Hi Arien, On Thu, 2023-01-26 at 13:30 +0100, Arien Vijn via Pdns-users wrote: > Greetings, > > We recently upgraded pdns_recursor from version 4.4.5 to 4.8.0. It seems that > we run in into the following issue ever since. > > 1/ Client queries for an A-record for xdsl-serviceweb.kpn.com. > 2/ Recursor queries the domain tree and receives the CNAME-record that points > to: xdsl-c-serviceweb.gslb.kpn.com. from the authoritative DNS server. > 3/ Recursor queries and receives the subsequent an A-record from the > authoritative DNS server for that A-record. > 4/ Recursor answers the client mentioned in 1/. > > So far so good, until the A-record of xdsl-c-serviceweb.gslb.kpn.com. expires > out of the 'main record cache' but not from the 'main packet cache'. The > CNAME remains in both caches. Please note this excerpt from: rec_control > dump-cache below:
After some brief investigation we somewhat suspect this is aggressive NSEC caching. Can you see if aggressive-nsec-cache-size=0 makes the problem go away? Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users