Re: [Pdns-users] pdns-recursor works but pdns discards responses
> On 2015-01-26, at 5:38 PM, rooster wrote: > > Hello list, > > I have pdns-recursor and pdns on the same host and port but on > different IP’s. When I query pdns and it can not answer, so it passes the > query on to pdns-recursor, which then responds with the answer but then pdns > discards the packets. What did I do wrong? I have tried this with the > firewall both on and off and the result is the same. Below is a snippet of > the log file with the error, followed by my configuration for the recursor > and pdns itself. The host is a PowerPC computer running ubuntu 14.04 LTS. > > /var/log/syslog > > Jan 26 16:45:55 host pdns_recursor[29993]: 0 question answered from packet > cache from 127.0.0.1 > Jan 26 16:45:55 host pdns[26791]: Discarding untracked packet from recursor > backend with id 49601. Conntrack table size=1 > Jan 26 16:46:00 host pdns_recursor[29993]: 1 [42] question for > ‘google.com.|A' from 127.0.0.1 > Jan 26 16:46:01 host pdns[26791]: Discarding untracked packet from recursor > backend with id 49345. Conntrack table size=2 > Jan 26 16:46:01 host pdns_recursor[29993]: 1 [42] answer to question > ‘google.com.|A': 1 answers, 0 additional, took 2 packets, 0 throttled, 0 > timeouts, 0 tcp connections, rcode=0 > Jan 26 16:46:05 host pdns_recursor[29993]: 0 question answered from packet > cache from 127.0.0.1 > Jan 26 16:46:05 host pdns[26791]: Discarding untracked packet from recursor > backend with id 50113. Conntrack table size=3 Here is a final update with success. I removed recursor=127.0.0.1 from pdns.local.conf. I will also note that, my original problem was not so much a problem caused by a bug or some other such issue but more precisely, it was a configuration error. I theorize that the error I was seeing in my logs was not so much an error but an indication of the configuration error. In short, I had misconfigured the auth server to allow recursion. As such, when a non-authorized query came in, auth server passed it on to the recursor like it was configured to do and the recursor would respond correctly but the auth server then would drop the packets instead of routing them back to the source of the query. If anyone else has theories or additional input, please feel free to post a message to the list. As I mentioned, I’d mark this as solved and not as a bug in the pdns auth server code (big endian vs. little endian) but instead a user configuration error. Thank you everyone for your assistance on this "problem". -- ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns-recursor works but pdns discards responses
> I downloaded, compiled and installed the recently released 3.4.2 from > the PowerDNS releases web page but I was unable to get it to launch. :( > > The error I am getting is “Unable to launch, no backends configured for > querying” which is very odd since when I did the compile, I explicitly > compiled with the bind module option. Also, my local config file does have > “launch=bind” parameter set. > > host - PowerPC 32bit, ubuntu 14.04 LTS release Here is an update to this new problem that Habbie and ahu on the IRC channel helped me with. What was happening was when pdns was launched, it would look in /usr/local/etc/ for it’s configuration files. Of course this was wrong. After some short deliberation and with a hint from Fusl in the IRC channel, I modified /etc/default/pdns to add --config-dir=/etc/powerdns in the DAEMON_ARGS=“” line. The two other options are : add this same modification to the init.d script that was generated from the compile or at the time of compile, add --sysconfdir=/etc/powerdns to the ./configure command. Now I have a running 3.4.2 pdns but I still have the problem of the precursor responses being discarded. Right ha has me running a testrunner. -- ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns-recursor works but pdns discards responses
> We had a similar report from a Solaris SPARC user; a fix for his problem went > into the 3.4.0 release, but we never got an answer about whether it helped. > > Can you please try with pens-server 3.4.0 or higher, and let us know if that > fixes it? > > Kind regards, > -- > Peter van Dijk Hi again Peter, I downloaded, compiled and installed the recently released 3.4.2 from the PowerDNS releases web page but I was unable to get it to launch. :( The error I am getting is “Unable to launch, no backends configured for querying” which is very odd since when I did the compile, I explicitly compiled with the bind module option. Also, my local config file does have “launch=bind” parameter set. host - PowerPC 32bit, ubuntu 14.04 LTS release -- ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns-recursor works but pdns discards responses
> We had a similar report from a Solaris SPARC user; a fix for his problem went > into the 3.4.0 release, but we never got an answer about whether it helped. > > Can you please try with pens-server 3.4.0 or higher, and let us know if that > fixes it? > > Kind regards, > -- > Peter van Dijk Hi again Peter, Here are my results of the installation I did tonight. I grabbed the following files : ftp://ftp.debian.org//debian/pool/main/p/pdns/pdns_3.4.1-4.debian.tar.xz ftp://ftp.debian.org//debian/pool/main/p/pdns/pdns_3.4.1-4.dsc ftp://ftp.debian.org//debian/pool/main/p/pdns/pdns_3.4.1.orig.tar.bz2 Compiled, built and installed pdns-server_3.4.1. PowerDNS version now reports as the following : Jan 30 01:55:06 PowerDNS Authoritative Server 3.4.1 (jenk...@autotest.powerdns.com) (C) 2001-2014 PowerDNS.COM BV Jan 30 01:55:06 Using 32-bits mode. Built on 20150130004723 by root@host, gcc 4.8.2. Jan 30 01:55:06 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2. Jan 30 01:55:06 Features: botan1.10 cryptopp libdl lua Jan 30 01:55:06 Built-in modules: Now when I do a lookup from the host (dig @IPADDRESS google.com), I see this in the syslog : Jan 30 01:54:40 host pdns_recursor[995]: 1 question answered from packet cache from 127.0.0.1 Jan 30 01:54:40 host pdns[23000]: Discarding untracked packet from recursor backend with id 24672. Conntrack table size=1 End result, same as before. :( I will go looking for a version higher than 3.4.1 and try again. -- ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns-recursor works but pdns discards responses
I had an e-mail client issue and this message was never sent. Sending now. There are three other messages with the same problem. *** > On 2015-01-29, at 8:02 AM, Peter van Dijk wrote: > > Hello Rooster, > We had a similar report from a Solaris SPARC user; a fix for his problem went > into the 3.4.0 release, but we never got an answer about whether it helped. > > Can you please try with pens-server 3.4.0 or higher, and let us know if that > fixes it? > > Kind regards, > -- > Peter van Dijk Hi there Peter, Thank you for this information. I had seen talk about big endian versus little endian and I think I saw that same sparc post. I will install pdns-server 3.4.0 or higher and report back. Thank you again. -- ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns-recursor works but pdns discards responses
Hello Rooster, On 28 Jan 2015, at 4:35 , rooster wrote: >> We start with pdns_recursor and then forward some to pdns. We had your >> setup with pdns_recursor behind pdns and had some issues with pdns >= 3. >> According to the developers that is not really supported. I do not know >> if what is happening to you is similar. >> >> Regards, >> Ken > > > Thank you for the input. I just verified which versions I have installed : > > pdns-server = 3.3 > pdns-recursor = 3.5.3 > > What should happen is pdns-server should only respond to queries that I have > host information for. All other queries should go to pdns-recursor which will > then reply back down the chain. There will be no outside access to > pdns-recursor, only localhost and other devices inside the local network. We had a similar report from a Solaris SPARC user; a fix for his problem went into the 3.4.0 release, but we never got an answer about whether it helped. Can you please try with pens-server 3.4.0 or higher, and let us know if that fixes it? Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns-recursor works but pdns discards responses
> Hi, > > We start with pdns_recursor and then forward some to pdns. We had your > setup with pdns_recursor behind pdns and had some issues with pdns >= 3. > According to the developers that is not really supported. I do not know > if what is happening to you is similar. > > Regards, > Ken Thank you for the input. I just verified which versions I have installed : pdns-server = 3.3 pdns-recursor = 3.5.3 What should happen is pdns-server should only respond to queries that I have host information for. All other queries should go to pdns-recursor which will then reply back down the chain. There will be no outside access to pdns-recursor, only localhost and other devices inside the local network. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns-recursor works but pdns discards responses
On Tue, Jan 27, 2015 at 11:22:28AM +0100, sth...@nethelp.no wrote: > > I have pdns-recursor and pdns on the same host and port but on > > different IP$,1rys. When I query pdns and it can not answer, so it passes > > the query on to pdns-recursor, which then responds with the answer but then > > pdns discards the packets. What did I do wrong? I have tried this with the > > firewall both on and off and the result is the same. Below is a snippet of > > the log file with the error, followed by my configuration for the recursor > > and pdns itself. The host is a PowerPC computer running ubuntu 14.04 LTS. > > Can't speak for pdns. However, we have pdns_recursor and BIND running > on the same host (same port 53, different IPs), with pdns_recursor > forwarding some queries to BIND. Works without problems for us. > > Steinar Haug, AS 2116 > Hi, We start with pdns_recursor and then forward some to pdns. We had your setup with pdns_recursor behind pdns and had some issues with pdns >= 3. According to the developers that is not really supported. I do not know if what is happening to you is similar. Regards, Ken ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns-recursor works but pdns discards responses
> On 2015-01-27, at 2:22 AM, sth...@nethelp.no wrote: > > Can't speak for pdns. However, we have pdns_recursor and BIND running > on the same host (same port 53, different IPs), with pdns_recursor > forwarding some queries to BIND. Works without problems for us. Ya, I am sure I had it working this past summer but the HD on that computer died and I was only testing access so I had not backed up the system yet. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns-recursor works but pdns discards responses
> I have pdns-recursor and pdns on the same host and port but on > different IP$,1ry(Bs. When I query pdns and it can not answer, so it passes > the query on to pdns-recursor, which then responds with the answer but then > pdns discards the packets. What did I do wrong? I have tried this with the > firewall both on and off and the result is the same. Below is a snippet of > the log file with the error, followed by my configuration for the recursor > and pdns itself. The host is a PowerPC computer running ubuntu 14.04 LTS. Can't speak for pdns. However, we have pdns_recursor and BIND running on the same host (same port 53, different IPs), with pdns_recursor forwarding some queries to BIND. Works without problems for us. Steinar Haug, AS 2116 ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users