Re: [Pdns-users] PowerDNS Authoritative Server 4.2.1

Hi, > We just released PowerDNS Authoritative Server 4.2.1. > > This release fixes several bugs and makes a few features more robust or > intuitive. It also contains a few performance improvements for API users. > > Please see the changelog[1] for more details. > > The tarball[2][3] is availab

Re: [Pdns-users] What is required for the dnsdist testCrypto() function to work?

>> should I expect the testCrypto() function to work? Because it doesn't: > [...] >>> testCrypto() >> Crypto failed.. > > This error message is indeed not helpful at all.. I'm pretty sure it > just means that have not configured a session key with setKey(), since > this function mostly tests that

[Pdns-users] What is required for the dnsdist testCrypto() function to work?

I have a newly installed FreeBSD-12.0 system, with dnsdist installed from the FreeBSD package system, and all the dependencies: New packages to be INSTALLED: dnsdist: 1.3.3_6 libsodium: 1.0.16 gnutls: 3.6.7 trousers: 0.3.14_2 tpm-emulator: 0.7.4_2 gm

[Pdns-users] Broken link for Lua example script in PowerDNS documentation

In the PowerDS recursor documentation at https://doc.powerdns.com/md/recursor/scripting/#writing-lua-powerdns-recursor-scripts the link to "a sample script that showcases all functionality described below": https://github.com/PowerDNS/pdns/blob/master/pdns/powerdns-example-script.lua gives me a

[Pdns-users] Recurring SERVFAIL problem for api.met.no

Environment: FreeBSD 11.2-STABLE, PowerDNS Recursor 4.1.12, dnssec=log-fail I have a recurring problem with the domain name "api.met.no". Normally it resolves like this: api.met.no. 3600IN CNAME external.api.met.no. external.api.met.no.3600IN CNAME os-157-249

Re: [Pdns-users] Graphing as a service: Disappearing CPU graphs

A small followup to this message from 23. January 2019: > We use PowerDNS "Graphing as a service", > > https://blog.powerdns.com/2014/12/11/powerdns-graphing-as-a-service/ > > for our pdns-recursor installations. Environment: > > FreeBSD 11.2, PowerDNS Recursor 4.1.8, carbon-server=37.252.122.5

Re: [Pdns-users] recursor 4.2.0-beta1 fails to resolve p4.no

> (I am the author of the mentioned dns software) > > According to RFC1034, including the request in the response seem to be > required. Is there something I am misunderstanding here ? There are multiple problems with p4.no, and you can see it with the ISC EDNS compliance tester: https://edn

[Pdns-users] Graphing as a service: Disappearing CPU graphs

We use PowerDNS "Graphing as a service", https://blog.powerdns.com/2014/12/11/powerdns-graphing-as-a-service/ for our pdns-recursor installations. Environment: FreeBSD 11.2, PowerDNS Recursor 4.1.8, carbon-server=37.252.122.50. This works well, with one minor but slightly irritating exception:

Re: [Pdns-users] Root dns

>Which source ip address does pdns-recursor use to contact root dns? Have you tried to read the PowerDNS recursor documentation? From the recursor.conf file: # # query-local-address Source IP address for sending queries # # query-local-address=0.0.0.0 ##

Re: [Pdns-users] recursor - pdns authoritative and axfr problem

> In general I still have no answer to the question why I get no AA flag > via the recursor. With a BIND resolver you get an authoritative answer from the resolver the *first* time this resolver receives an answer directly from the authoritative server (presumably because this answer is *not* from

Re: [Pdns-users] Announcing: DNS over HTTPS on doh.powerdns.org

> But we bet there are more things holding service providers back from > offering over HTTPS. So our question to you is: what is holding you back > form offering DNS over TLS and DNS over HTTPS? Is there anything we can do? > Are there missing features, are you worried about load-balancing or > per

[Pdns-users] rec_control reload-zones undocumented behavior, POLA breakage

Background: We're using the "forward-zones-file" functionality of PowerDNS recursor to forward some queries to a BIND server. I see the following behavior for PowerDNS recursor 4.1.3 running on a FreeBSD 11.2-STABLE server: - Zone added to the list in forward-zones-file: The forwarding takes effe

Re: [Pdns-users] Problems resolving specific domain with pdns_recursor 4

> Resolving the mx records of bankofsingapore.com never works with our PDNS 4 > instances while all that stuff works with PDNS 3 and Unbound. > > Someone here with a good idea how to debug this problem? I can confirm this. Specifically, PowerDNS Recursor 3.7.3 works okay for bankofsingapore.com,

Re: [Pdns-users] PowerDNS Recursor 4.0.0 Alpha 3 released

Did you get any time to look at this patch? As mentioned below, the FreeBSD build which appears to do without the patch actually uses a combination of LDFLAGS which results in linking with /usr/local/lib (where the Boost libraries are). Steinar Haug, AS2116 > > > I have finally been able to make

Re: [Pdns-users] PowerDNS Recursor 4.0.0 Alpha 3 released

> > I have finally been able to make a running Recursor 4.0.1. I started > > with a newly installed FreeBSD 10.3-STABLE, Boost 1.55.0 and no other > > packages installed. I was able to get the Recursor 4.0.1 to compile > > and link with the following patch to Makefile.am (or a corresponding > > pat

Re: [Pdns-users] PowerDNS Recursor 4.0.0 Alpha 3 released

> > I'm trying to get this up and running on a FreeBSD 10.3/x64 server. > > Not entirely straightforward. > > > > - I'm trying to use gcc 5.3.0 and Boost libraries 1.55.0. Which > > versions are you using for development? > > I use GCC 6.1 and Boost 1.60, but the recursor also compiles on Debian

Re: [Pdns-users] PowerDNS Query cache and Packet cache

> Can you show me where PowerDNS store Query cache and Packet cache ? If it's > in HDD, can we move it to RAM ? And finally, does it have any limit (size, > ttl, .) ? I'am using PowerDNS 3.X.X. Please help me! It's stored in RAM, and is limited by your available memory. There are suggested sizes i

Re: [Pdns-users] PowerDNS Recursor 4.0.0 Alpha 3 released

> We are pleased to announce the release of the PowerDNS recursor 4.0.0 Alpha > 3. This release features a great number of DNSSEC correctness fixes. Hi Pieter, I'm trying to get this up and running on a FreeBSD 10.3/x64 server. Not entirely straightforward. - I'm trying to use gcc 5.3.0 and Bo

Re: [Pdns-users] Performance optimizations in recursor

> Hello to all, i have followed to the letter the performance tunning > document, this is my recursor.conf: > > setuid=pdns-recursor > setgid=pdns-recursor > daemon=yes > dont-query=127.0.0.0/8 > local-address=127.0.0.1 > log-common-errors=no > loglevel=4 > max-cache-entries=400 > max-negative

Re: [Pdns-users] Virtual servers in pdns-recursor

> 10 instances ?? > Im experimenting with 4 recursor instances because I have plenty of cpu and > ram: > > top - 16:20:08 up 8 days, 7:36, 3 users, load average: 0.06, 0.05, 0.05 > Tasks: 383 total, 1 running, 382 sleeping, 0 stopped, 0 zombie > Cpu(s): 5.5%us, 2.5%sy, 0.0%ni, 91.4%id,

Re: [Pdns-users] Problems with PowerDNS

> Tip: What most people running PowerDNS do is use 2 seperate IPs voor > PowerDNS recursor and PowerDNS Authoritative Server. > > So for domains the server is authoritative for it will receive them on > the Authoritative Server and the recursive queries it can receive them > on the recursor. T

Re: [Pdns-users] Intermittent SERVFAIL Response

> Ok, maybe my question has not been clear: what "threads" parameter means in > the config file? What it affects? https://doc.powerdns.com/md/recursor/settings/#threads "Spawn this number of threads on startup" - the important point here is that this is operating system threads, as opposed to Pow

Re: [Pdns-users] Intermittent SERVFAIL Response

> Just a question from my side, when you say 4 thread you mean with 4 DNS > server in parallel? I meant exactly what I wrote. In the config file, recursor.conf, there is a section # # threads Launch this number of threads # # threads=2 and we have configured

Re: [Pdns-users] Intermittent SERVFAIL Response

> I'm running PowerDNS Recursor 3.7.3 on a pair of Ubuntu 14.04.3 LTS servers. > I'm getting intermittent SERVFAIL responses on both servers to queries for a > particular name. Could someone please help me understand what might be > causing these failures? Here are examples of the SERVFAIL response

Re: [Pdns-users] Allow query from all Internet

> Does someone tell me what is the right configuration to allow query from all > internet? > Under allow-from I have only RFC 1918 IP. I suppose that "allow from all" it > should be 0.0.0.0/0 > > Can you confirm or correct me? We simply have allow-from= in our recursor.conf. Steinar Haug, AS 2

Re: [Pdns-users] pdns-recursor works but pdns discards responses

> I have pdns-recursor and pdns on the same host and port but on > different IP$,1ry(Bs. When I query pdns and it can not answer, so it passes > the query on to pdns-recursor, which then responds with the answer but then > pdns discards the packets. What did I do wrong? I have tried this

Re: [Pdns-users] pdns server fails every morning when it starts getting used.

> > I've got a pdns server at one site that is causing me massive headaches. > > Every morning when the staff come in and start using it (and were not > > talking > > large numbers) it fails to serve external dns and has to be restarted > > (usually) or rebooted. > > Which version of PowerDNS

Re: [Pdns-users] Workaround for PowerDNS Security Advisory 2014-02

> > - Is PowerDNS recursor meant to have a coherent cache? The observed > > behavior on my 3.6.2/FreeBSD 9.3 installation is that I have as many > > caches as I have threads (as configured with "threads=..." in > > recursor.conf). This is clearly visible on the TTL of the replies, > > e.g. (queryin

Re: [Pdns-users] Workaround for PowerDNS Security Advisory 2014-02

> You can update auth-zones using 'rec_control reload-zones' at runtime > without restarting the recursor, which will discover new zones to be blocked > or no no longer blocked. A couple of questions regarding reload-zones: - Is PowerDNS recursor meant to have a coherent cache? The observed behav

Re: [Pdns-users] Workaround for PowerDNS Security Advisory 2014-02

> From PowerDNS users we have heard of problems caused by various domain names > related to PowerDNS Security Advisory 2014-02 (CVE-2014-8601), > http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/ > > If you are not yet in a position to upgrade to 3.6.2, or even if you have > upgraded

Re: [Pdns-users] Erroneous NXDOMAIN from Ebay triggered by EDNS extra info

> That's because you should not be touching these settings. In fact it is > currently documented as "pdns_recursor.cc:::arg().setSwitch( > "disable-edns", "Disable EDNS - EXPERIMENTAL, LEAVE DISABLED" )= """. > > For now, everyone should be leaving these settings to their default values > sinc

Re: [Pdns-users] Erroneous NXDOMAIN from Ebay triggered by EDNS extra info

> Also, I could find anything about disable-edns / disable-edns-ping at . could *not* find Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listi

Re: [Pdns-users] Erroneous NXDOMAIN from Ebay triggered by EDNS extra info

> > According to RFC 6975, Option code 5 of the OPT RR should be used to > > signal DAU (DNSSEC Algorithm Understood) - however, I doubt that this > > is really what PowerDNS recursor is trying to tell me here. It seems > > more likely that the inclusion of these additional 8 bytes in the > > query

[Pdns-users] Erroneous NXDOMAIN from Ebay triggered by EDNS extra info

I'm trying to use PowerDNS recursor 3.5.3 with EDNS turned on: disable-edns=no in order to handle larger UDP message sizes. This leads to a failure to resolve certain Ebay DNS names, e.g. i.ebayimg.com which through a twisty maze of Akamai etc DNS results in the following, if EDNS is turned off: