Re: [Pdns-users] Recursive Forwarders
Bingo, THANK you. There was another config file (probably some old legacy thing given the versioning) in /etc/powerdns/recursor.d that was taking precedence. It's off to the races now. Aug 24 16:46:50 cache1 pdns_recursor[494188]: Redirecting queries for zone '.' with recursion to: 9.9.9.9:53, 1.1.1.2:53 Cheers, Best, Tim forward-zones-recurse+=opcenter.aws=10.40.1.4,webdev.aws=10.40.1.4,webprod.aws=1 0.40.1.4 On Wed, Aug 24, 2022 at 4:27 PM Otto Moerbeek wrote: > On Wed, Aug 24, 2022 at 04:16:49PM -0400, Holmes, Timothy wrote: > > > Full(er) log, I dont see any reference to the forwarders.. > > Best, Tim > > Indeed, no log lin wrt recursive forwarding. You do have in your config: > > include-dir=/etc/powerdns/recursor.d > > So it could be a file in there overriding things. > > *BUT* you edited the log. Please do not do that. It makes it hard for > us to help you. > > Your local address from your posted config is 127.0.0.1. But the log shows > x.x.x.x. > > See > https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/ > > -Otto > > > > > > Aug 24 16:12:17 cache1 systemd[1]: Stopping PowerDNS Recursor... > > Aug 24 16:12:17 cache1 systemd[1]: pdns-recursor.service: Succeeded. > > Aug 24 16:12:17 cache1 systemd[1]: Stopped PowerDNS Recursor. > > Aug 24 16:12:17 cache1 systemd[1]: Starting PowerDNS Recursor... > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Aug 24 16:12:17 Asked to > run > > with pdns-distributes-queries set but no distributor threads, raising to > 1 > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS Recursor 4.2.1 (C) > > 2001-2019 PowerDNS.COM BV > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Using 64-bits mode. Built > > using gcc 9.2.1 20200202. > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS comes with > > ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to > > redistribute it according to the terms of the GPL version 2. > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: NOT using IPv6 for outgoing > > queries - set 'query-local-address6=::' to enable > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Only allowing queries from: > > 10.0.0.0/8, 127.0.0.1/32, 192.133.83.0/24, 192.168.0.0/16, 172.31.8.0/22 > , > > 172.31.12.0/22, 172.31.32.0/20, 172.31.64.0/20, 172.31.0.0/22, > > 172.31.16.0/20, 172.31.80.0/20, 172.31.48.0/20, 172.31.4.0/22 > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Loaded the Public Suffix > List > > from '/usr/share/publicsuffix/public_suffix_list.dat' > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Will not send queries to: > > 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, > > 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, > > 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, > > :::0:0/96, 100::/64, 2001:db8::/32, 0.0.0.0, :: > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS Recursor itself > will > > distribute queries over threads > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Redirecting queries for > zone ' > > holycross.edu' to: x.x.x.x > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Inserting rfc 1918 private > > space zones > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Will not overwrite zone > > '10.in-addr.arpa' already loaded > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Listening for UDP queries > on > > x.x.x.x:53 > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Enabled TCP data-ready > filter > > for (slight) DoS protection > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Listening for TCP queries > on > > x.x.x.x:53 > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Set effective group id to > 121 > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Set effective user id to > 114 > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Launching 1 distributor > > threads > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Launching 2 worker threads > > Aug 24 16:12:17 cache1 systemd[1]: Started PowerDNS Recursor. > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Done priming cache with > root > > hints > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Done priming cache with > root > > hints > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: message repeated 2 times: [ > > Done priming cache with root hints] > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Enabled 'epoll' multiplexer > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 199 questions, 1279 > > cache entries, 31 negative entries, 3% cache hits > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: throttle map: 0, ns > > speeds: 668, failed ns: 0, ednsmap: 269 > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: outpacket/query > ratio > > 248%, 0% throttled, 0 no-delegation drops > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 3 outgoing tcp > > connections, 33 queries running, 0 outgoing timeouts > > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 145 packet cache > >
Re: [Pdns-users] Recursive Forwarders
On Wed, Aug 24, 2022 at 4:17 PM Holmes, Timothy via Pdns-users wrote: > Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS Recursor 4.2.1 (C) > 2001-2019 PowerDNS.COM BV "PowerDNS Recursor 4.2.1" is quite old, past EoL, and may not support the feature you are trying to use. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursive Forwarders
On Wed, Aug 24, 2022 at 04:16:49PM -0400, Holmes, Timothy wrote: > Full(er) log, I dont see any reference to the forwarders.. > Best, Tim Indeed, no log lin wrt recursive forwarding. You do have in your config: include-dir=/etc/powerdns/recursor.d So it could be a file in there overriding things. *BUT* you edited the log. Please do not do that. It makes it hard for us to help you. Your local address from your posted config is 127.0.0.1. But the log shows x.x.x.x. See https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/ -Otto > > Aug 24 16:12:17 cache1 systemd[1]: Stopping PowerDNS Recursor... > Aug 24 16:12:17 cache1 systemd[1]: pdns-recursor.service: Succeeded. > Aug 24 16:12:17 cache1 systemd[1]: Stopped PowerDNS Recursor. > Aug 24 16:12:17 cache1 systemd[1]: Starting PowerDNS Recursor... > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Aug 24 16:12:17 Asked to run > with pdns-distributes-queries set but no distributor threads, raising to 1 > Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS Recursor 4.2.1 (C) > 2001-2019 PowerDNS.COM BV > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Using 64-bits mode. Built > using gcc 9.2.1 20200202. > Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS comes with > ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to > redistribute it according to the terms of the GPL version 2. > Aug 24 16:12:17 cache1 pdns_recursor[491939]: NOT using IPv6 for outgoing > queries - set 'query-local-address6=::' to enable > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Only allowing queries from: > 10.0.0.0/8, 127.0.0.1/32, 192.133.83.0/24, 192.168.0.0/16, 172.31.8.0/22, > 172.31.12.0/22, 172.31.32.0/20, 172.31.64.0/20, 172.31.0.0/22, > 172.31.16.0/20, 172.31.80.0/20, 172.31.48.0/20, 172.31.4.0/22 > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Loaded the Public Suffix List > from '/usr/share/publicsuffix/public_suffix_list.dat' > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Will not send queries to: > 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, > 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, > 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, > :::0:0/96, 100::/64, 2001:db8::/32, 0.0.0.0, :: > Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS Recursor itself will > distribute queries over threads > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Redirecting queries for zone ' > holycross.edu' to: x.x.x.x > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Inserting rfc 1918 private > space zones > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Will not overwrite zone > '10.in-addr.arpa' already loaded > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Listening for UDP queries on > x.x.x.x:53 > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Enabled TCP data-ready filter > for (slight) DoS protection > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Listening for TCP queries on > x.x.x.x:53 > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Set effective group id to 121 > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Set effective user id to 114 > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Launching 1 distributor > threads > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Launching 2 worker threads > Aug 24 16:12:17 cache1 systemd[1]: Started PowerDNS Recursor. > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Done priming cache with root > hints > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Done priming cache with root > hints > Aug 24 16:12:17 cache1 pdns_recursor[491939]: message repeated 2 times: [ > Done priming cache with root hints] > Aug 24 16:12:17 cache1 pdns_recursor[491939]: Enabled 'epoll' multiplexer > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 199 questions, 1279 > cache entries, 31 negative entries, 3% cache hits > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: throttle map: 0, ns > speeds: 668, failed ns: 0, ednsmap: 269 > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: outpacket/query ratio > 248%, 0% throttled, 0 no-delegation drops > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 3 outgoing tcp > connections, 33 queries running, 0 outgoing timeouts > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 145 packet cache > entries, 7% packet cache hits > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: thread 0 has been > distributed 109 queries > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: thread 1 has been > distributed 87 queries > > On Wed, Aug 24, 2022 at 4:02 PM Otto Moerbeek via Pdns-users < > pdns-users@mailman.powerdns.com> wrote: > > > On Wed, Aug 24, 2022 at 09:51:49PM +0200, Leendert Meyer via Pdns-users > > wrote: > > > > > Hello Timothy, > > > > > > On Wednesday, 24 August 2022 20:09:11 CEST Holmes, Timothy via > > Pdns-users > > > wrote: > > > > > > > > > > > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 > > > > and also tried forward-zones-recurse=.=9.9.9.9
Re: [Pdns-users] Recursive Forwarders
Full(er) log, I dont see any reference to the forwarders.. Best, Tim Aug 24 16:12:17 cache1 systemd[1]: Stopping PowerDNS Recursor... Aug 24 16:12:17 cache1 systemd[1]: pdns-recursor.service: Succeeded. Aug 24 16:12:17 cache1 systemd[1]: Stopped PowerDNS Recursor. Aug 24 16:12:17 cache1 systemd[1]: Starting PowerDNS Recursor... Aug 24 16:12:17 cache1 pdns_recursor[491939]: Aug 24 16:12:17 Asked to run with pdns-distributes-queries set but no distributor threads, raising to 1 Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS Recursor 4.2.1 (C) 2001-2019 PowerDNS.COM BV Aug 24 16:12:17 cache1 pdns_recursor[491939]: Using 64-bits mode. Built using gcc 9.2.1 20200202. Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2. Aug 24 16:12:17 cache1 pdns_recursor[491939]: NOT using IPv6 for outgoing queries - set 'query-local-address6=::' to enable Aug 24 16:12:17 cache1 pdns_recursor[491939]: Only allowing queries from: 10.0.0.0/8, 127.0.0.1/32, 192.133.83.0/24, 192.168.0.0/16, 172.31.8.0/22, 172.31.12.0/22, 172.31.32.0/20, 172.31.64.0/20, 172.31.0.0/22, 172.31.16.0/20, 172.31.80.0/20, 172.31.48.0/20, 172.31.4.0/22 Aug 24 16:12:17 cache1 pdns_recursor[491939]: Loaded the Public Suffix List from '/usr/share/publicsuffix/public_suffix_list.dat' Aug 24 16:12:17 cache1 pdns_recursor[491939]: Will not send queries to: 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, :::0:0/96, 100::/64, 2001:db8::/32, 0.0.0.0, :: Aug 24 16:12:17 cache1 pdns_recursor[491939]: PowerDNS Recursor itself will distribute queries over threads Aug 24 16:12:17 cache1 pdns_recursor[491939]: Redirecting queries for zone ' holycross.edu' to: x.x.x.x Aug 24 16:12:17 cache1 pdns_recursor[491939]: Inserting rfc 1918 private space zones Aug 24 16:12:17 cache1 pdns_recursor[491939]: Will not overwrite zone '10.in-addr.arpa' already loaded Aug 24 16:12:17 cache1 pdns_recursor[491939]: Listening for UDP queries on x.x.x.x:53 Aug 24 16:12:17 cache1 pdns_recursor[491939]: Enabled TCP data-ready filter for (slight) DoS protection Aug 24 16:12:17 cache1 pdns_recursor[491939]: Listening for TCP queries on x.x.x.x:53 Aug 24 16:12:17 cache1 pdns_recursor[491939]: Set effective group id to 121 Aug 24 16:12:17 cache1 pdns_recursor[491939]: Set effective user id to 114 Aug 24 16:12:17 cache1 pdns_recursor[491939]: Launching 1 distributor threads Aug 24 16:12:17 cache1 pdns_recursor[491939]: Launching 2 worker threads Aug 24 16:12:17 cache1 systemd[1]: Started PowerDNS Recursor. Aug 24 16:12:17 cache1 pdns_recursor[491939]: Done priming cache with root hints Aug 24 16:12:17 cache1 pdns_recursor[491939]: Done priming cache with root hints Aug 24 16:12:17 cache1 pdns_recursor[491939]: message repeated 2 times: [ Done priming cache with root hints] Aug 24 16:12:17 cache1 pdns_recursor[491939]: Enabled 'epoll' multiplexer Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 199 questions, 1279 cache entries, 31 negative entries, 3% cache hits Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: throttle map: 0, ns speeds: 668, failed ns: 0, ednsmap: 269 Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: outpacket/query ratio 248%, 0% throttled, 0 no-delegation drops Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 3 outgoing tcp connections, 33 queries running, 0 outgoing timeouts Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: 145 packet cache entries, 7% packet cache hits Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: thread 0 has been distributed 109 queries Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: thread 1 has been distributed 87 queries On Wed, Aug 24, 2022 at 4:02 PM Otto Moerbeek via Pdns-users < pdns-users@mailman.powerdns.com> wrote: > On Wed, Aug 24, 2022 at 09:51:49PM +0200, Leendert Meyer via Pdns-users > wrote: > > > Hello Timothy, > > > > On Wednesday, 24 August 2022 20:09:11 CEST Holmes, Timothy via > Pdns-users > > wrote: > > > > > > > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 > > > and also tried forward-zones-recurse=.=9.9.9.9 > > > > > > Each time pushed a restart and verified. Each time the root name hints > seem > > > to still be the default behavior including after removing the > referenced > > > root hint file entry. > > > > > > > > > Am I missing something obvious, or will the root hints always take > > > precedence? > > > > Whithout testing, the ‘=.=’ seems odd. > > > > You probably have to change ‘=.=’ into ‘=’. > > Npe, that is the syntax to forward everything: > > forward-zones-recurse=.=9.9.9.9;1.1.1.1 > > Leads to: > > Aug 24 22:00:33 Redirecting queries for zone '.' with recursion to: > 9.9.9.9:53, 1.1.1.1:53 > > It basically turns a full recursor into just a cache. Plus
Re: [Pdns-users] Recursive Forwarders
Thanks Leen, As I understand it, the "." is there to represent all domains for forwarding on. Best, Tim On Wed, Aug 24, 2022 at 3:51 PM Leendert Meyer via Pdns-users < pdns-users@mailman.powerdns.com> wrote: > Hello Timothy, > > On Wednesday, 24 August 2022 20:09:11 CEST Holmes, Timothy via Pdns-users > wrote: > > > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 > > > and also tried forward-zones-recurse=.=9.9.9.9 > > > > > > Each time pushed a restart and verified. Each time the root name hints > seem > > > to still be the default behavior including after removing the referenced > > > root hint file entry. > > > > > Am I missing something obvious, or will the root hints always take > > > precedence? > > Whithout testing, the ‘=.=’ seems odd. > > You probably have to change ‘=.=’ into ‘=’. > > Kind regards, > > Leen > > ___ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users > ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursive Forwarders
On Wed, Aug 24, 2022 at 09:51:49PM +0200, Leendert Meyer via Pdns-users wrote: > Hello Timothy, > > On Wednesday, 24 August 2022 20:09:11 CEST Holmes, Timothy via Pdns-users > wrote: > > > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 > > and also tried forward-zones-recurse=.=9.9.9.9 > > > > Each time pushed a restart and verified. Each time the root name hints seem > > to still be the default behavior including after removing the referenced > > root hint file entry. > > > > > Am I missing something obvious, or will the root hints always take > > precedence? > > Whithout testing, the ‘=.=’ seems odd. > > You probably have to change ‘=.=’ into ‘=’. Npe, that is the syntax to forward everything: forward-zones-recurse=.=9.9.9.9;1.1.1.1 Leads to: Aug 24 22:00:33 Redirecting queries for zone '.' with recursion to: 9.9.9.9:53, 1.1.1.1:53 It basically turns a full recursor into just a cache. Plus you are now depdendent on the forwarded-to resolvers. So there are drawbacks. -Otto > > Kind regards, > > Leen > ___ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursive Forwarders
Here's the only configured values from live, I'm still trying to find the logs, I dont have named instances and there is no info in syslog, only info i get is from the service status. Best, Tim # # config-dirLocation of configuration directory (recursor.conf) # config-dir=/etc/powerdns # # forward-zones-recurse Zones for which we forward queries with recursion bit, comma separated domain=ip pairs # #forward-zones-recurse= forward-zones-recurse=.=9.9.9.9 # # hint-file If set, load root hints from this file # # hint-file= hint-file=/usr/share/dns/root.hints # # include-dir Include *.conf files from this directory # # include-dir= include-dir=/etc/powerdns/recursor.d # # local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports. # local-address=127.0.0.1 # # lua-config-file More powerful configuration options # lua-config-file=/etc/powerdns/recursor.lua # # public-suffix-list-file Path to the Public Suffix List file, if any # public-suffix-list-file=/usr/share/publicsuffix/public_suffix_list.dat # # quiet Suppress logging of questions and answers # quiet=yes # # security-poll-suffix Domain name from which to query security update notifications # # security-poll-suffix=secpoll.powerdns.com. security-poll-suffix= # # setgidIf set, change group id to this gid for more security # setgid=pdns # # setuidIf set, change user id to this uid for more security # setuid=pdns On Wed, Aug 24, 2022 at 3:53 PM Otto Moerbeek wrote: > On Wed, Aug 24, 2022 at 03:41:34PM -0400, Holmes, Timothy wrote: > > > Config is very default.. > > [snip] > > This file is mangled with the extra line wrappings. Also I do not see > any forward-zones-recurse settings there. > > Please provide complete, actual amd unmangled information. > > -Otto > ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursive Forwarders
On Wed, Aug 24, 2022 at 03:41:34PM -0400, Holmes, Timothy wrote: > Config is very default.. [snip] This file is mangled with the extra line wrappings. Also I do not see any forward-zones-recurse settings there. Please provide complete, actual amd unmangled information. -Otto ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursive Forwarders
Hello Timothy, On Wednesday, 24 August 2022 20:09:11 CEST Holmes, Timothy via Pdns-users wrote: > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 > and also tried forward-zones-recurse=.=9.9.9.9 > > Each time pushed a restart and verified. Each time the root name hints seem > to still be the default behavior including after removing the referenced > root hint file entry. > Am I missing something obvious, or will the root hints always take > precedence? Whithout testing, the ‘=.=’ seems odd. You probably have to change ‘=.=’ into ‘=’. Kind regards, Leen ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursive Forwarders
On Wed, Aug 24, 2022 at 03:39:06PM -0400, Holmes, Timothy wrote: > I dont believe we have those configured currently..at least not any named > way.. I do have: > > pdns-recursor.service - PowerDNS Recursor > Loaded: loaded (/lib/systemd/system/pdns-recursor.service; enabled; > vendor preset: enabled) > Active: active (running) since Wed 2022-08-24 15:19:00 EDT; 3s ago >Docs: man:pdns_recursor(1) > man:rec_control(1) > https://doc.powerdns.com >Main PID: 490386 (pdns_recursor) > Tasks: 5 (limit: 9437) > Memory: 10.1M > CGroup: /system.slice/pdns-recursor.service > └─490386 /usr/sbin/pdns_recursor --daemon=no --write-pid=no > --disable-syslog --log-timestamp=no > > Aug 24 15:19:00 cache1.holycross.edu pdns_recursor[490386]: Done priming > cache with root hints > Aug 24 15:19:00 cache1.holycross.edu pdns_recursor[490386]: Done priming > cache with root hints > Aug 24 15:19:00 cache1.holycross.edu pdns_recursor[490386]: Enabled 'epoll' > multiplexer > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: 187 > questions, 1221 cache entries, 19 negative entries, 1% cache hits > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: throttle > map: 1, ns speeds: 677, failed ns: 0, ednsmap: 257 > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: > outpacket/query ratio 250%, 0% throttled, 0 no-delegation drops > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: 5 > outgoing tcp connections, 18 queries running, 0 outgoing timeouts > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: 151 > packet cache entries, 6% packet cache hits > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: thread 0 > has been distributed 87 queries > Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: thread 1 > has been distributed 98 queries We need all the lines, starting with the Copyright banner. -Otto > > On Wed, Aug 24, 2022 at 3:35 PM Otto Moerbeek wrote: > > > On Wed, Aug 24, 2022 at 03:27:15PM -0400, Holmes, Timothy wrote: > > > > > Thanks Otto, definitely is the correct config file, if for instance I > > > change the host-hints-file look up to no, the service fails to load and > > > indicates it cant find the file named no (assume we're not on that > > version > > > yet... separate issue.. ) > > > > > > I conclude it's ignoring the forward zones recurse because at the > > > enterprise edge firewall the only dns lookups I see coming from the box > > (by > > > the vast volumes) and heading outside are heading to other name servers > > > than anything I specified. Looks like typical root hint type recursive > > > lookups. Not a single instance for the specified forwarder(s). > > > > > > I did confirm that dig's etc to 9.9.9.9 etc in CLI do allow just fine, so > > > there is no local firewall blockage. > > > > > > Any other thoughts? Seems odd, but I am new to PDNS.. > > > > Please show the startup log. > > > > -Otto > > > > > > > > Best, Tim > > > > > > > > > > > > On Wed, Aug 24, 2022 at 3:13 PM Otto Moerbeek wrote: > > > > > > > On Wed, Aug 24, 2022 at 09:05:46PM +0200, Otto Moerbeek via Pdns-users > > > > wrote: > > > > > > > > > On Wed, Aug 24, 2022 at 02:09:11PM -0400, Holmes, Timothy via > > Pdns-users > > > > wrote: > > > > > > > > > > > Hi Team, > > > > > > > > > > > > I have what I hope is a simple question I'm unable to find a better > > > > answer > > > > > > for. I would like to add some external forwarders to our recursor > > > > > > instances. These are live running prod instances. I verified the > > live > > > > paths > > > > > > and updated the recursor.config's to reflect > > > > > > > > > > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 > > > > > > and also tried forward-zones-recurse=.=9.9.9.9 > > > > > > > > > > > > Each time pushed a restart and verified. Each time the root name > > hints > > > > seem > > > > > > to still be the default behavior including after removing the > > > > referenced > > > > > > root hint file entry. > > > > > > > > > > > > sudo service pdns-recursor restart > > > > > > sudo service pdns-recursor status > > > > > > > > > > > > Am I missing something obvious, or will the root hints always take > > > > > > precedence? > > > > > > > > > > > > Thanks, Tim > > > > > > -- > > > > > > > > > > > > [image: College of the Holy Cross Logo] > > > > > > > > > > > > *TIM HOLMES* > > > > > > *Chief Information Security Officer* > > > > > > Information Technology Services > > > > > > thol...@holycross.edu > > > > > > Pronouns: He/Him/His > > > > > > > > > > Syntax loogs good. Checks the log, when starting up the recusor logs > > > > > the redirects configged. If it does not do that, you are using > > another > > > > > config file than you are editing. Maybe an alternate --config-dir? > > > > > > > > Also, how do you conclude it is ingnoring the forward-zones-recurse? > > >
Re: [Pdns-users] Recursive Forwarders
I dont believe we have those configured currently..at least not any named way.. I do have: pdns-recursor.service - PowerDNS Recursor Loaded: loaded (/lib/systemd/system/pdns-recursor.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2022-08-24 15:19:00 EDT; 3s ago Docs: man:pdns_recursor(1) man:rec_control(1) https://doc.powerdns.com Main PID: 490386 (pdns_recursor) Tasks: 5 (limit: 9437) Memory: 10.1M CGroup: /system.slice/pdns-recursor.service └─490386 /usr/sbin/pdns_recursor --daemon=no --write-pid=no --disable-syslog --log-timestamp=no Aug 24 15:19:00 cache1.holycross.edu pdns_recursor[490386]: Done priming cache with root hints Aug 24 15:19:00 cache1.holycross.edu pdns_recursor[490386]: Done priming cache with root hints Aug 24 15:19:00 cache1.holycross.edu pdns_recursor[490386]: Enabled 'epoll' multiplexer Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: 187 questions, 1221 cache entries, 19 negative entries, 1% cache hits Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: throttle map: 1, ns speeds: 677, failed ns: 0, ednsmap: 257 Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: outpacket/query ratio 250%, 0% throttled, 0 no-delegation drops Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: 5 outgoing tcp connections, 18 queries running, 0 outgoing timeouts Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: 151 packet cache entries, 6% packet cache hits Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: thread 0 has been distributed 87 queries Aug 24 15:19:01 cache1.holycross.edu pdns_recursor[490386]: stats: thread 1 has been distributed 98 queries On Wed, Aug 24, 2022 at 3:35 PM Otto Moerbeek wrote: > On Wed, Aug 24, 2022 at 03:27:15PM -0400, Holmes, Timothy wrote: > > > Thanks Otto, definitely is the correct config file, if for instance I > > change the host-hints-file look up to no, the service fails to load and > > indicates it cant find the file named no (assume we're not on that > version > > yet... separate issue.. ) > > > > I conclude it's ignoring the forward zones recurse because at the > > enterprise edge firewall the only dns lookups I see coming from the box > (by > > the vast volumes) and heading outside are heading to other name servers > > than anything I specified. Looks like typical root hint type recursive > > lookups. Not a single instance for the specified forwarder(s). > > > > I did confirm that dig's etc to 9.9.9.9 etc in CLI do allow just fine, so > > there is no local firewall blockage. > > > > Any other thoughts? Seems odd, but I am new to PDNS.. > > Please show the startup log. > > -Otto > > > > > Best, Tim > > > > > > > > On Wed, Aug 24, 2022 at 3:13 PM Otto Moerbeek wrote: > > > > > On Wed, Aug 24, 2022 at 09:05:46PM +0200, Otto Moerbeek via Pdns-users > > > wrote: > > > > > > > On Wed, Aug 24, 2022 at 02:09:11PM -0400, Holmes, Timothy via > Pdns-users > > > wrote: > > > > > > > > > Hi Team, > > > > > > > > > > I have what I hope is a simple question I'm unable to find a better > > > answer > > > > > for. I would like to add some external forwarders to our recursor > > > > > instances. These are live running prod instances. I verified the > live > > > paths > > > > > and updated the recursor.config's to reflect > > > > > > > > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 > > > > > and also tried forward-zones-recurse=.=9.9.9.9 > > > > > > > > > > Each time pushed a restart and verified. Each time the root name > hints > > > seem > > > > > to still be the default behavior including after removing the > > > referenced > > > > > root hint file entry. > > > > > > > > > > sudo service pdns-recursor restart > > > > > sudo service pdns-recursor status > > > > > > > > > > Am I missing something obvious, or will the root hints always take > > > > > precedence? > > > > > > > > > > Thanks, Tim > > > > > -- > > > > > > > > > > [image: College of the Holy Cross Logo] > > > > > > > > > > *TIM HOLMES* > > > > > *Chief Information Security Officer* > > > > > Information Technology Services > > > > > thol...@holycross.edu > > > > > Pronouns: He/Him/His > > > > > > > > Syntax loogs good. Checks the log, when starting up the recusor logs > > > > the redirects configged. If it does not do that, you are using > another > > > > config file than you are editing. Maybe an alternate --config-dir? > > > > > > Also, how do you conclude it is ingnoring the forward-zones-recurse? > > > > > > -Otto > > > > ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursive Forwarders
On Wed, Aug 24, 2022 at 03:27:15PM -0400, Holmes, Timothy wrote: > Thanks Otto, definitely is the correct config file, if for instance I > change the host-hints-file look up to no, the service fails to load and > indicates it cant find the file named no (assume we're not on that version > yet... separate issue.. ) > > I conclude it's ignoring the forward zones recurse because at the > enterprise edge firewall the only dns lookups I see coming from the box (by > the vast volumes) and heading outside are heading to other name servers > than anything I specified. Looks like typical root hint type recursive > lookups. Not a single instance for the specified forwarder(s). > > I did confirm that dig's etc to 9.9.9.9 etc in CLI do allow just fine, so > there is no local firewall blockage. > > Any other thoughts? Seems odd, but I am new to PDNS.. Please show the startup log. -Otto > > Best, Tim > > > > On Wed, Aug 24, 2022 at 3:13 PM Otto Moerbeek wrote: > > > On Wed, Aug 24, 2022 at 09:05:46PM +0200, Otto Moerbeek via Pdns-users > > wrote: > > > > > On Wed, Aug 24, 2022 at 02:09:11PM -0400, Holmes, Timothy via Pdns-users > > wrote: > > > > > > > Hi Team, > > > > > > > > I have what I hope is a simple question I'm unable to find a better > > answer > > > > for. I would like to add some external forwarders to our recursor > > > > instances. These are live running prod instances. I verified the live > > paths > > > > and updated the recursor.config's to reflect > > > > > > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 > > > > and also tried forward-zones-recurse=.=9.9.9.9 > > > > > > > > Each time pushed a restart and verified. Each time the root name hints > > seem > > > > to still be the default behavior including after removing the > > referenced > > > > root hint file entry. > > > > > > > > sudo service pdns-recursor restart > > > > sudo service pdns-recursor status > > > > > > > > Am I missing something obvious, or will the root hints always take > > > > precedence? > > > > > > > > Thanks, Tim > > > > -- > > > > > > > > [image: College of the Holy Cross Logo] > > > > > > > > *TIM HOLMES* > > > > *Chief Information Security Officer* > > > > Information Technology Services > > > > thol...@holycross.edu > > > > Pronouns: He/Him/His > > > > > > Syntax loogs good. Checks the log, when starting up the recusor logs > > > the redirects configged. If it does not do that, you are using another > > > config file than you are editing. Maybe an alternate --config-dir? > > > > Also, how do you conclude it is ingnoring the forward-zones-recurse? > > > > -Otto > > ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursive Forwarders
Thanks Otto, definitely is the correct config file, if for instance I change the host-hints-file look up to no, the service fails to load and indicates it cant find the file named no (assume we're not on that version yet... separate issue.. ) I conclude it's ignoring the forward zones recurse because at the enterprise edge firewall the only dns lookups I see coming from the box (by the vast volumes) and heading outside are heading to other name servers than anything I specified. Looks like typical root hint type recursive lookups. Not a single instance for the specified forwarder(s). I did confirm that dig's etc to 9.9.9.9 etc in CLI do allow just fine, so there is no local firewall blockage. Any other thoughts? Seems odd, but I am new to PDNS.. Best, Tim On Wed, Aug 24, 2022 at 3:13 PM Otto Moerbeek wrote: > On Wed, Aug 24, 2022 at 09:05:46PM +0200, Otto Moerbeek via Pdns-users > wrote: > > > On Wed, Aug 24, 2022 at 02:09:11PM -0400, Holmes, Timothy via Pdns-users > wrote: > > > > > Hi Team, > > > > > > I have what I hope is a simple question I'm unable to find a better > answer > > > for. I would like to add some external forwarders to our recursor > > > instances. These are live running prod instances. I verified the live > paths > > > and updated the recursor.config's to reflect > > > > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 > > > and also tried forward-zones-recurse=.=9.9.9.9 > > > > > > Each time pushed a restart and verified. Each time the root name hints > seem > > > to still be the default behavior including after removing the > referenced > > > root hint file entry. > > > > > > sudo service pdns-recursor restart > > > sudo service pdns-recursor status > > > > > > Am I missing something obvious, or will the root hints always take > > > precedence? > > > > > > Thanks, Tim > > > -- > > > > > > [image: College of the Holy Cross Logo] > > > > > > *TIM HOLMES* > > > *Chief Information Security Officer* > > > Information Technology Services > > > thol...@holycross.edu > > > Pronouns: He/Him/His > > > > Syntax loogs good. Checks the log, when starting up the recusor logs > > the redirects configged. If it does not do that, you are using another > > config file than you are editing. Maybe an alternate --config-dir? > > Also, how do you conclude it is ingnoring the forward-zones-recurse? > > -Otto > ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursive Forwarders
On Wed, Aug 24, 2022 at 09:05:46PM +0200, Otto Moerbeek via Pdns-users wrote: > On Wed, Aug 24, 2022 at 02:09:11PM -0400, Holmes, Timothy via Pdns-users > wrote: > > > Hi Team, > > > > I have what I hope is a simple question I'm unable to find a better answer > > for. I would like to add some external forwarders to our recursor > > instances. These are live running prod instances. I verified the live paths > > and updated the recursor.config's to reflect > > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 > > and also tried forward-zones-recurse=.=9.9.9.9 > > > > Each time pushed a restart and verified. Each time the root name hints seem > > to still be the default behavior including after removing the referenced > > root hint file entry. > > > > sudo service pdns-recursor restart > > sudo service pdns-recursor status > > > > Am I missing something obvious, or will the root hints always take > > precedence? > > > > Thanks, Tim > > -- > > > > [image: College of the Holy Cross Logo] > > > > *TIM HOLMES* > > *Chief Information Security Officer* > > Information Technology Services > > thol...@holycross.edu > > Pronouns: He/Him/His > > Syntax loogs good. Checks the log, when starting up the recusor logs > the redirects configged. If it does not do that, you are using another > config file than you are editing. Maybe an alternate --config-dir? Also, how do you conclude it is ingnoring the forward-zones-recurse? -Otto ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursive Forwarders
On Wed, Aug 24, 2022 at 02:09:11PM -0400, Holmes, Timothy via Pdns-users wrote: > Hi Team, > > I have what I hope is a simple question I'm unable to find a better answer > for. I would like to add some external forwarders to our recursor > instances. These are live running prod instances. I verified the live paths > and updated the recursor.config's to reflect > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 > and also tried forward-zones-recurse=.=9.9.9.9 > > Each time pushed a restart and verified. Each time the root name hints seem > to still be the default behavior including after removing the referenced > root hint file entry. > > sudo service pdns-recursor restart > sudo service pdns-recursor status > > Am I missing something obvious, or will the root hints always take > precedence? > > Thanks, Tim > -- > > [image: College of the Holy Cross Logo] > > *TIM HOLMES* > *Chief Information Security Officer* > Information Technology Services > thol...@holycross.edu > Pronouns: He/Him/His Syntax loogs good. Checks the log, when starting up the recusor logs the redirects configged. If it does not do that, you are using another config file than you are editing. Maybe an alternate --config-dir? -Otto ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Recursive Forwarders
Hi Team, I have what I hope is a simple question I'm unable to find a better answer for. I would like to add some external forwarders to our recursor instances. These are live running prod instances. I verified the live paths and updated the recursor.config's to reflect forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 and also tried forward-zones-recurse=.=9.9.9.9 Each time pushed a restart and verified. Each time the root name hints seem to still be the default behavior including after removing the referenced root hint file entry. sudo service pdns-recursor restart sudo service pdns-recursor status Am I missing something obvious, or will the root hints always take precedence? Thanks, Tim -- [image: College of the Holy Cross Logo] *TIM HOLMES* *Chief Information Security Officer* Information Technology Services thol...@holycross.edu Pronouns: He/Him/His ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users