On 06/12/2022 17:06, Curtis Maurand via Pdns-users wrote:
On the authoritative server I host a domain that I'll call domain.tld
as the example.
It really helps if you give the real domain, since many problems can be
diagnosed easily by querying the auth nameserver. See
https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/
Is this a real domain, i.e. does your authoritative server have a public
IP address and NS records pointing at it? I am guessing that it is,
since you say it's dnssec signed. Is your auth server behind any sort
of NAT?
All seems to be well, until I query the local recursor which returns
nothing. It answers, but doesn't return a response.
Define "nothing": NOERROR with no records, NXDOMAIN, SERVFAIL, something
else?
Can your recursor reach the authoritative server on its public IP address?
That is, from the shell of the recursor, can you query the auth server
like this:
dig +norec @x.x.x.x domain.tld. a
I've tried forward-zones = domain.tld=192.168.100.30; and that
doesn't seem to work.
You can run tcpdump to see whether the recursor is sending queries to
192.168.100.30, and if so, what response it gets.
tcpdump -i eth0 -nn -s0 -v port 53 and host 192.168.100.30
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users