On Tue, Dec 21, 2010 at 06:24:56PM +0100, Florian Krolikowski wrote: > Hi Bert! > > Here the requested tcpdump. I hope it is meaningful for you. Thanks a > lot for your help.
Hi Florian, It appears that there is no PowerDNS issue - PowerDNS is sending correct root priming queries, but getting no responses. Can you try: dig +bufsize=1280 +norecurs -t ns . @198.41.0.4 And see if you get an answer? It may be that you are behind a firewall that drops answers >512 bytes. If this 'dig' line gets an answer, can you tcpdump it too? Bert > > Flo > > On 12/20/2010 08:37 PM, bert.hub...@netherlabs.nl wrote: > > Can you tcpdump -s 1500 port 53 -w for-bert while it starts? > > > > Sent from my phone. > > > > ----- Reply message ----- > > From: "florian" <flor...@admin-box.com> > > Date: Mon, Dec 20, 2010 19:39 > > Subject: [Pdns-users] pdns-recursor doesnt connect to dns root servers > > To: <pdns-users@mailman.powerdns.com> > > > > > > Hi everyone! > > > > I want to update dns records from root dns servers using pdns-recursor. > > I already looked around, but I didn't find an solution for my problem: > > > > Failed to update . records, RCODE=2 > > > > > > I use a squeeze package: > > server:~# aptitude show pdns-recursor > > Package: pdns-recursor > > State: installed > > Automatically installed: no > > Version: 3.2-4 > > [..] > > > > server:~# grep -v ^# /etc/powerdns/recursor.conf | grep -v ^$ > > allow-from=127.0.0.0/8, 172.16.1.0/24, ::1/128 > > dont-query= > > forward-zones=mydomain.org=127.1.2.3 > > local-address=127.0.0.1,172.16.1.200 > > local-port=53 > > log-common-errors=yes > > quiet=yes > > setgid=pdns > > setuid=pdns > > > > > > server:~# tail /var/syslog > > Dec 20 19:08:29 server pdns_recursor[18538]: PowerDNS recursor 3.2 (C) > > 2001-2010 PowerDNS.COM BV (Jul 20 2010, 13:06:28, gcc 4.4.4) starting up > > Dec 20 19:08:29 server pdns_recursor[18538]: PowerDNS comes with > > ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to > > redistribute it according to the terms of the GPL version 2. > > Dec 20 19:08:29 server pdns_recursor[18538]: Operating in 64 bits mode > > Dec 20 19:08:29 server pdns_recursor[18538]: Reading random entropy from > > '/dev/urandom' > > Dec 20 19:08:29 server pdns_recursor[18538]: Only allowing queries from: > > 127.0.0.0/8, 172.16.1.0/24, ::1/128, fe80::/10 > > Dec 20 19:08:29 server pdns_recursor[18538]: Redirecting queries for zone > > 'mydomain.org' to: 127.1.2.3:53 > > Dec 20 19:08:29 server pdns_recursor[18538]: Inserting rfc 1918 private > > space zones > > Dec 20 19:08:29 server pdns_recursor[18538]: Listening for UDP queries on > > 127.0.0.1:53 > > Dec 20 19:08:29 server pdns_recursor[18538]: Listening for UDP queries on > > 172.16.1.200:53 > > Dec 20 19:08:29 server pdns_recursor[18538]: Enabled TCP data-ready filter > > for (slight) DoS protection > > Dec 20 19:08:29 server pdns_recursor[18538]: Listening for TCP queries on > > 127.0.0.1:53 > > Dec 20 19:08:29 server pdns_recursor[18538]: Listening for TCP queries on > > 172.16.1.200:53 > > Dec 20 19:08:29 server pdns_recursor[18538]: Calling daemonize, going to > > background > > Dec 20 19:08:29 server pdns_recursor[18539]: Set effective group id to 108 > > Dec 20 19:08:29 server pdns_recursor[18539]: Set effective user id to 104 > > Dec 20 19:08:29 server pdns_recursor[18539]: Launching 2 threads > > Dec 20 19:08:29 server pdns_recursor[18539]: Done priming cache with root > > hints > > Dec 20 19:08:29 server pdns_recursor[18539]: Done priming cache with root > > hints > > Dec 20 19:08:29 server pdns_recursor[18539]: Enabled 'epoll' multiplexer > > Dec 20 19:08:54 server pdns_recursor[18539]: Failed to update . records, > > RCODE=2 > > Dec 20 19:08:54 server pdns_recursor[18539]: Failed to update . records, > > RCODE=2 > > > > I see it trying to connect to root dns (watch -n 1 "lsof -i -n -P|grep > > pdns") but it only seems to run through a list and never succeeds. > > > > server:~# nmap -p53 -sU 202.12.27.33 > > > > Starting Nmap 5.00 ( http://nmap.org ) at 2010-12-20 19:23 CET > > Interesting ports on M.ROOT-SERVERS.NET (202.12.27.33): > > PORT STATE SERVICE > > 53/udp open|filtered domain > > > > Nmap done: 1 IP address (1 host up) scanned in 0.57 seconds > > > > server:~# telnet 202.12.27.33 53 > > connects > > > > So it's not a firewall issue? I think I switched them off. > > > > If I change the root domain to an other dns forewarder pdns-recursor runs > > without errors. But it doesn't use root dns so it's not a fix. > > forward-zones=mydomain.org=127.1.2.3,.=172.16.1.1 > > To set ".=IP" works for all public dns > > > > Any help welcome :) > > > > _______________________________________________ > > Pdns-users mailing list > > Pdns-users@mailman.powerdns.com > > http://mailman.powerdns.com/mailman/listinfo/pdns-users > > > > > > > _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users