Re: [Pdns-users] recursor getting ServFail from public DNS servers?

[David]

On 2018-09-28 4:40 PM, Mohamed Lrhazi wrote:
I trying a new deployment, with PowerDNS Recursor 4.1.4
And I seem to be getting failures systematically for some records, such 
as this example :

Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: initial validation status 
for mit.edu <http://mit.edu> is Indeterminate
Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Cache consultations done, 
have 1 NS to contact
Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Domain has hardcoded 
nameservers
Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Resolved '.' NS (empty) 
to: 1.1.1.1, 1.0.0.1, 8.8.8.8, 8.8.4.4
Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Trying IP 1.1.1.1:53 
<http://1.1.1.1:53>, asking 'mit.edu <http://mit.edu>|TXT'
Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: (empty) (1.1.1.1) returned 
a ServFail, trying sibling IP or NS
Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Trying IP 1.0.0.1:53 
<http://1.0.0.1:53>, asking 'mit.edu <http://mit.edu>|TXT'
Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: (empty) (1.0.0.1) returned 
a ServFail, trying sibling IP or NS
Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Trying IP 8.8.8.8:53 
<http://8.8.8.8:53>, asking 'mit.edu <http://mit.edu>|TXT'
Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: (empty) (8.8.8.8) returned 
a ServFail, trying sibling IP or NS
Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Trying IP 8.8.4.4:53 
<http://8.8.4.4:53>, asking 'mit.edu <http://mit.edu>|TXT'
Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: (empty) (8.8.4.4) returned 
a ServFail, trying sibling IP or NS
Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Failed to resolve via any 
of the 1 offered NS at level '.'
Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: failed (res=-1)
Sep 28 20:21:35 2 [8/1] answer to question 'mit.edu 
<http://mit.edu>|TXT': 0 answers, 1 additional, took 4 packets, 12.764 
netw ms, 13.769 tot ms, 0 throttled, 0 timeouts, 0 tcp connections, rcode=2



Trying another record, say, mx mit.edu <http://mit.edu> or txt 
harvard.edu <http://harvard.edu> or yahoo.com <http://yahoo.com> works.

What could be causing such issue?

Did you do forward-zones-recurse or add a + to your definitions? It 
looks like you are sending rd=0 queries (eg none of the options above) 
and that's why these might be returning servfail to you.

dig does rd=1 by default, which is why it works.

Also set root-nx-trust=no to prevent issues.


Thanks a lot,
Mohamed.


_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users


_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users