[Pdns-users] problems with recursor
Hello, I try to use recursor to resolve names last in the last 24h and get follow error messages: -- snip -- Jan 11 08:03:34 stats: 128 outgoing tcp connections, 3 queries running, 74095 outgoing timeouts Jan 11 08:33:37 stats: 573342 questions, 329288 cache entries, 83016 negative entries, 22% cache hits, outpacket/query ratio 121%, 7% throttled, 0 no-delegation drops Jan 11 08:33:37 stats: 131 outgoing tcp connections, 5 queries running, 76699 outgoing timeouts Jan 11 08:43:53 Unparseable packet from remote server 64.74.96.242: Packet parsing error, out of bounds: vector::_M_range_check Jan 11 08:43:55 Unparseable packet from remote server 216.52.184.230: Packet parsing error, out of bounds: vector::_M_range_check Jan 11 08:43:55 Unparseable packet from remote server 216.52.184.230: Packet parsing error, out of bounds: vector::_M_range_check Jan 11 08:43:57 Unparseable packet from remote server 69.25.142.1: Packet parsing error, out of bounds: vector::_M_range_check Jan 11 08:43:57 Unparseable packet from remote server 69.25.142.1: Packet parsing error, out of bounds: vector::_M_range_check Jan 11 08:43:59 Unparseable packet from remote server 63.251.92.193: Packet parsing error, out of bounds: vector::_M_range_check Jan 11 08:43:59 Unparseable packet from remote server 63.251.92.193: Packet parsing error, out of bounds: vector::_M_range_check Jan 11 08:44:01 Unparseable packet from remote server 70.42.37.1: Packet parsing error, out of bounds: vector::_M_range_check Jan 11 08:44:01 Unparseable packet from remote server 70.42.37.1: Packet parsing error, out of bounds: vector::_M_range_check Jan 11 09:00:42 STL Exception: Packet (hz163.net|#1) has trailing garbage (15 26) -- snip -- Should I don't use recursor in a productive enviroment? (Yes, I read http://downloads.powerdns.com/documentation/html/recursion.html , but I don't like djbdns.) fyi: I use SuSE 10.1 with pdns-2.9.19-13.4 - /etc/pdns.conf launch=bind recursor=127.0.0.1:5353 allow-recursion=0/0 query-logging=off lazy-recursion=on wildcards=no and I use for the first time pdns_recursor with follow options: /usr/sbin/pdns_recursor --daemon=no --local-port=5353 --local-address=127.0.0.1 best regards, thomas polnik. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] problems with recursor
On Thu, Jan 11, 2007 at 09:53:11AM +0100, thomas polnik wrote: fyi: I use SuSE 10.1 with pdns-2.9.19-13.4 That is far too old I'm afraid for the recursor. Everybody is strongly urged to run 3.1.4. -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] problems with recursor
Hello, On Thu, Jan 11, 2007 at 09:53:11AM +0100, thomas polnik wrote: fyi: I use SuSE 10.1 with pdns-2.9.19-13.4 That is far too old I'm afraid for the recursor. Everybody is strongly urged to run 3.1.4. I thank you for this information. Now I use the static rpm-packages from your site. best regards, thomas polnik. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] error messages from recursor
Hello, can I ignore messages like Unable to parse packet from remote server ... ? Here are all messages from recursor since I started it. -- snip -- # /usr/sbin/pdns_recursor --local-address=127.0.0.1 --local-port=5353 --daemon=no --allow-from=127.0.0.1 Jan 11 11:27:40 Unable to parse configuration file '/etc/powerdns/recursor.conf' Jan 11 11:27:40 PowerDNS recursor 3.1.4 (C) 2001-2006 PowerDNS.COM BV (Nov 12 2006, 17:57:29, gcc 4.0.3 (Ubuntu 4.0.3-1ubuntu5)) starting up Jan 11 11:27:40 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2. Jan 11 11:27:40 Operating in 32 bits mode Jan 11 11:27:40 Only allowing queries from: 127.0.0.1 Jan 11 11:27:40 Inserting rfc 1918 private space zones Jan 11 11:27:40 Listening for UDP queries on 127.0.0.1:5353 Jan 11 11:27:40 Listening for TCP queries on 127.0.0.1:5353 Jan 11 11:27:40 Done priming cache with root hints Jan 11 11:27:40 Enabled 'epoll' multiplexer Jan 11 11:27:40 Refreshed . records Jan 11 12:00:50 stats: 996 questions, 213 cache entries, 8 negative entries, 76% cache hits Jan 11 12:00:50 stats: throttle map: 1, ns speeds: 21 Jan 11 12:00:50 stats: outpacket/query ratio 35%, 0% throttled, 0 no-delegation drops Jan 11 12:00:50 stats: 0 outgoing tcp connections, 1 queries running, 4 outgoing timeouts Jan 11 12:23:48 Unable to parse packet from remote server 65.17.226.3: Error parsing packet of 236 bytes (rd=0), out of bounds: vector::_M_range_check Jan 11 12:23:48 Unable to parse packet from remote server 65.17.226.4: Error parsing packet of 236 bytes (rd=0), out of bounds: vector::_M_range_check Jan 11 12:30:57 stats: 30839 questions, 58169 cache entries, 3945 negative entries, 21% cache hits Jan 11 12:30:57 stats: throttle map: 327, ns speeds: 5115 Jan 11 12:30:57 stats: outpacket/query ratio 162%, 5% throttled, 0 no-delegation drops Jan 11 12:30:57 stats: 7 outgoing tcp connections, 9 queries running, 4612 outgoing timeouts Jan 11 12:53:20 Unable to parse packet from remote server 62.141.50.83: Error parsing packet of 288 bytes (rd=0), out of bounds: vector::_M_range_check Jan 11 12:53:20 Unable to parse packet from remote server 62.141.51.83: Error parsing packet of 288 bytes (rd=0), out of bounds: vector::_M_range_check Jan 11 13:01:06 stats: 70791 questions, 116635 cache entries, 8496 negative entries, 20% cache hits Jan 11 13:01:06 stats: throttle map: 419, ns speeds: 5181 Jan 11 13:01:06 stats: outpacket/query ratio 153%, 6% throttled, 0 no-delegation drops Jan 11 13:01:06 stats: 16 outgoing tcp connections, 12 queries running, 12300 outgoing timeouts -- snap -- Best regards, thomas polnik ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
RE: [Pdns-users] using wildcards with multiple backends
Hi Bert, Thanks for the reply, I should have included more info to start with... We are using version 2.9.20 running on red hat. The backends were compiled with version 3.2.3 gcc. We are not using the recursor. The custom backend basically replies to any DNS request with a specific IP that we have set up in the PDNS.CONF file as a parameter. There are some requests for certain domains that we would like to return other data and this can change from one day to the next so this is why we decided to implement the GMYSQL backend in front of our custom backend. We can store the info in the database and when PDNS does not find any matches we would expect it to fall back to the custom backend. I have read how PDNS handles the wildcard and it seems to work properly when just the GMYSQL backend is being used. Once I enable both backends, the wildcard functionality no longer works the same. See below examples. Domain table entries ++--++++-+-- ---+ | id | name | master | last_check | type | notified_serial | account | ++--++++-+-- ---+ | 1 | test.com | NULL | NULL | NATIVE |NULL | NULL | ++--++++-+-- ---+ Record table entries ++---++--+-+ ---+--+-+ | id | domain_id | name | type | content | ttl | prio | change_date | ++---++--+-+ ---+--+-+ | 1 | 1 | test.com | SOA | localhost [EMAIL PROTECTED] 1 | 86400 | NULL |NULL | | 2 | 1 | test.com | NS | dns-us1.powerdns.net| 86400 | NULL |NULL | | 3 | 1 | test.com | NS | dns-eu1.powerdns.net| 86400 | NULL |NULL | | 4 | 1 | www.test.com | A| 199.198.197.196 | 120 | NULL |NULL | | 5 | 1 | mail.test.com | A| 195.194.193.192 | 120 | NULL |NULL | | 6 | 1 | localhost.test.com | A| 127.0.0.1 | 120 | NULL |NULL | | 7 | 1 | test.com | MX | mail.test.com | 120 | 25 |NULL | | 8 | 1 | www.test.com | SOA | 255.255.255.255 | 86400 | NULL |NULL | ++---++--+-+ ---+--+-+ Example 1 - with both backends enabled and a query for doc.test.com the answer returned is the default IP set up in the custom backend which is supposed to be called second. C:\digdig doc.test.com ; DiG 9.3.2 doc.test.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 162 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;doc.test.com. IN A ;; ANSWER SECTION: doc.test.com. 3600IN A 68.218.251.49 ;; Query time: 15 msec ;; SERVER: ;; WHEN: Thu Jan 11 09:46:52 2007 ;; MSG SIZE rcvd: 46 Example 2 - only with the GMYSQL backend and a query for doc.test.com the server accepts the wildcard query and handles correctly. C:\digdig doc.test.com ; DiG 9.3.2 doc.test.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 904 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;doc.test.com. IN A ;; AUTHORITY SECTION: test.com. 86400 IN SOA localhost. ahu.ds9a.nl. 1 10800 3600 604800 3600 ;; Query time: 46 msec ;; SERVER: ;; WHEN: Thu Jan 11 09:48:21 2007 ;; MSG SIZE rcvd: 86 Any direction you can provide me would be greatly appreciated! Thanks, Jay Coulter -Original Message- From: bert hubert [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 10, 2007 4:23 PM To: Jay Coulter Cc: pdns-users@mailman.powerdns.com Subject: Re: [Pdns-users] using wildcards with multiple backends On Wed, Jan 10, 2007 at 04:21:31PM -0500, Jay Coulter wrote: We've developed a custom backend for PDNS at a clients request that is authoritative for any DNS request passed to it. They would like to use real functionality of the DNS server with the GMysql backend in front of Jay, Could you go into some more detail? PowerDNS translates queries that don't match directly into a sequence of *.something quiries. But please elaborate a bit. Thanks. -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] dig , trace and the recursor
Hello, I try the trace-option from dig, here is an example: -- snip -- $ dig www.google.de @130.149.4.20 +trace ; DiG 9.2.4 www.google.de @130.149.4.20 +trace ;; global options: printcmd . 249661 IN NS L.ROOT-SERVERS.NET. . 249661 IN NS M.ROOT-SERVERS.NET. . 249661 IN NS A.ROOT-SERVERS.NET. . 249661 IN NS B.ROOT-SERVERS.NET. . 249661 IN NS C.ROOT-SERVERS.NET. . 249661 IN NS D.ROOT-SERVERS.NET. . 249661 IN NS E.ROOT-SERVERS.NET. . 249661 IN NS F.ROOT-SERVERS.NET. . 249661 IN NS G.ROOT-SERVERS.NET. . 249661 IN NS H.ROOT-SERVERS.NET. . 249661 IN NS I.ROOT-SERVERS.NET. . 249661 IN NS J.ROOT-SERVERS.NET. . 249661 IN NS K.ROOT-SERVERS.NET. ;; Received 436 bytes from 130.149.4.20#53(130.149.4.20) in 36 ms de. 172800 IN NS A.NIC.de. de. 172800 IN NS C.DE.NET. de. 172800 IN NS F.NIC.de. de. 172800 IN NS L.DE.NET. de. 172800 IN NS S.DE.NET. de. 172800 IN NS Z.NIC.de. ;; Received 289 bytes from 198.32.64.12#53(L.ROOT-SERVERS.NET) in 243 ms google.de. 86400 IN NS ns4.google.com. google.de. 86400 IN NS ns1.google.com. google.de. 86400 IN NS ns3.google.com. google.de. 86400 IN NS ns2.google.com. ;; Received 113 bytes from 193.0.7.3#53(A.NIC.de) in 45 ms www.google.de. 345600 IN CNAME www.google.com. www.google.com. 604800 IN CNAME www.l.google.com. l.google.com. 86400 IN NS b.l.google.com. l.google.com. 86400 IN NS c.l.google.com. l.google.com. 86400 IN NS d.l.google.com. l.google.com. 86400 IN NS e.l.google.com. l.google.com. 86400 IN NS f.l.google.com. l.google.com. 86400 IN NS g.l.google.com. ;; Received 271 bytes from 216.239.38.10#53(ns4.google.com) in 112 ms -- snap -- But if I try it again to send the same request to recursor, I get an error: -- snip -- $ dig www.google.de @212.xxx.xxx.xxx +trace ; DiG 9.2.4 www.google.de @212.xxx.xxx.xxx +trace ;; global options: printcmd ;; Received 17 bytes from 212.xxx.xxx.xxx#53(212.xxx.xxx.xxx) in 8 ms -- snap -- I find follow error message in the logfile: Jan 11 16:12:07 Not authoritative for '', sending servfail to 212.yyy.yyy.yyy Have anybody a hint for me? Perhaps I set a wrong option in my pnds.conf? Best regards, thomas polnik. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dig , trace and the recursor
On Thu, Jan 11, 2007 at 04:18:08PM +0100, thomas polnik wrote: Hello, I try the trace-option from dig, here is an example: -- snip -- $ dig www.google.de @130.149.4.20 +trace +trace and @ do not combine as you expect they would. But if I try it again to send the same request to recursor, I get an error: You are not sending it to the recursor but to the authoritative server, which states it has no knowledge of the root zone. You might find that adding --send-root-referral fixes your problem, although it is not a problem. Bert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
