On Tue, Sep 21, 2021 at 06:20:16PM +0200, Peter van Dijk via Pdns-users wrote:
> Hello Thomas, > > On Tue, 2021-09-21 at 13:53 +0200, Thomas Mieslinger via Pdns-users > wrote: > > dog. 80 IN NSEC domains. NS DS RRSIG NSEC > > This looks like aggressive NSEC reuse ( > https://datatracker.ietf.org/doc/html/rfc8198) and/or NXDOMAIN: There > Really Is Nothing Underneath ( > https://datatracker.ietf.org/doc/html/rfc8020). > > Can you try aggressive-nsec-cache-size=0 (on 4.5.1) and/or > nothing-below-nxdomain=no (4.3.5 and 4.5.1) please? > > Kind regards, > -- > Peter van Dijk > PowerDNS.COM BV - https://www.powerdns.com/ It also is possible that the IPs being forwarded to are throttled. This can happen on (intermittent) network issues by the recursor, or by the servers serving those IPs. The first case can be solved adding the IPs to the dont-throttle-netmasks list: https://docs.powerdns.com/recursor/settings.html#dont-throttle-netmasks Potential throttling by the servers being forwarded to should be investigated on those servers. -Otto _______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
