On Sat, Feb 17, 2024 at 06:07:16PM -0800, Bill MacAllister wrote: > On 2024-02-17 12:08, Bill MacAllister via Pdns-users wrote: > > On 2024-02-17 00:31, Otto Moerbeek wrote: > > > > Your recursor is not able to get an answer from the root servers, at > > > least not for DS queries. > > > > > > A run with --trace as a command line option will reveal more details > > > of what is going on. > > > > > > Also: please show your config file. > > > > > > -Otto > > > > Here is my configuration file: https://pastebin.com/jatVMq42 > > > > BUT, this morning the recursor was working for a bit. Now it is > > failing again. I suspect comcast, but only because I have not made > > any changes to my internal network. Gremlins are other suspects. > > > > Here is the command line that I used to get a trace: > > > > /usr/sbin/pdns_recursor --daemon=no --write-pid=no \ > > --log-timestamp=no --trace --socket-dir=/run > > > > The trace output is here: https://pastebin.com/Bke0qXtJ > > Okay, I set "dnssec=off" and look ups are working now. Guess I > need to educate myself about dnssec. I would like to make the > dnssec default work if I can. Pointers welcomed. > > Bill
Looking at the trace your upstream mangles DNS. DNSSEC was designed to prtotect against that. -Otto _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users