[Pdns-users] First beta release of PowerDNS Recursor 4.6.0

Hello! We are proud to announce the first beta release of PowerDNS Recursor 4.6.0. Compared to the previous major (4.5) release of PowerDNS Recursor, this release contains several sets of changes: * A rewrite of the outgoing TCP code, adding both re-use of connections a

Re: [Pdns-users] Zone to Cache: url method support in powerdns repo package

On Wed, Nov 10, 2021 at 12:31:20AM +0100, Christoph via Pdns-users wrote: > > > Otto Moerbeek via Pdns-users: > > * A new Zone to Cache[1] function that will retrieve a zone (using > > AXFR, HTTP, HTTPS or a local file) periodically and insert the > >

Re: [Pdns-users] Zone to Cache: url method support in powerdns repo package

On Wed, Nov 10, 2021 at 07:15:11AM +0100, Otto Moerbeek via Pdns-users wrote: > On Wed, Nov 10, 2021 at 12:31:20AM +0100, Christoph via Pdns-users wrote: > > > > > > > Otto Moerbeek via Pdns-users: > > > * A new Zone to Cache[1] function

Re: [Pdns-users] Zone to Cache: url method support in powerdns repo package

On Wed, Nov 10, 2021 at 08:23:58AM +0100, Otto Moerbeek via Pdns-users wrote: > On Wed, Nov 10, 2021 at 07:15:11AM +0100, Otto Moerbeek via Pdns-users wrote: > > > On Wed, Nov 10, 2021 at 12:31:20AM +0100, Christoph via Pdns-users wrote: > > > > > > > >

Re: [Pdns-users] Zone to Cache: url method support in powerdns repo package

On Wed, Nov 10, 2021 at 11:31:53PM +0100, Christoph via Pdns-users wrote: > > > > > msg="Unable to load zone into cache, will retry" subsystem="ztc" > > > > > level=0 > > > > > ts="1636499834.251" exception="url method configured but libcurl not > > > > > compiled in" refresh="60" zone="." > > >

Re: [Pdns-users] PDNS Recursor - force IPv6

On Tue, Nov 16, 2021 at 08:22:30AM +, Marcin Gondek via Pdns-users wrote: > Hello, > > Is there possible to get similar to unbound command to force usage of IPv6 in > PDNS Recursor? > > prefer-ip6: > If enabled, prefer IPv6 transport for sending DNS queries to internet > nameservers.

Re: [Pdns-users] PDNS Recursor - force IPv6

On Tue, Nov 16, 2021 at 08:53:02AM +, Brian Candler wrote: > On 16/11/2021 08:29, Otto Moerbeek via Pdns-users wrote: > > > Is there possible to get similar to unbound command to force usage of > > > IPv6 in PDNS Recursor? > > > > > > prefer-i

Re: [Pdns-users] ODP: PDNS Recursor - force IPv6

On Tue, Nov 16, 2021 at 12:10:02PM +0100, Thomas Mieslinger via Pdns-users wrote: > For reasons, I have been unable to debug, my recursive servers > frequently only do IPv4 although IPv6 connected and authoritatives are > also IPv6 connected. > > Warming the recursors caches with dig ns-wit

[Pdns-users] Second beta release of PowerDNS Recursor 4.6.0.

Hello! We are proud to announce the second beta release of PowerDNS Recursor 4.6.0. Compared to the previous major (4.5) release of PowerDNS Recursor, this release contains several sets of changes: * The ability to flush records from the caches on a incoming noti

[Pdns-users] First release candidate of PowerDNS Recursor 4.6.0.

Hello! We are proud to announce the first release candidate of PowerDNS Recursor 4.6.0. Compared to the beta2 release, this release fixes an issue with incoming queries over TCP and with the systemd unit file for virtual hosting. Compared to the previous major (4.5) release of

[Pdns-users] PowerDNS Recursor 4.6.0 Released

Hello! We are proud to announce the release of PowerDNS Recursor 4.6.0. Compared to the previous major (4.5) release of PowerDNS Recursor, this release contains several sets of changes: * The ability to flush records from the caches on a incoming notify[1] requests. Man

Re: [Pdns-users] ZoneToCache for root zone not working

On Tue, Dec 21, 2021 at 10:28:53AM +0500, Jahanzeb Arshad via Pdns-users wrote: > Greeting, > > I am having trouble in getting zonetocache working for the root zone. I > am using PowerDNS Recursor 4.6.0. > > I have following in my /etc/powerdns/recursor.lua configuration: > > dofile("/usr/share

Re: [Pdns-users] ZoneToCache for root zone not working

On Tue, Dec 21, 2021 at 01:06:03PM +0500, Jahanzeb Arshad wrote: > Thanks for the clarity.  > > I tried to resolve some top level domains NS and still getting high > latency. > > > $ dig ae ns @localhost > > ;; omitting > > ;; ANSWER SECTION: > ae. 3600 IN NS ns2.aedns.ae. > ae. 3600 IN NS ns

Re: [Pdns-users] PowerDNS Recursor Performance and Tuning

On Sun, Jan 16, 2022 at 09:39:01AM +0330, Hamed Haghshenas via Pdns-users wrote: > Hello Dears, > > > > I install PowerDNS Recursor 4.6.0 on CentOS Linux release 7.9.2009. and > configure it as bellow for Iran IP address. I want use it in my ISP > environment for large scale and lots of DNS re

Re: [Pdns-users] PowerDNS Recursor Performance and Tuning

On Sun, Jan 16, 2022 at 09:05:55AM +0100, Otto Moerbeek via Pdns-users wrote: > On Sun, Jan 16, 2022 at 09:39:01AM +0330, Hamed Haghshenas via Pdns-users > wrote: > > > Hello Dears, > > > > > > > > I install PowerDNS Recursor 4.6.0 on CentOS Linux re

Re: [Pdns-users] PowerDNS Recursor Performance and Tuning

On Sun, Jan 16, 2022 at 01:11:55PM +0330, Hamed Haghshenas wrote: > Hello, > Thanks for your help. I changed them . > > > If you have 8G of RAM, likely the default cache sizes could be enlarged > (max-cache-entries for the record cache and max-packetcache-entries for the > packet cache) > > how

Re: [Pdns-users] PowerDNS Recursor Performance and Tuning

On Sun, Jan 16, 2022 at 10:01:42AM +, Brian Candler wrote: > On 16/01/2022 09:41, Hamed Haghshenas via Pdns-users wrote: > > > quiet=no > > I need the logs and should export domains to my analyzer platform . > > There are more scalable ways of doing this.  The "standards-compliant" way > is d

Re: [Pdns-users] zoneToCache - File Format

On Tue, Jan 18, 2022 at 09:13:54PM +, Clint Anderson via Pdns-users wrote: > Hi All, > > BackGround: > PowerDNS Recursor v4.6.0 > I have the example from the docs > (https://doc.powerdns.com/recursor/lua-config/ztc.html) working perfectly: > zoneToCache(".", "url", "https://www.internic.net/

Re: [Pdns-users] zoneToCache - File Format

On Wed, Jan 19, 2022 at 04:54:25PM +, Clint Anderson via Pdns-users wrote: > Otto & Walter - Thank you for the replies! > > Otto, > > My assumption was that the cache is the most efficient and if it was in the > cache, it would return the cached answer and never go looking for an update.

Re: [Pdns-users] PowerDNS Recursor Performance and Tuning

On Thu, Jan 20, 2022 at 09:51:51AM +0330, Hamed Haghshenas via Pdns-users wrote: > >> How can I secure my dns Recursor? I try read document about dnssec in > powerdns wiki but can't understand what should I do ? > > >> > https://doc.powerdns.com/re

Re: [Pdns-users] zoneToCache - File Format

On Wed, Jan 19, 2022 at 04:54:25PM +, Clint Anderson via Pdns-users wrote: > Otto & Walter - Thank you for the replies! > > Otto, > > My assumption was that the cache is the most efficient and if it was in the > cache, it would return the cached answer and never go looking for an update.

Re: [Pdns-users] PowerDNS Recursor Performance and Tuning

On Thu, Jan 20, 2022 at 07:41:42AM +0100, Otto Moerbeek wrote: > On Thu, Jan 20, 2022 at 09:51:51AM +0330, Hamed Haghshenas via Pdns-users > wrote: > > > >> How can I secure my dns Recursor? I try read document about dnssec in > > powerdns wiki but can't understand what should I do ? > > > > >>

Re: [Pdns-users] PowerDNS Recursor Server failed When use dnssec

On Thu, Jan 27, 2022 at 12:47:57PM +0330, Hamed Haghshenas via Pdns-users wrote: > Hello, > > > > I tried to use dnssec= validate the same as Google dns (8.8.8.8), but my DNS > server for some sites like activity.basalam.com returned an error "Server > failed "I used 8.8.8.8 and was successful

Re: [Pdns-users] Low ttl with combination of forward zones makes queries fail

On Tue, Feb 08, 2022 at 12:15:42PM +, Brian Candler via Pdns-users wrote: > On 08/02/2022 12:08, Prochazka via Pdns-users wrote: > > > > Pdns recursor config: > > > > ... > > forward-zones= > > forward-zones+=some.domain.tld=AUTH1_ipv6 > > forward-zones+=some.domain.tld=AUTH1_ipv4 > > forwar

Re: [Pdns-users] Low ttl with combination of forward zones makes queries fail

On Tue, Feb 08, 2022 at 01:24:03PM +0100, Thomas Mieslinger via Pdns-users wrote: > In my experience pdns_recursor (okay, I tested only with older versions) > will not retry fast enough to have a 100% user experience. It is worth the trouble to test this again. Modern recursors are more smart in

[Pdns-users] First Alpha Release of PowerDNS Recursor 4.7.0

Hello! We are proud to announce the first alpha release of PowerDNS Recursor 4.7.0. Compared to the previous major (4.6) release of PowerDNS Recursor, this release contains the following major changes: * ZONEMD validation of the zones retrieved by the Zone to Cache[1] fea

Re: [Pdns-users] Immediate update visibility

On Wed, Mar 09, 2022 at 07:08:51AM +, Daniel Miller via Pdns-users wrote: > I started to ask how to do something apparently non-standard - which > probably means I'm doing it wrong. > > I'm locally hosting my domain records using the authoritative server and > also using a recursor. The recur

Re: [Pdns-users] Immediate update visibility

On Wed, Mar 09, 2022 at 08:32:24AM +0100, Otto Moerbeek via Pdns-users wrote: > On Wed, Mar 09, 2022 at 07:08:51AM +, Daniel Miller via Pdns-users wrote: > > > I started to ask how to do something apparently non-standard - which > > probably means I'm doing it wron

Re: [Pdns-users] Immediate update visibility

On Wed, Mar 09, 2022 at 08:32:53AM +, Brian Candler wrote: > Thanks to Otto for explaining about the recursor notify feature in 4.6.0 - > this is very cool and I wasn't aware of it. > > I think the OP is observing two different problems, and that would solve one > of them. > Indeed, caching

Re: [Pdns-users] Adjusting slaves via API

On Tue, Mar 15, 2022 at 03:11:43PM +1300, Pieter De Wit via Pdns-users wrote: > Hi All, > > I was wondering if there is a way to list/adjust the slaves of a zone via the > API ? > > Thanks, > > Pieter yes, see https://docs.powerdns.com/authoritative/http-api/zone.html#put--servers-server_id-

Re: [Pdns-users] Adjusting slaves via API

On Tue, Mar 15, 2022 at 07:46:24PM +1300, Pieter De Wit wrote: > Hi Otto, > > I have a server that is the master for “example.com ” - > we are dynamically allocating slaves on DHCP. I would like the master to send > notify messages when the zone is changed to this list of d

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On Thu, Mar 17, 2022 at 01:04:55PM +0100, Pepe Charli via Pdns-users wrote: > Hi, > > I am experiencing some "strange" behavior with pDNS Recursor ( > pdns-recursor-4.4.7-1pdns.el7.x86_64) > > The recursor is configured to forward all zones to other DNS servers > > forward-zones-file=/path/to/f

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On Thu, Mar 17, 2022 at 12:25:38PM +, Brian Candler via Pdns-users wrote: > Hmm, see also: > > https://github.com/PowerDNS/pdns/issues/10638 > https://github.com/PowerDNS/pdns/pull/10643 > > But this was backported to the 4.4 branch, and should be present in recursor > 4.4.7: > > https://gi

Re: [Pdns-users] PDNS Recursor and forward-zones-file

On Thu, Mar 17, 2022 at 12:17:59PM +, Brian Candler via Pdns-users wrote: > On 17/03/2022 12:04, Pepe Charli via Pdns-users wrote: > > The recursor is configured to forward all zones to other DNS servers > > > > forward-zones-file=/path/to/file > > and the file itself contains > > .=192.168.6

[Pdns-users] Security Advisory 2022-01 for PowerDNS Authoritative Server 4.4.2, 4.5.3, 4.6.0 and PowerDNS Recursor 4.4.7, 4.5.7, 4.6.0

Hello, Today we have released PowerDNS Authoritative Server 4.4.3, 4.5.4 and 4.6.1, and PowerDNS Recursor 4.4.8, 4.5.8 and 4.6.1 due to a low severity issue found in both products. * In the Authoritative server this issue only applies to secondary zones for which IXFR trans

[Pdns-users] PowerDNS Recursor 4.6.2 and 4.5.9 Released

Hello! We are proud to announce the release of PowerDNS Recursor 4.6.2 and 4.5.9. Both releases are maintenance releases correcting an issue where a reload of a Lua script could cause in-flight queries to fail and an improvement in the caching of negative results. The 4.6.2 release

Re: [Pdns-users] Sinkhole with whitelisting by using RPZ

On Sat, Apr 09, 2022 at 08:42:24AM +0200, Jeff Bread via Pdns-users wrote: > Hi, > > I am new to powerdns and wanted to implement a kind of extended sinkhole by > whitelisting some domains by using a RPZ file. > > The aim is > > - to allow only certain domain(s) for a certain IP but drop all ot

Re: [Pdns-users] Sinkhole with whitelisting by using RPZ

On Sat, Apr 09, 2022 at 10:37:19AM +0200, Jeff Bread wrote: > Am Sa., 9. Apr. 2022 um 09:52 Uhr schrieb Jeff Bread : > > > > > > > > > Am Sa., 9. Apr. 2022 um 09:24 Uhr schrieb Jeff Bread : > > > >> > >> > >> Am Sa., 9. Apr. 2022 um 09:05 Uhr schrieb Otto Moerbeek : > >> > >>> On Sat, Apr 09, 202

Re: [Pdns-users] Sinkhole with whitelisting by using RPZ

On Sat, Apr 09, 2022 at 05:11:46PM +0200, Jeff Bread wrote: > Am Sa., 9. Apr. 2022 um 10:57 Uhr schrieb Otto Moerbeek : > > > On Sat, Apr 09, 2022 at 10:37:19AM +0200, Jeff Bread wrote: > > > > > Am Sa., 9. Apr. 2022 um 09:52 Uhr schrieb Jeff Bread > >: > > > > > > > > > > > > > > > > > > > Am S

Re: [Pdns-users] Sinkhole with whitelisting by using RPZ

On Sat, Apr 09, 2022 at 06:16:47PM +0200, Otto Moerbeek via Pdns-users wrote: > On Sat, Apr 09, 2022 at 05:11:46PM +0200, Jeff Bread wrote: > > > Am Sa., 9. Apr. 2022 um 10:57 Uhr schrieb Otto Moerbeek : > > > > > On Sat, Apr 09, 2022 at 10:37:19AM +0200, Jeff Bread

Re: [Pdns-users] PDNS Slave - While checking domain freshness

On Wed, Apr 13, 2022 at 09:43:49AM +, Ronny Wagner via Pdns-users wrote: > Debian: Buster > Version: PowerDNS Authoritative Server 4.5.4 (C) 2001-2022 PowerDNS.COM BV > > Config: > autosecondary=yes > daemon=yes > guardian=yes > include-dir=/etc/powerdns/pdns.d > launch= > local-address=, ,

[Pdns-users] First Beta Release of PowerDNS Recursor 4.7.0

Hello! We are proud to announce the first beta release of PowerDNS Recursor 4.7.0. Compared to the previous major (4.6) release of PowerDNS Recursor, this release contains the following major changes: * A configurable way of adding Additional[1] records to answers sent to

Re: [Pdns-users] empty allow-from causes signal 11 in 4.6.0, works in 4.5.9 and earlier

On Thu, Apr 21, 2022 at 10:34:04PM +0200, Roger Hammerstein via Pdns-users wrote: This has been fixed in master, should be backported so next release of 4.6.x (4.6.3) has the fix. -Otto > an empty allow-from in the powerdns recursor conf seems to > cause a signal 11 and > corefile in 4

[Pdns-users] First Release Candidate of PowerDNS Recursor 4.7.0

Hello! We are proud to announce the first release candidate of PowerDNS Recursor 4.7.0. Testing of this release candidate is much appreciated! The most important change compared to the 4.7.0-beta1 release is a fix for the experimental DoT to authoritative server probing code. Comp

Re: [Pdns-users] Configuring PowerDNS Recursor 4.4 to use the hosting provider nameservers

On Mon, May 09, 2022 at 09:16:09AM +0200, Jaume Sabater via Pdns-users wrote: > Hello everyone! > > I have a Proxmox cluster on Hetzner with three nodes in which I have just > configured two LinuX Container with PowerDNS Authoritative Server in > primary/secondary configuration, using autoprimary

[Pdns-users] PowerDNS Recursor 4.7.0 Released

Hello! We are proud to announce the release of PowerDNS Recursor 4.7.0. Compared to the previous major (4.6) release of PowerDNS Recursor, this release contains the following major changes: * A configurable way of adding [1]Additional records to answers sent to the client, s

Re: [Pdns-users] pdns-recursur 4.4: host unknown after some time with no clear reason

Hello, The 4.4 branch went EOL this week. In general it is not wise to create an environment that is "impossble" to update. Without actual config data, setup details, logs or dumps from the internal tables this is impossble to diagnose. Please check https://blog.powerdns.com/2016/01/18/open-sou

[Pdns-users] Blog post about Probing DoT Support of Authoritative Servers

Hello, I just published a blog post about the outgoing DoT probing support in the just released PowerDNS Recursor 4.7.0. https://blog.powerdns.com/2022/06/13/probing-dot-support-of-authoritative-servers-just-try-it/ I hope you enjoy reading it! -Otto -- kind regards, Otto Moerbeek PowerDNS

Re: [Pdns-users] PowerDNS Authoritative 4.6.2, how to log served responses (i.e. NOERROR, NXDOMAIN, SERVFAIL, etc)?

Hello, Network sniffing based logging is one option. Additionally, PowerDNS Recursor itzelf can log client queries and/or repsonses using protobufs. It also can log outgoing queries and/or their responses in dnstap format. Both methods can handle large query loads. See https://docs.powerdns.com

Re: [Pdns-users] LUA createReverse to simulate $GENERATE for a range of addresses

On Wed, Jun 22, 2022 at 01:19:33PM -0400, Erik Sejr via Pdns-users wrote: > Hi There, > I have been exploring a migration from BIND 9 to PowerDNS with plans to use > the pgsql backend. I have been reading over the docs and thinking > specifically about how I would be able to migrate our extensive

[Pdns-users] PowerDNS Recursor 4.7.1 Released

Hello! We are proud to announce the release of PowerDNS Recursor 4.7.1. This release is a maintenance releases correcting an issue where asynchronous tasks would not be executed promptly. It also allows the generic record format in zone files loaded using the ZoneToCache functio

Re: [Pdns-users] Slow downloads google drive

As there are authoritative servers that are not happy with receiving requests with EDNS subnet info, you can expect issues if you enable is for all. I'd rather restrict it to the nets used by google drive and maybe a few content delivery domains. Note that edns-subnet-allow-list also accepts name

Re: [Pdns-users] Question about appropriate way to upgrade pdns using repos

On Wed, Aug 03, 2022 at 07:13:39PM +, Drew Weaver via Pdns-users wrote: > Hello, > > I am attempting to upgrade pdns from 4.2.3 to a supported version on RHEL 7. > > I added the 4.3 repo and when I try to update it, I get this: > > Error: Package: pdns-backend-mydns-4.2.3-1pdns.el7.x86_64 (

Re: [Pdns-users] PowerDNS Recursor RPZ issues

On Wed, Aug 03, 2022 at 06:11:46PM -0400, Kevin P. Fleming via Pdns-users wrote: > On Wed, Aug 3, 2022 at 5:20 PM Luke Miller via Pdns-users < > pdns-users@mailman.powerdns.com> wrote: > > > Does PowerDNS Recursor accept notifies? If not, how do I get the zone to > > update when I make change? >

[Pdns-users] Security Advisory 2022-02 for PowerDNS Recursor up to and including 4.5.9, 4.6.2, 4.7.1

Hello, Today we have released PowerDNS Recursor 4.5.10, 4.6.3 and 4.7.2 due to a medium severity issue found. The security advisory only applies to Recursors running with protobuf logging enabled. Please find the full text of the advisory below. The changelogs are available at

Re: [Pdns-users] Recursive Forwarders

On Wed, Aug 24, 2022 at 02:09:11PM -0400, Holmes, Timothy via Pdns-users wrote: > Hi Team, > > I have what I hope is a simple question I'm unable to find a better answer > for. I would like to add some external forwarders to our recursor > instances. These are live running prod instances. I verif

Re: [Pdns-users] Recursive Forwarders

On Wed, Aug 24, 2022 at 09:05:46PM +0200, Otto Moerbeek via Pdns-users wrote: > On Wed, Aug 24, 2022 at 02:09:11PM -0400, Holmes, Timothy via Pdns-users > wrote: > > > Hi Team, > > > > I have what I hope is a simple question I'm unable to find a better answer &

Re: [Pdns-users] Recursive Forwarders

ems odd, but I am new to PDNS.. Please show the startup log. -Otto > > Best, Tim > > > > On Wed, Aug 24, 2022 at 3:13 PM Otto Moerbeek wrote: > > > On Wed, Aug 24, 2022 at 09:05:46PM +0200, Otto Moerbeek via Pdns-users > > wrote: > > > > &g

Re: [Pdns-users] Recursive Forwarders

ookups. Not a single instance for the specified forwarder(s). > > > > > > I did confirm that dig's etc to 9.9.9.9 etc in CLI do allow just fine, so > > > there is no local firewall blockage. > > > > > > Any other thoughts? Seems odd, but I am new to PDNS..

Re: [Pdns-users] Recursive Forwarders

On Wed, Aug 24, 2022 at 03:41:34PM -0400, Holmes, Timothy wrote: > Config is very default.. [snip] This file is mangled with the extra line wrappings. Also I do not see any forward-zones-recurse settings there. Please provide complete, actual amd unmangled information. -Otto __

Re: [Pdns-users] Recursive Forwarders

On Wed, Aug 24, 2022 at 09:51:49PM +0200, Leendert Meyer via Pdns-users wrote: > Hello Timothy, > > On Wednesday, 24 August 2022 20:09:11 CEST Holmes, Timothy via Pdns-users > wrote: > > > > > forward-zones-recurse=.=9.9.9.9;149.112.112.112;1.1.1.2;1.0.0.2 > > and also tried forward-zones-rec

Re: [Pdns-users] Recursive Forwarders

recursor[491939]: stats: 145 packet cache > entries, 7% packet cache hits > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: thread 0 has been > distributed 109 queries > Aug 24 16:12:17 cache1 pdns_recursor[491939]: stats: thread 1 has been > distributed 87 queries > > On

[Pdns-users] Sharing data between threads in PowerDNS Recursor

Hello, I just posted a new blog post: https://blog.powerdns.com/2022/08/29/sharing-data-between-threads-in-powerdns-recursor/ It describes some of the work we've done over the last few releases with respect to sharing of data between threads in PowerDNS Recursor. -Otto -- kind regards, Otto

Re: [Pdns-users] Is there any way to write an LUA record that will apply over multiple query names?

On Tue, Sep 06, 2022 at 01:18:06AM -0400, Mohammad Ishtiaq Ashiq Khan via Pdns-users wrote: > Hello, > I am currently using PowerDNS as an authoritative server for my domain and > was experimenting with dynamic DNS via LUA records. From the documentation, > it seems like the LUA record is limited

Re: [Pdns-users] [dnsdist] Dnsdist not reading from the cache

Please read https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/ -Otto On Fri, Sep 09, 2022 at 04:22:26PM +, SAMI RAHAL via Pdns-users wrote: > hi abang > > > yes i just changed the values in the email > for privacy reasons but it's the same value in the confi

Re: [Pdns-users] PDNS recursor cache sync

Hello, cachs syncing is not something we have and even with it (or using a single resolver) there is an issue that records can change: the scenario: - a client asks the record, record gets cached - client A asks and gets cached value, - publisher of records changes the re

Re: [Pdns-users] PDNS recursor cache sync

Cache maintenace is alreayd quite a complex part of any recursor. IMO adding cache syncing would introduce way too much complexity te be worth the trouble to solve what in essense is a questionable firewall rule design. Maybe dnsdist with a packet cache in front of two recursors might be worth

Re: [Pdns-users] Will DoT disappear in favor of DoQ for recursor to auth?

No plans. Currently, Recursor does not support outgoing DoQ. If/when we start supporting outgoing DoQ it would not *imply* dropping outgoing DoT. BTW, lookingt at https://talk.desec.io/t/dot-support-status/502: when I grep for desec I see this: 45.54.76.1 desec.io. 6 Good202

[Pdns-users] PowerDNS Recursor 4.5.11, 4.6.4 and 4.7.3 Released

Hello, Today we have released a maintenance release of PowerDNS Recursor 4.5.11, 4.6.4 and 4.7.3, containing fixes for a few minor issues and performance enhancements in the case Recursor is confronted with connectivity issues to authoritative servers. The changelogs are availab

Re: [Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

When trying to check this domain I get an occasinal error: $ dig @1.1.1.1 riecis.nl ; <<>> dig 9.10.8-P1 <<>> @1.1.1.1 riecis.nl ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30228 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTH

Re: [Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

On Thu, Sep 22, 2022 at 09:41:57AM +0200, abang--- via Pdns-users wrote: > The "NSEC3 proving non-existence" of this zone is broken. See > https://dnsviz.net/d/riecis.nl/dnssec/?rr=all&a=all&ds=all&doe=on&ta=.&tk= > > You can workaround this issue by setting a NTA for it on your Recursors. It >

Re: [Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record

On Thu, Sep 22, 2022 at 11:40:35AM +0200, Leeflangetje via Pdns-users wrote: > Thank you for digging into the issue with that domain :) > > The reason we never encountered this before the upgrade to 4.6 must be > the change in default behaviour regarding dnssec , which went from > "process-no-val

[Pdns-users] First Alpha Release of PowerDNS Recursor 4.8.0

Hello! We are proud to announce the first alpha release of PowerDNS Recursor 4.8.0. Compared to the previous major (4.7) release of PowerDNS Recursor, this release contains the following major changes: * [1]Structured Logging has been implemented for almost all subsystems.

Re: [Pdns-users] structured logging [was: First Alpha Release of PowerDNS Recursor 4.8.0]

On Fri, Sep 23, 2022 at 12:48:06PM +0200, Jan-Piet Mens via Pdns-users wrote: > > * [1]Structured Logging has been implemented for almost all > > subsystems. This allows for improved (automated) analysis of > > logging information. > > Is there any further documentation about this

Re: [Pdns-users] Protobuf - Telegraf

On Sat, Oct 01, 2022 at 12:56:45AM +0100, Djerk Geurts via Pdns-users wrote: > Hi, > > Has anyone managed to get Protobuf output logged through Telegraf? Telegraf > is supposed to support Protobuf input but I’m getting the following error: > > … E! [inputs.socket_listener] Unable to parse incom

[Pdns-users] First Beta Release of PowerDNS Recursor 4.8.0

Hello, We are proud to announce the first beta release of PowerDNS Recursor 4.8.0. Compared to the previous major (4.7) release of PowerDNS Recursor, this release contains the following major changes: * [1]Structured Logging has been implemented for almost all subsystems. This

Re: [Pdns-users] PowerDNS Authoritative Server 4.7.0

This is known, a 4.7.1 will be released very soon with this fixed. -Otto On Fri, Oct 28, 2022 at 07:12:03AM +, Henri Nougayrede via Pdns-users wrote: > Hi > > Same for ubuntu 4.7 .deb package. > I ran the SQL script > here

Re: [Pdns-users] Warning in syslog after upgrade to PowerDNS Authoritative Server 4.7

Hello, 4.7.0 introduced (optional) GSS-TSIG support. Even with that support not compiled in will report about GSS-TSIG requests it could not handle. That might generate too much log spam, will discuss if this message should stay, maybe the level should be Debug. There is also a typo there: an extr

Re: [Pdns-users] Repeating log file entry for root server

Hello, a.root-servers.net is the default name used by the dnsdist health checks. So no worries. With respect to pdns_recursor: logging all queries (with quiet=no) hurts performance. In general, you do not want to enable it on a production machine. -Otto On Fri, Oct 28, 2022 at 08:55:0

Re: [Pdns-users] Help with "simple" config please

Hello, Please read the [1]link below and post unedited config files. It also helps to explictly state the problem you are trying to solve, what commands you used to investigate, what you expected to see and what you actually saw. -Otto [1] https://blog.powerdns.com/2016/01/18/open-source

Re: [Pdns-users] pdns-recursor query logging of cached requests

On Thu, Nov 03, 2022 at 02:08:53PM +0100, Marco Kleefman via Pdns-users wrote: > Hi, > > For compliancy reasons we are configuring query logging on our PowerDNS > recursor instances (running 4.7.3). > > For normal queries I see source-ip and content of DNS question. Example > logging: > > pdns_

[Pdns-users] Second Beta Release of PowerDNS Recursor 4.8.0

Hello, We are proud to announce the second beta release of PowerDNS Recursor 4.8.0. Compared to the previous major (4.7) release of PowerDNS Recursor, this release contains the following major changes: * [1]Structured Logging has been implemented for almost all subsystems

Re: [Pdns-users] pdns-recursor ecs support config designs

On Tue, Nov 08, 2022 at 08:35:33AM +0200, Robby Pedrica via Pdns-users wrote: > Hi all, > > I've searched pdns docs as well as threads here but can find nothing about > how to deploy ecs or more specifically, under which circumstance ecs can be > used. > > From what I understand of ecs, the recu

Re: [Pdns-users] pdns-recursor ecs support config designs

On Tue, Nov 08, 2022 at 09:44:22AM +, Brian Candler via Pdns-users wrote: > On 08/11/2022 09:20, Robby Pedrica via Pdns-users wrote: > > > The CDN services work correctly when a branch uses the ISP-assigned DNS > > for that specific branch/link. But as mentioned, it's difficult to > > manage

Re: [Pdns-users] Recursor: NS selection logic, multiple IPs in forward-zones statement

On Wed, Nov 09, 2022 at 09:00:12PM +0300, Andrey Vishnyakov via Pdns-users wrote: > Hi! > > What is the logic of pdns recursor choosing NS server when multiple items > are available like multiple IP addresses in a forward-zones statement? > > Looking through the source code I see that NS server

Re: [Pdns-users] DNS-over-TLS option

On Mon, Nov 14, 2022 at 11:26:41AM +1300, Michael Hallager via Pdns-users wrote: > > Hi all, > > I am seeing the following option during compilation of PowerDNS Recursor, > however, can't find any documentation on its configuration. > > configure: Features enabled > configure:

Re: [Pdns-users] DNS-over-TLS option

On Tue, Nov 15, 2022 at 11:36:44AM +1300, Michael Hallager wrote: > On 2022-11-14 19:29, Otto Moerbeek wrote: > > > The upgrade guide has pointers, but in this case there's also a blog > > post: > > > > https://blog.powerdns.com/2022/06/13/probing-dot-support-of-authoritative-servers-just-try-it

Re: [Pdns-users] Configure Powerdns and check if the domain which is not present in Powerdns is tranferring the traffic to 8.8.8.8 .

You start complaining within the hour. That is not thay way to get a response. I just lost all the motivation to help you. -Otto On Thu, Nov 17, 2022 at 12:17:01PM +0530, Raghvendra Choudhary via Pdns-users wrote: > any update on this? > > *Raghvendra Choudhary* > DevOps Engineer | www.di

[Pdns-users] First Release Candidate of PowerDNS Recursor 4.8.0

Hello! We are proud to announce the first release candidate of PowerDNS Recursor 4.8.0. We invite all users to test this release candidate, so that we can release the final PowerDNS Recursor 4.8.0 soon. Compared to the previous major (4.7) release of PowerDNS Recursor, this release

[Pdns-users] PowerDNS Recursor 4.5.12, 4.6.5 and 4.7.4 Released

Hello, Today we have released a maintenance release of PowerDNS Recursor 4.5.12, 4.6.5 and 4.7.4, containing fixes for a few minor issues. In particular, RPZ IXFRs now time out if the server becomes unresponsive. For more details on the other fixes, consult the changelogs availab

Re: [Pdns-users] Recursor Cache entries per record

Hello What Winfried says is true, with the note that a few more bits of the query are included in the hash, while some other pats are skipped; e.g. the recursor skips the EDSN ECS and Cookie bits when computing the hash. Also note that while the packet cache is per thread, the other cache (record

Re: [Pdns-users] why different parameters syntax on forward-zones and forward-zones-file

On Tue, Nov 29, 2022 at 09:55:54AM -0500, Kevin P. Fleming via Pdns-users wrote: > On Tue, Nov 29, 2022, at 08:45, Victor Hugo dos Santos via Pdns-users wrote: > > hello there, > > > > today we have to migrate an old configuration (what was using the > > forward-zones-file) to a new server using t

[Pdns-users] PowerDNS Recursor 4.8.0 Released

Hello! We are proud to announce the release of PowerDNS Recursor 4.8.0. Compared to the previous major (4.7) release of PowerDNS Recursor, this release contains the following major changes: * [1]Structured Logging has been implemented for almost all subsystems. This allow

Re: [Pdns-users] Reloading metadata with bind-backend & sqlite

Hello, You did not explain what you seeing and what you expect. The warning concerns performance. But your questions suggests you are seeing wrong data. Please be explicit. -Otto On Mon, Dec 19, 2022 at 11:02:34AM +0100, Thib D via Pdns-users wrote: > Hi Chris, > > I missed this war

[Pdns-users] Security Advisory 2023-01 for PowerDNS Recursor 4.8.0

Hello, Today we have released PowerDNS Recursor 4.8.1 due to a high severity issue found. Please find the full text of the advisory below. The [1]changelog is available. The [2]tarball ([3]signature) is available from our download [4]server. Patches are available at [5]patc

Re: [Pdns-users] Proxy mapped address used for allow-from

Please show your full configuration, including versions etc. Also, it is not clear which product you are using. The recursor docs say: "Note that once a Proxy Protocol header has been received, the source address from the proxy header instead of the address of the proxy will be checked against th

Re: [Pdns-users] pdns_recursor issue

Hi, Please show your configuration. I do not think your analysis is to the point. If I repeat a scenario, I see a correct retrieval of the A record. So we have to find out what is different in your case. -Otto On Thu, Jan 26, 2023 at 01:30:54PM +0100, Arien Vijn via Pdns-users wrote:

Re: [Pdns-users] Proxy mapped address used for allow-from

On Thu, Jan 26, 2023 at 03:07:17PM +0200, Robby Pedrica via Pdns-users wrote: > Thanks Otto, > > I agree with the docs, but then the actual operation/result is not > consistent unless I'm misunderstanding the operation or purpose of > proxy-protocol-from. > > *Product:* > > pdns-recursor > >

Re: [Pdns-users] pdns_recursor issue

On Thu, Jan 26, 2023 at 05:37:12PM +0100, Arien Vijn via Pdns-users wrote: > Hi Peter, > > > On 26 Jan 2023, at 17:28, Peter van Dijk via Pdns-users > > wrote: > > [...] > > > After some brief investigation we somewhat suspect this is aggressive > > NSEC caching. Can you see if aggressive-nse

Re: [Pdns-users] pdns_recursor issue

On Thu, Jan 26, 2023 at 10:57:21PM +0100, Arien Vijn wrote: > > > On 26 Jan 2023, at 19:00, Otto Moerbeek wrote: > > [...] > > > I expect the aggressive cache workaround to function. > > It seems so indeed. > > > What is happening is that a query of a non-existent type (e.g. ) > > for xd

<    1   2   3   >