Hi Otto, Thanks for checking. Here is the configuration:
local-address=0.0.0.0, :: local-port=53 query-local-address=::,0.0.0.0 threads=8 allow-from=127.0.0.0/8, ::1/128, 10.0.0.0/8, 87.251.42.0/26, 2001:7b8:650::/48 dnssec=validate lua-config-file=/etc/powerdns/recursor.lua webserver=yes webserver-port=8082 webserver-address=:: webserver-password=<removed> webserver-allow-from=0.0.0.0/32,::/0 api-key=<removed> pdns-distributes-queries=true reuseport=yes any-to-tcp=yes root-nx-trust=no version-string=powerdns max-ns-per-resolve=5 -- Ariƫn > On 26 Jan 2023, at 17:04, Otto Moerbeek <o...@drijf.net> wrote: > > Hi, > > Please show your configuration. > > I do not think your analysis is to the point. > If I repeat a scenario, I see a correct retrieval of the A record. > > So we have to find out what is different in your case. > > -Otto > > > On Thu, Jan 26, 2023 at 01:30:54PM +0100, Arien Vijn via Pdns-users wrote: > >> Greetings, >> >> We recently upgraded pdns_recursor from version 4.4.5 to 4.8.0. It seems >> that we run in into the following issue ever since. >> >> 1/ Client queries for an A-record for xdsl-serviceweb.kpn.com. >> 2/ Recursor queries the domain tree and receives the CNAME-record that >> points to: xdsl-c-serviceweb.gslb.kpn.com. from the authoritative DNS server. >> 3/ Recursor queries and receives the subsequent an A-record from the >> authoritative DNS server for that A-record. >> 4/ Recursor answers the client mentioned in 1/. >> >> So far so good, until the A-record of xdsl-c-serviceweb.gslb.kpn.com. >> expires out of the 'main record cache' but not from the 'main packet cache'. >> The CNAME remains in both caches. Please note this excerpt from: rec_control >> dump-cache below: >> >> ; main record cache dump follows >> ; >> xdsl-serviceweb.kpn.com. 300 -224 IN CNAME xdsl-c-serviceweb.gslb.kpn.com. >> ; (Secure) auth=1 zone=kpn.com from=194.151.228.10 nm= rtag= ss=0 >> ; negcache dump follows >> >> [...] >> >> ; main packet cache dump from thread follows >> ; >> xdsl-c-serviceweb.gslb.kpn.com. -1803 A ; tag 0 udp >> >> [...] >> >> ; main packet cache dump from thread follows >> ; >> xdsl-serviceweb.kpn.com. -470 A ; tag 0 udp >> xdsl-serviceweb.kpn.com. 111 A ; tag 0 udp >> xdsl-serviceweb.kpn.com. 111 AAAA ; tag 0 udp >> >> >> From that point on, pdns_recursor replies on queries for the A-record with >> the SOA-record of the domain of the said A-record: >> >> ; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> >> xdsl-c-serviceweb.gslb.kpn.com. @localhost >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36347 >> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 512 >> ;; QUESTION SECTION: >> ;xdsl-c-serviceweb.gslb.kpn.com. IN A >> >> ;; AUTHORITY SECTION: >> gslb.kpn.com. 79407 IN SOA ns2gslb.kpn.com. >> netmaster.gslb.kpn.com. 2023011702 10800 3600 604800 86400 >> >> ;; Query time: 0 msec >> ;; SERVER: ::1#53(::1) >> ;; WHEN: Thu Jan 26 12:10:13 CET 2023 >> ;; MSG SIZE rcvd: 113 >> >> >> This situation causes actual people to complain and is being resolved by >> removing the domain tree for the subdomain gslb.kpn.com. out of the caches. >> From then on the story starts again. >> >> That the A-record xdsl-c-serviceweb.gslb.kpn.com. remains in the packet >> cache seems not good to me, but I don't know enough about DNS and >> pdns_recursor be sure. What could trigger this behaviour or is it perhaps a >> configuration issue because we made such a large jump in versions when we >> upgraded? Last but not least we see the same behaviour with at least one >> other hostname >> >> -- Ari??n >> > > > >> _______________________________________________ >> Pdns-users mailing list >> Pdns-users@mailman.powerdns.com <mailto:Pdns-users@mailman.powerdns.com> >> https://mailman.powerdns.com/mailman/listinfo/pdns-users >> <https://mailman.powerdns.com/mailman/listinfo/pdns-users>
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users