Can you tcpdump -s 1500 port 53 -w for-bert while it starts? Sent from my phone.
----- Reply message ----- From: "florian" <flor...@admin-box.com> Date: Mon, Dec 20, 2010 19:39 Subject: [Pdns-users] pdns-recursor doesnt connect to dns root servers To: <pdns-users@mailman.powerdns.com> Hi everyone! I want to update dns records from root dns servers using pdns-recursor. I already looked around, but I didn't find an solution for my problem: Failed to update . records, RCODE=2 I use a squeeze package: server:~# aptitude show pdns-recursor Package: pdns-recursor State: installed Automatically installed: no Version: 3.2-4 [..] server:~# grep -v ^# /etc/powerdns/recursor.conf | grep -v ^$ allow-from=127.0.0.0/8, 172.16.1.0/24, ::1/128 dont-query= forward-zones=mydomain.org=127.1.2.3 local-address=127.0.0.1,172.16.1.200 local-port=53 log-common-errors=yes quiet=yes setgid=pdns setuid=pdns server:~# tail /var/syslog Dec 20 19:08:29 server pdns_recursor[18538]: PowerDNS recursor 3.2 (C) 2001-2010 PowerDNS.COM BV (Jul 20 2010, 13:06:28, gcc 4.4.4) starting up Dec 20 19:08:29 server pdns_recursor[18538]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2. Dec 20 19:08:29 server pdns_recursor[18538]: Operating in 64 bits mode Dec 20 19:08:29 server pdns_recursor[18538]: Reading random entropy from '/dev/urandom' Dec 20 19:08:29 server pdns_recursor[18538]: Only allowing queries from: 127.0.0.0/8, 172.16.1.0/24, ::1/128, fe80::/10 Dec 20 19:08:29 server pdns_recursor[18538]: Redirecting queries for zone 'mydomain.org' to: 127.1.2.3:53 Dec 20 19:08:29 server pdns_recursor[18538]: Inserting rfc 1918 private space zones Dec 20 19:08:29 server pdns_recursor[18538]: Listening for UDP queries on 127.0.0.1:53 Dec 20 19:08:29 server pdns_recursor[18538]: Listening for UDP queries on 172.16.1.200:53 Dec 20 19:08:29 server pdns_recursor[18538]: Enabled TCP data-ready filter for (slight) DoS protection Dec 20 19:08:29 server pdns_recursor[18538]: Listening for TCP queries on 127.0.0.1:53 Dec 20 19:08:29 server pdns_recursor[18538]: Listening for TCP queries on 172.16.1.200:53 Dec 20 19:08:29 server pdns_recursor[18538]: Calling daemonize, going to background Dec 20 19:08:29 server pdns_recursor[18539]: Set effective group id to 108 Dec 20 19:08:29 server pdns_recursor[18539]: Set effective user id to 104 Dec 20 19:08:29 server pdns_recursor[18539]: Launching 2 threads Dec 20 19:08:29 server pdns_recursor[18539]: Done priming cache with root hints Dec 20 19:08:29 server pdns_recursor[18539]: Done priming cache with root hints Dec 20 19:08:29 server pdns_recursor[18539]: Enabled 'epoll' multiplexer Dec 20 19:08:54 server pdns_recursor[18539]: Failed to update . records, RCODE=2 Dec 20 19:08:54 server pdns_recursor[18539]: Failed to update . records, RCODE=2 I see it trying to connect to root dns (watch -n 1 "lsof -i -n -P|grep pdns") but it only seems to run through a list and never succeeds. server:~# nmap -p53 -sU 202.12.27.33 Starting Nmap 5.00 ( http://nmap.org ) at 2010-12-20 19:23 CET Interesting ports on M.ROOT-SERVERS.NET (202.12.27.33): PORT STATE SERVICE 53/udp open|filtered domain Nmap done: 1 IP address (1 host up) scanned in 0.57 seconds server:~# telnet 202.12.27.33 53 connects So it's not a firewall issue? I think I switched them off. If I change the root domain to an other dns forewarder pdns-recursor runs without errors. But it doesn't use root dns so it's not a fix. forward-zones=mydomain.org=127.1.2.3,.=172.16.1.1 To set ".=IP" works for all public dns Any help welcome :) _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users