdns-recursor. > > > > > > > > Sometimes, when a previously queried record expires through > > > > it's TTL, > > > > the recursor does not provide an answer anymore, until it's > > > > restarted. > > > > > > > > Unfortunately I am not able to reproduce this. It happens > > > > occasionally. > > > > When it happens, we see this: > > > > > > > > Faulty server: > > > > > > > > dig @ns1 riecis.nl A > > > > > > > > ; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @ns1 riecis.nl A > > > > ; (1 server found) > > > > ;; global options: +cmd > > > > ;; Got answer: > > > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27148 > > > > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, > > > > ADDITIONAL: 1 > > > > > > > > ;; OPT PSEUDOSECTION: > > > > ; EDNS: version: 0, flags:; udp: 512 > > > > ;; QUESTION SECTION: > > > > ;riecis.nl. IN A > > > > > > > > ;; AUTHORITY SECTION: > > > > riecis.nl. 2828 IN SOA ns1.minvenj.nl. > > > > hostmaster.solvinity.com. 2022010301 1800 300 604800 3600 > > > > > > > > ;; Query time: 2 msec > > > > ;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx) > > > > ;; WHEN: Tue Sep 20 12:16:55 CEST 2022 > > > > ;; MSG SIZE rcvd: 110 > > > > > > > > other server: > > > > > > > > dig @ns2 riecis.nl A > > > > > > > > ; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @ns2 riecis.nl A > > > > ; (1 server found) > > > > ;; global options: +cmd > > > > ;; Got answer: > > > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61517 > > > > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, > > > > ADDITIONAL: 1 > > > > > > > > ;; OPT PSEUDOSECTION: > > > > ; EDNS: version: 0, flags:; udp: 512 > > > > ;; QUESTION SECTION: > > > > ;riecis.nl. IN A > > > > > > > > ;; ANSWER SECTION: > > > > riecis.nl. 224 IN A 159.46.204.40 > > > > > > > > ;; Query time: 1 msec > > > > ;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx) > > > > ;; WHEN: Tue Sep 20 12:17:03 CEST 2022 > > > > ;; MSG SIZE rcvd: 54 > > > > > > > > > > > > We have a fairly simple configuration, just on what address and > > > > port to > > > > listen on, to use the same address for outgoing queries, en a > > > > short li > > > > st of addresses that are allowed to query. > > > > > > > > I have confirmed this problem upto and including version 4.6.3 > > > > > > > > Anyone an idea on how to approach this matter? > > > > > > > > Regards > > > > > > > > > > > > > > > > > > > > Pdns-users mailing list > > > Pdns-users@mailman.powerdns.com > > > https://mailman.powerdns.com/mailman/listinfo/pdns-users > > > > > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users