[arch-general] Problem with powerdns-recursor-4.0.3-1 package [SOLVED]

Roel de Wildt 1976roel at gmail.com
Sun Oct 23 21:55:21 UTC 2016 

Op 23-10-2016 om 20:13 schreef Nataraj via arch-general:
> On 10/23/2016 06:10 AM, Roel de Wildt via arch-general wrote:
>> Hello,
>>
>> After a upgrade from powerdns-recursor-3.7.3-3 to
>> powerdns-recursor-4.0.3-1 it does not return any dns queries anymore.
>>
>> In the daemon.log is logged:
>>
>> Oct 23 10:50:18 gateway001 pdns_recursor[3008]: Oct 23 10:50:18
>> Sending SERVFAIL to 10.3.3.134 during resolve of 'google.nl' because:
>> more than 50 (max-qperq) queries sent while resolving ns1.google.com
>> Oct 23 10:50:19 gateway001 pdns_recursor[3008]: Oct 23 10:50:19
>> Sending SERVFAIL to 10.3.3.134 during resolve of 'google.nl' because:
>> more than 50 (max-qperq) queries sent while resolving ns2.google.com
>>
>> After a downgrade of powerdns-recursor-4.0.3-1 to 3.7.3-3 it is
>> working again, without making changes to /etc/powerdns/recursor.conf.
>>
>> The customized configuration options in /etc/powerdns/recursor.conf:
>>
>> [root at gateway001 powerdns]# grep -v -e "#.*" recursor.conf | grep -e
>> "..*"
>> allow-from=127.0.0.0/8, 10.0.0.0/8, ::1/64, 2001:470:1f15:a09::/64,
>> 2001:470:7b9a::/48
>> auth-zones=.=/etc/powerdns/root.zone
>> forward-zones=domain.lan=10.3.0.1,home.lan=10.3.0.21
>> hint-file=/etc/powerdns/named.root
>> local-address=127.0.0.1,10.3.0.253:53,[::1],[2001:470:7b9a:0a03::fd]:53
>> local-port=5353
>> log-common-errors=yes
>> loglevel=9
>> pdns-distributes-queries=yes
>> query-local-address6=::
> Looks like your not getting out to the root name servers and/or their
> delegations.  I find it odd that you are claiming both authority for the
> root zone and providing a hint file as well.  I wonder if it's
> reasonable to claim authority for the root zone, since they may change
> it dynamically if there are problems with one of the name servers.  I
> think I would stay with just the hint file, though.  Are you doing this
> for security reasons?  You could increase the log level and I believe
> you will see the lookup chain and where it is failing.  You could also
> watch with tcpdump.
>
> Nataraj
>
>> Do I need something to change to make it working against 4.0.x?
>>
>> I've searched at powerdns.com to options that have changed in the
>> configuration but nothing helped.
>>
>> Kind regards,
>> Roel de Wildt
>
>

I have removed as suggested the auth-zones and hint-file declarations 
and now the 4.0.3-1 is working. The tcpdump did show me that it could 
not retrieve dns information from the root servers.

I don't know why I added this in the past but they aren't needed anymore 
for my configuration.

Thanks

Roel de Wildt

More information about the arch-general mailing list