Yup. I just figured it out too :) I was using this forward-zones when I should be using forward-zones-recurse
Somehow, some queries did work, which confused me more.. Thanks a lot. On Fri, Sep 28, 2018 at 9:35 PM David <open...@shaw.ca> wrote: > On 2018-09-28 4:40 PM, Mohamed Lrhazi wrote: > > I trying a new deployment, with PowerDNS Recursor 4.1.4 > > And I seem to be getting failures systematically for some records, such > > as this example : > > > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: initial validation status > > for mit.edu <http://mit.edu> is Indeterminate > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Cache consultations done, > > have 1 NS to contact > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Domain has hardcoded > > nameservers > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Resolved '.' NS (empty) > > to: 1.1.1.1, 1.0.0.1, 8.8.8.8, 8.8.4.4 > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Trying IP 1.1.1.1:53 > > <http://1.1.1.1:53>, asking 'mit.edu <http://mit.edu>|TXT' > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: (empty) (1.1.1.1) > returned > > a ServFail, trying sibling IP or NS > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Trying IP 1.0.0.1:53 > > <http://1.0.0.1:53>, asking 'mit.edu <http://mit.edu>|TXT' > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: (empty) (1.0.0.1) > returned > > a ServFail, trying sibling IP or NS > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Trying IP 8.8.8.8:53 > > <http://8.8.8.8:53>, asking 'mit.edu <http://mit.edu>|TXT' > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: (empty) (8.8.8.8) > returned > > a ServFail, trying sibling IP or NS > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Trying IP 8.8.4.4:53 > > <http://8.8.4.4:53>, asking 'mit.edu <http://mit.edu>|TXT' > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: (empty) (8.8.4.4) > returned > > a ServFail, trying sibling IP or NS > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: Failed to resolve via any > > of the 1 offered NS at level '.' > > Sep 28 20:21:35 [8] mit.edu <http://mit.edu>: failed (res=-1) > > Sep 28 20:21:35 2 [8/1] answer to question 'mit.edu > > <http://mit.edu>|TXT': 0 answers, 1 additional, took 4 packets, 12.764 > > netw ms, 13.769 tot ms, 0 throttled, 0 timeouts, 0 tcp connections, > rcode=2 > > > > > > > > Trying another record, say, mx mit.edu <http://mit.edu> or txt > > harvard.edu <http://harvard.edu> or yahoo.com <http://yahoo.com> works. > > > > What could be causing such issue? > > Did you do forward-zones-recurse or add a + to your definitions? It > looks like you are sending rd=0 queries (eg none of the options above) > and that's why these might be returning servfail to you. > > dig does rd=1 by default, which is why it works. > > Also set root-nx-trust=no to prevent issues. > > > > > Thanks a lot, > > Mohamed. > > > > > > _______________________________________________ > > Pdns-users mailing list > > Pdns-users@mailman.powerdns.com > > https://mailman.powerdns.com/mailman/listinfo/pdns-users > > > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users >
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users