I used these instructions and it was up and running within minutes. https://doc.powerdns.com/recursor/PowerDNS-Recursor.pdf
Make sure you have your allow list and your listening on IP 127.0.0.1 and the IP address of your Ethernet card On Oct 20, 2021, at 5:42 PM, Alessandro Dentella via Pdns-users <pdns-users@mailman.powerdns.com> wrote: Hi, I setup a PowerDNS Recursor that I would like to use as forwarder for a tiny kubernetes cluster made with microk8s (that uses coredns). I experiment failures of all queries to an internal domain (that has an authorative PowerDNS isntance and is declared via forward-zones=thux.lan=...) if made within a pod (and forwarded by coredns) I cannot understand if there's something wrong in how I setup the domain, the recursor or coredns. If I operate from the node (as opposed to within the container), I notice that `host` always work while dig does not: adk-c1:/home/src/setup-cluster/12-dns # dig dns1b.thux.lan @10.2.201.135 ; <<>> DiG 9.16.1-Ubuntu <<>> dns1b.thux.lan @10.2.201.135 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3509 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;dns1b.thux.lan. IN A ;; Query time: 4 msec ;; SERVER: 10.2.201.135#53(10.2.201.135) ;; WHEN: Wed Oct 20 21:26:59 UTC 2021 ;; MSG SIZE rcvd: 43 adk-c1:/home/src/setup-cluster/12-dns # host dns1b.thux.lan 10.2.201.135 Using domain server: Name: 10.2.201.135 Address: 10.2.201.135#53 Aliases: dns1b.thux.lan has address 10.2.201.135 I tried setting: edns-subnet-allow-list=thux.lan but the problem persists. Can I configure PowerDNS recursor so that it answers correctly to coredns and dig? If I go directly to the Authoritative, it always answers correctly. Below the tcpdum -vv of the 3 situations: a) failing 'dig' b) working 'host' c) failing nslookup via coredns TIA sandro *:-) failing dig =========== 3:36:57.685822 IP (tos 0x0, ttl 62, id 7456, offset 0, flags [none], proto UDP (17), length 83) 10.1.201.111.50970 > 10.2.201.135.53: [udp sum ok] 5350+ [1au] A? dns1b.thux.lan. ar: . OPT UDPsize=4096 [COOKIE 5793a6f5b3b006fd] (55) 23:36:57.686197 IP (tos 0x0, ttl 63, id 45508, offset 0, flags [none], proto UDP (17), length 71) 10.2.201.135.53 > 10.1.201.111.50970: [bad udp cksum 0xa73e -> 0x6d47!] 5350 ServFail q: A? dns1b.thux.lan. 0/0/1 ar: . OPT UDPsize=512 (43) working 'host' ============== tcpdump: listening on ens19, link-type EN10MB (Ethernet), snapshot length 262144 bytes 23:36:44.554022 IP (tos 0x0, ttl 62, id 4657, offset 0, flags [none], proto UDP (17), length 60) 10.1.201.111.57686 > 10.2.201.135.53: [udp sum ok] 52844+ A? dns1b.thux.lan. (32) 23:36:44.554368 IP (tos 0x0, ttl 63, id 43433, offset 0, flags [none], proto UDP (17), length 76) 10.2.201.135.53 > 10.1.201.111.57686: [bad udp cksum 0xa743 -> 0x2d04!] 52844 q: A? dns1b.thux.lan. 1/0/0 dns1b.thux.lan. A 10.2.201.135 (48) 23:36:44.555049 IP (tos 0x0, ttl 62, id 4658, offset 0, flags [none], proto UDP (17), length 60) 10.1.201.111.49752 > 10.2.201.135.53: [udp sum ok] 21562+ AAAA? dns1b.thux.lan. (32) 23:36:44.555328 IP (tos 0x0, ttl 63, id 43434, offset 0, flags [none], proto UDP (17), length 141) 10.2.201.135.53 > 10.1.201.111.49752: [bad udp cksum 0xa784 -> 0x38d6!] 21562 q: AAAA? dns1b.thux.lan. 0/1/0 ns: thux.lan. SOA a.misconfigured.dns.server.invalid. hostmaster.thux.lan. 2021092801 10800 3600 604800 3600 (113) 23:36:44.555887 IP (tos 0x0, ttl 62, id 4659, offset 0, flags [none], proto UDP (17), length 60) 10.1.201.111.52413 > 10.2.201.135.53: [udp sum ok] 54816+ MX? dns1b.thux.lan. (32) 23:36:44.556049 IP (tos 0x0, ttl 63, id 43435, offset 0, flags [none], proto UDP (17), length 141) 10.2.201.135.53 > 10.1.201.111.52413: [bad udp cksum 0xa784 -> 0xa739!] 54816 q: MX? dns1b.thux.lan. 0/1/0 ns: thux.lan. SOA a.misconfigured.dns.server.invalid. hostmaster.thux.lan. 2021092801 10800 3600 604800 3600 (113) failing nslookup via coredns ============================ 23:38:24.832545 IP (tos 0x0, ttl 61, id 38473, offset 0, flags [DF], proto UDP (17), length 60) 10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 10465+ A? dns1b.thux.lan. (32) 23:38:24.832545 IP (tos 0x0, ttl 61, id 38474, offset 0, flags [DF], proto UDP (17), length 60) 10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 12060+ AAAA? dns1b.thux.lan. (32) 23:38:24.832941 IP (tos 0x0, ttl 63, id 789, offset 0, flags [none], proto UDP (17), length 60) 10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x24bd!] 10465 ServFail q: A? dns1b.thux.lan. 0/0/0 (32) 23:38:24.833031 IP (tos 0x0, ttl 63, id 790, offset 0, flags [none], proto UDP (17), length 60) 10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x1e67!] 12060 ServFail q: AAAA? dns1b.thux.lan. 0/0/0 (32) 23:38:24.833495 IP (tos 0x0, ttl 61, id 38475, offset 0, flags [DF], proto UDP (17), length 60) 10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 10465+ A? dns1b.thux.lan. (32) 23:38:24.833495 IP (tos 0x0, ttl 61, id 38476, offset 0, flags [DF], proto UDP (17), length 60) 10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 12060+ AAAA? dns1b.thux.lan. (32) 23:38:24.833611 IP (tos 0x0, ttl 63, id 791, offset 0, flags [none], proto UDP (17), length 60) 10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x24bd!] 10465 ServFail q: A? dns1b.thux.lan. 0/0/0 (32) 23:38:24.833648 IP (tos 0x0, ttl 63, id 792, offset 0, flags [none], proto UDP (17), length 60) 10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x1e67!] 12060 ServFail q: AAAA? dns1b.thux.lan. 0/0/0 (32) 23:38:24.834003 IP (tos 0x0, ttl 61, id 38477, offset 0, flags [DF], proto UDP (17), length 60) 10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 10465+ A? dns1b.thux.lan. (32) 23:38:24.834076 IP (tos 0x0, ttl 63, id 793, offset 0, flags [none], proto UDP (17), length 60) 10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x24bd!] 10465 ServFail q: A? dns1b.thux.lan. 0/0/0 (32) 23:38:24.834099 IP (tos 0x0, ttl 61, id 38478, offset 0, flags [DF], proto UDP (17), length 60) 10.1.201.111.9411 > 10.2.201.135.53: [udp sum ok] 12060+ AAAA? dns1b.thux.lan. (32) 23:38:24.834165 IP (tos 0x0, ttl 63, id 794, offset 0, flags [none], proto UDP (17), length 60) 10.2.201.135.53 > 10.1.201.111.9411: [bad udp cksum 0xa733 -> 0x1e67!] 12060 ServFail q: AAAA? dns1b.thux.lan. 0/0/0 (32) _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users