Am 7. März 2023 18:17:32 MEZ schrieb Adrian Minta via Pdns-users
:
>Thank you Otto !
>
>RPZ seems to be a very nice feature for malware domains blocking and other
>legal blocking requirements.
>
>Do you have a link with some examples on how it should be used ?
Possibly related:
https://github.com/PowerDNS/pdns/issues/9112
Winfried
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
Hi Giovanni,
As far as I know, the Recursor is exactly doing what you want. IP addresses are
not part of the hash. Only the query name is base of the hash.
Identical query names are routed to the same thread and thus to the same cache.
Winfried
Am 28. November 2022 18:37:19 MEZ schrieb
Hi,
We recently had a similar problem when we updated from 10.5.12 to 10.6.10.
The cause was that the default behavior changed from
innodb_flush_method = fsync
to
innodb_flush_method = O_DIREC
Which means, no kernel file caching.
If you have a too small
innodb_buffer_pool_size
in this
True, TCP is broken as well.
Am 22. September 2022 10:01:58 MESZ schrieb Otto Moerbeek :
>On Thu, Sep 22, 2022 at 09:41:57AM +0200, abang--- via Pdns-users wrote:
>
>> The "NSEC3 proving non-existence" of this zone is broken. See
>> https://dnsviz.net/d/riec
The "NSEC3 proving non-existence" of this zone is broken. See
https://dnsviz.net/d/riecis.nl/dnssec/?rr=all=all=all=on=.=
You can workaround this issue by setting a NTA for it on your Recursors. It is
recommended to inform the owner of the zone in order to fix the root cause.
Winfried
Am
> getPool("resolverTopnet"):getCache():printStats()
In one of your previous mails the pool name was "resolver".
Am 9. September 2022 17:38:10 MESZ schrieb SAMI RAHAL via Pdns-users
:
>Hi Remi
>
>The server is in production it receives requests as shown in this summary
>
>Uptime: 17 days, Number
Hi Eli,
To keep it simple, you could implement the solution outside the DNS server by
generating the different zones from a unified source, that contains both
information about each RR.
Winfried
Am 3. August 2022 01:43:38 MESZ schrieb eli glynn via Pdns-users
:
>I've recently inherited a
Hi Luke,
You have to host the RPZ zone on a authoritative nameserver (PowerDNS
Authoritative for example) in order to load it using the rpzPrimary function.
The Recursor does not provide zonetransfers.
Winfried ___
Pdns-users mailing list
It *might* be worth to give this setting a try:
edns-subnet-whitelist=0.0.0.0/0, ::/0
But it depends on whether the client is talking to the Recursor over public or
private IP addresses.
https://doc.powerdns.com/recursor/settings.html#edns-subnet-allow-list
In my experience, ~0,06% (unreachables/all-outqueries) is normal.
Winfried
Am 31. Juli 2019 10:21:09 MESZ schrieb "姜伯洋" <1513...@163.com>:
>
>
>
>Can I understand the unreachables indicator as a normal count?
>
>
>
>At 2019-07-31 14:24:47, ab...@t-ipnet.net wrote:
>Hello 姜伯洋,
>
>If the
Hello 姜伯洋,
Logging of "unreachables" is not possible as far as I know. Although it would
be a handy feature.
You could try "rec_control trace-regex '.*'". But this produces a huge amount
of log and possibly decreases the Recursor performance.
Winfried
Am 31. Juli 2019 08:41:00 MESZ schrieb
Hello 姜伯洋,
If the Recursor does not reach an authoritative nameserver when resolving a
domain, this counter is incremented by 1. The cause is usually not the Recursor.
See https://doc.powerdns.com/recursor/metrics.html
Winfried
Am 31. Juli 2019 05:51:36 MESZ schrieb "姜伯洋"
Hello Klaus,
Am 4. Mai 2019 23:37:40 MESZ schrieb Klaus Darilion
:
>I though about loading the bind Backend and semi-automated export the
>"attacke" zone (and all subzones) from the SQL backend to the bind
>backend. Then, patch PDNS to not check all backends for the best zone
>match
Hi Pedro,
There is always a bottleneck. Wether you notice it depends on the load
against the system. You will notice it if your system drops packets from
a certain load on. From there you can try to improve by tuning "things"
such as Recursor config, NIC config, kernel parameter, firewall ...
Hello Thomas,
I did not investigate, but have you already seen the errors and warnings at
dnsviz?
http://dnsviz.net/d/sassc.home.pl/dnssec/
Winfried
Am 25. Februar 2019 23:27:44 MEZ schrieb Thomas Mieslinger :
>Hi,
>
>I have pdns_recusor 4.1.8 querying sassc.home.pl and it is marked as
Hi Rokkhan,
I am installing pdns auth an recursor on my server to make some tests
but I have a question. Could it be possible to configure recursor to
handle all the request from computers and configure only to forward
internal domains to auth server? Does it make sense?
Yes, in any case.
Hello Shawn,
root@DFW01-CPS01:~# dig @localhost +subnet=52.57.28.138 morpheus-ien.insnw.net
local-address=127.0.0.1
dig asks ::1 if available!
Try
dig @127.0.0.1
or
local-address=127.0.0.1,::1
--
Winfried
___
Pdns-users mailing list
Hi Grace,
Since 3.7.0, Recursor distributes queries to the threads itself. See
https://doc.powerdns.com/md/recursor/settings/#pdns-distributes-queries
Additional it hashes the queries with the goal to send the same query to
the same thread. This improves the cache hit rate and thus the average
Hi Fabien,
Don't know how to send notifications from 2.2.2.2 but I guess it works with
trusted-notification-proxy 1.1.1.1
on your slave.
https://doc.powerdns.com/md/authoritative/settings/#trusted-notification-proxy
Winfried
Am 17. Oktober 2015 14:00:56 MESZ, schrieb Fabien Fab
improve it a bit if you run the clients on another machine and set the
Recursor threads to 6 or 8. I tested with HT switched off.
Winfried
Am 22.12.2014 um 05:50 schrieb Ciro Iriarte:
2014-12-18 4:19 GMT-03:00 abang ab...@t-ipnet.net:
Hi Ciro,
Tried it quickly with dnsperf (http://nominum.com
Am 22.12.2014 um 17:36 schrieb Ciro Iriarte:
Hi Winfried, the machine has 1 Opteron 6386 SE processor, with 16
cores + 16GB of memory. AMD doesn't sport HT.
Ah, I see. But I have no explanation. I have tested with a Intel Xeon
CPU with 8 cores.
___
Hi Ciro,
Tried it quickly with dnsperf (http://nominum.com/measurement-tools/):
# echo -e localhost.\tA datafile
# pdns_recursor --threads=4 --pdns-distributes-queries=no
# dnsperf -c2 -n 1000 -l 10 -d datafile
Statistics:
Queries sent: 3314870
Queries completed:3314870
Hi Ciro,
https://iriarte.it/?p=354
Testing suggestions are welcome!
Consider if it isn't more efficient to open the database outside from a
function. This is cheaper because this way it must only open once at
startup or at rec-control reload-lua-script:
cdb = require(cdb)
db =
There is no need to restart the Recursor.
See http://doc.powerdns.com/html/recursor-scripting.html
At runtime, rec_control reload-lua-script can be used to either reload the
script from its current location, or, when passed a new file name, load one
from a new location. A failure to parse the
Hi Bart-Jan,
Am 30.09.2014 10:42, schrieb Bart-Jan van Hummel:
I am running DNS on a physical machine on Debian 7.6|
The requests are comming from Mac OS X.
The routers I use are Draytec which are connected with VPN IPSec
So I did not yet use VirtualBox. I will try to see if I can find more
Am 29.09.2014 14:11, schrieb Bart-Jan van Hummel:
;; WARNING: Messages has 4 extra bytes at end
;; Query time: 0 msec
;; MSG SIZE rcvd: 44
This would mean your DNS Server (PowerDNS) is broken. But I exclude this
in this case. My guess is that you are using virtualbox (right?) and
have a
Am 26.09.2014 09:38, schrieb Bart-Jan van Hummel:
I don't know why he gives that resonse, since only pdns-recursor is
using port 53 on UDP/TCP:
~ root# netstat -tulpn | grep 10.20.0.4:53
tcp0 0 10.20.0.4:530.0.0.0:*
LISTEN 3134/pdns_recursor
udp
Realy strange. Ok let's try step by step.
Does your authoritative DNS Server work? Log-in into your DNS Server and
dig -p 5300 @127.0.0.1 -x 10.20.0.4
dig -p 5300 @127.0.0.1 -x 10.20.1.4
dig -p 5300 @127.0.0.1 -x 10.20.2.4
And please provide the whole output.
If this works, test your
In addition to Peter's hint:
I assume your dig is asking your Recursor on Port 53. So you have to advise the
Recursor to forward queries for your local zones to your authoritative server
on Port 5300.
Try this in the rcursor.conf:
forward-zones=10.in-addr.arpa=127.0.0.1:5300
Winfried
Hi,
Am 25.09.2014 15:51, schrieb Bart-Jan van Hummel:
|Exception: Resolver binding to server socket on port 53 for 10.20.0.4:
Address already in use|
Please try first to solve this. Your Recursor can not listen
on|||10.20.0.4:53! There must be another process which is listen on this
port.
#
Am 25.09.2014 21:24, schrieb abang:
forward-zones=10.in-addr.arpa http://10.in-addr.arpa=127.0.0.1:5300
Oh, you did that already.
On 25. September 2014 15:51:21 MESZ, Bart-Jan van Hummel
bvanhum...@openforest.nl wrote:
|When starting the recursor I do see these messages
Hello Bert,
Would you also provide the patch for the current version 3.5.3?
Winfried
Am 06.02.2014 13:10, schrieb bert hubert:
Hi everybody,
Over the past week we've been contacted by a few users reporting their
PowerDNS Recursor became unresponsive under a moderate denial of service
attack,
Hi Gerald,
aber ich brauche eines für Debian auf Raspberry Pi.
wo du ein fertiges Binary für armv6l bekommst weiß ich nicht. Aber du
könntest versuchen, selbst zu kompilieren.
apt-get install libboost-dev
wget http://downloads.powerdns.com/releases/pdns-recursor-3.5.2.tar.bz2
tar -xjf
Am 16.08.2013 13:58, schrieb Marc Haber:
pdns-users is an english language mailing list.
He asked in german Sorry for this. We have further witten offlist.
I will inform the list if we find new discoveries.
The PowerDNS recursor cannot be compiled on arm architectures. It
needs a
(192.168.10.233)
;; WHEN: Fri Aug 16 14:13:11 2013
;; MSG SIZE rcvd: 30
I have a Raspberry Pi Type B with Debian Wheezy.
kind regards
Gerald
On 2013-08-16 13:58, Marc Haber wrote:
pdns-users is an english language mailing list.
On Fri, Aug 16, 2013 at 10:09:44AM +0200, abang wrote:
aber ich brauche eines
Am 16.08.2013 15:55, schrieb Gerald:
I have started recursor now with trace
(/usr/sbin/pdns_recursor --daemon=no --trace=yes)
The listing is long and therefore here to download:
http://www.pechoc.eu/download/recursor_trace.txt
Can you dig the root nameservers form your Pi? It seems to me you
Am 16.08.2013 16:08, schrieb Gerald:
Here is the result:
Ok. Try this config:
query-local-address=192.168.10.233
in your recursor.conf OR on command line:
--query-local-address=192.168.10.233
___
Pdns-users mailing list
Hi Gerald,
Weiß jemand wo der zu finden ist?
aktuelle Pakete gibts hier:
https://www.powerdns.com/downloads.html
Winfried___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Hi Shamus,
PowerDNS Recursor not listening at ::1 by default. But localhost
resolves (/etc/hosts) to ::1 at the first try. So dig's first query
fails. After 1 second (don't know why 1 second because default timeout
is 3s), dig tries again at 127.0.0.1 and it works.
You have 3 possibilities:
For the record, it's fixed:
https://github.com/PowerDNS/pdns/commit/ae8bd630eac25f5f4d521e405d9a8c89553d219e
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
# tar -xzf pdns-3.3-rc1.tar.gz cd pdns-3.3-rc1 autoreconf -i
configure.ac:8: warning: macro `AM_SILENT_RULES' not found in library
libtoolize: `./ltmain.sh' is newer: use `--force' to overwrite
libtoolize: `m4/ltversion.m4' is newer: use `--force' to overwrite
configure.ac:8: warning: macro
Could you try:
autoreconf -v -f -i
# autoreconf -v -f -i
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
configure.ac:8: warning: macro `AM_SILENT_RULES' not found in library
autoreconf: configure.ac: tracing
autoreconf:
Don't know what went wrong. But you should add 127.0.0.1 to allow-from
if you ask from 127.0.0.1
Am 08.04.2013 11:32, schrieb Odhiambo Washington:
I have a situation with pdns-recursor that I need help with.
I am running it on 127.0.0.1:53 http://127.0.0.1:53
My configuration is as below:
Hi,
Since a few days, entries like these are showing up in my logs:
pdns_recursor[17287]: Error processing or aging answer packet: out of
bounds: 12 = 12
But I've got no clue what they mean.
Does this sound familiar to anyone of you?
10/24/2010 Bert Hubert wrote to me:
This error
Hi,
your pipe-timeout is 5 *ms*. This is possibly too less (depending on
your pipe-backend).
See http://doc.powerdns.com/from3.1to3.2.html
Am 27.01.2013 23:17, schrieb Roman Gaufman:
Hi :)
This is the pipe-command related stuff in my pdns.conf (rest is default):
launch=pipe,bind
It seems to be modern, to try to solve all problems with DNS. But DNS is
neither a router nor a load balancer and certainly not a HA cluster.
Always use the proper tool. If the proper tool isn't available, use a
hammer. (Lt. Commander Montgomery „Scotty“ Scott)
Am 17.12.2012 12:59, schrieb
Hi,
I wonder how can a answer packet from our PowerDNS Recursor (3.4-pre)
exceeds 512 bytes. I thought this is the limit and it should be
truncated. The MSG SIZE in the example below is 701. Has someone a
explanation for this?
Winfried
dig +notcp +ignore . NS @217.0.43.145
; DiG
is there any easy way how can i send notification about all zones/domains?
http://tinydns.org/dnsnotify
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Hello,
would you please explain RR a bit. i am new to Advance DNS controlling
Sorry for the abbreviation. RR = DNS Resource Record
http://en.wikipedia.org/wiki/Resource_record#DNS_resource_records
A DNS resource record is a data record in a DNS zone. You need to store
DNS RRs in your
, 2012 at 8:51 PM, abang ab...@t-ipnet.net wrote:
ok done forward-zones=100.51.10.in-addr.arpa=10.51.100.8
above line worked or me. but still farword lookup is not working can
you please help me in this
Please try
# dig ykhan.abc.com @10.51.100.8
and post the output
Am 18.05.2012 12:48, schrieb Muhammad Yousuf Khan:
any one can help plz?
Now I am using reporting tool sarg which i hope your are aware of, that is
generating reports against SQUID log by default sarg generates IP base
reports, further more there is an option in sarg report by which we can
Try
threads=1
Default is 2 which means you have two independent caches in your pdns
process.
Am 15.05.2012 16:06, schrieb Muhammad Yousuf Khan:
ok, after searching internet i have found some of my answers but my
question is still there. because there is a parameter
# max-cache-ttl maximum
The ttl of geo.tv is 60s. So it works as designed. You can not increase
the ttl of a RR in your cache. This is not allowed. But you can set a
upper limit with
max-cache-ttl.
^^^
Am 15.05.2012 16:35, schrieb Muhammad Yousuf Khan:
nope it didnt work either
;; ANSWER SECTION:
geo.tv.
Am 15.05.2012 17:16, schrieb Muhammad Yousuf Khan:
but just one more question. i want my isp or my internal DNS server to be root.
how can i stop powerDNS to query outside. i think my ISP DNS would be
more good enough
See http://doc.powerdns.com/built-in-recursor.html#recursor-settings
pdnsd is not PowerDNS! See http://members.home.nl/p.a.rombouts/pdnsd/
for informations.
Am 14.05.2012 09:41, schrieb Muhammad Yousuf Khan:
i am using debian 6.0.4 and PowerDNS as a caching server in to
facilitate Squid cache.
in the begining things were working fine (about 2 monts or so) but
oh then i think due to the name confusion i installed something else
would you please give me a good link where i can lean the deplyoument
of powerdns on debian sqeeze ...
Packages for PowerDNS Authoritative and PowerDNS Recursor are available
in Debians Squeeze repository:
Hello,
we have version 3.4 and it also didn't resolve webmail.deictvereniging.nl:
; -HEADER- opcode: QUERY, status: NOERROR, id: 46897
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;webmail.deictvereniging.nl.IN A
;; ANSWER
my recursor.conf
-additional-processing=on
allow-from=My local and network ranges
local-address=my local and external IPv4 and external IPv6
Maybe you didn't set the local-address 127.0.0.1 in recursor:
local-address=127.0.0.1,your local and external IPv4 and external IPv6
--
Winfried
Is it just me or option 'webserver=no' has no effect at all in latest
stable authoritative version ?I am running multiple vhost instances and
the port 8081 keeps conflicting.
Running pdns_server --webserver=no also is of no use!
I can confirm that. But as a workaround this config statement
Hi,
now we have verified our setup with version 2.9.22 and it starts in 2
seconds. 3.0 takes 30 seconds! Since this is a very long time we think
this could be a bug in 3.0 and we filed a ticket:
http://wiki.powerdns.com/trac/ticket/383
Winfried
Am 19.08.2011 09:33, schrieb abang:
Hi
Hi,
I'm trying to setup PowerDNS Authoritativ Server 3.0 with three backends:
launch=gmysql,bind,pipe
It seems all works as expected. But every time I reload or start
PowerDNS, my syslog shows for each bind zone (we have 791) which is
loaded these two lines:
...gmysql Connection successful
Hi,
'dont-query' is an config option. If not set, the default ist to block
127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
Winfried
Am 13.08.2010 10:10, schrieb Angel Bosch Mora:
hi,
i've configured a forward zone:
forward-zones=example1.com=10.215.2.4
but i
this is not on the manual page. should i file a bug?
why not. You can do that on http://wiki.powerdns.com/trac
TO FILE BUGS, OR CHANGE THE WIKI, CLICK 'LOGIN' ABOVE, USERNAME anon
PASSWORD No Spam without quotes or the space in between
how do you know default settings?
I saw it in the
Hi Adam,
... It seems like pdns is working, but not
communicating with the recursor.
recursor.conf http://pastebin.com/MiL9xbXM
independent of your VPN setup I noticed that your local-address
statement in the recursor.conf isn't filled correct. Your recursor only
listening on localhost. It
65 matches
Mail list logo
