Hi,
> We just released PowerDNS Authoritative Server 4.2.1.
>
> This release fixes several bugs and makes a few features more robust or
> intuitive. It also contains a few performance improvements for API users.
>
> Please see the changelog[1] for more details.
>
> The tarball[2][3] is availab
>> should I expect the testCrypto() function to work? Because it doesn't:
> [...]
>>> testCrypto()
>> Crypto failed..
>
> This error message is indeed not helpful at all.. I'm pretty sure it
> just means that have not configured a session key with setKey(), since
> this function mostly tests that
I have a newly installed FreeBSD-12.0 system, with dnsdist installed
from the FreeBSD package system, and all the dependencies:
New packages to be INSTALLED:
dnsdist: 1.3.3_6
libsodium: 1.0.16
gnutls: 3.6.7
trousers: 0.3.14_2
tpm-emulator: 0.7.4_2
gm
In the PowerDS recursor documentation at
https://doc.powerdns.com/md/recursor/scripting/#writing-lua-powerdns-recursor-scripts
the link to "a sample script that showcases all functionality
described below":
https://github.com/PowerDNS/pdns/blob/master/pdns/powerdns-example-script.lua
gives me a
Environment: FreeBSD 11.2-STABLE, PowerDNS Recursor 4.1.12, dnssec=log-fail
I have a recurring problem with the domain name "api.met.no". Normally
it resolves like this:
api.met.no. 3600IN CNAME external.api.met.no.
external.api.met.no.3600IN CNAME os-157-249
A small followup to this message from 23. January 2019:
> We use PowerDNS "Graphing as a service",
>
> https://blog.powerdns.com/2014/12/11/powerdns-graphing-as-a-service/
>
> for our pdns-recursor installations. Environment:
>
> FreeBSD 11.2, PowerDNS Recursor 4.1.8, carbon-server=37.252.122.5
> (I am the author of the mentioned dns software)
>
> According to RFC1034, including the request in the response seem to be
> required. Is there something I am misunderstanding here ?
There are multiple problems with p4.no, and you can see it with the
ISC EDNS compliance tester:
https://edn
We use PowerDNS "Graphing as a service",
https://blog.powerdns.com/2014/12/11/powerdns-graphing-as-a-service/
for our pdns-recursor installations. Environment:
FreeBSD 11.2, PowerDNS Recursor 4.1.8, carbon-server=37.252.122.50.
This works well, with one minor but slightly irritating exception:
>Which source ip address does pdns-recursor use to contact root dns?
Have you tried to read the PowerDNS recursor documentation? From the
recursor.conf file:
#
# query-local-address Source IP address for sending queries
#
# query-local-address=0.0.0.0
##
> In general I still have no answer to the question why I get no AA flag
> via the recursor.
With a BIND resolver you get an authoritative answer from the resolver
the *first* time this resolver receives an answer directly from the
authoritative server (presumably because this answer is *not* from
> But we bet there are more things holding service providers back from
> offering over HTTPS. So our question to you is: what is holding you back
> form offering DNS over TLS and DNS over HTTPS? Is there anything we can do?
> Are there missing features, are you worried about load-balancing or
> per
Background: We're using the "forward-zones-file" functionality of
PowerDNS recursor to forward some queries to a BIND server.
I see the following behavior for PowerDNS recursor 4.1.3 running on
a FreeBSD 11.2-STABLE server:
- Zone added to the list in forward-zones-file: The forwarding takes
effe
> Resolving the mx records of bankofsingapore.com never works with our PDNS 4
> instances while all that stuff works with PDNS 3 and Unbound.
>
> Someone here with a good idea how to debug this problem?
I can confirm this. Specifically, PowerDNS Recursor 3.7.3 works okay
for bankofsingapore.com,
Did you get any time to look at this patch? As mentioned below, the
FreeBSD build which appears to do without the patch actually uses a
combination of LDFLAGS which results in linking with /usr/local/lib
(where the Boost libraries are).
Steinar Haug, AS2116
> > > I have finally been able to make
> > I have finally been able to make a running Recursor 4.0.1. I started
> > with a newly installed FreeBSD 10.3-STABLE, Boost 1.55.0 and no other
> > packages installed. I was able to get the Recursor 4.0.1 to compile
> > and link with the following patch to Makefile.am (or a corresponding
> > pat
> > I'm trying to get this up and running on a FreeBSD 10.3/x64 server.
> > Not entirely straightforward.
> >
> > - I'm trying to use gcc 5.3.0 and Boost libraries 1.55.0. Which
> > versions are you using for development?
>
> I use GCC 6.1 and Boost 1.60, but the recursor also compiles on Debian
> Can you show me where PowerDNS store Query cache and Packet cache ? If it's
> in HDD, can we move it to RAM ? And finally, does it have any limit (size,
> ttl, .) ? I'am using PowerDNS 3.X.X. Please help me!
It's stored in RAM, and is limited by your available memory. There
are suggested sizes i
> We are pleased to announce the release of the PowerDNS recursor 4.0.0 Alpha
> 3. This release features a great number of DNSSEC correctness fixes.
Hi Pieter,
I'm trying to get this up and running on a FreeBSD 10.3/x64 server.
Not entirely straightforward.
- I'm trying to use gcc 5.3.0 and Bo
> Hello to all, i have followed to the letter the performance tunning
> document, this is my recursor.conf:
>
> setuid=pdns-recursor
> setgid=pdns-recursor
> daemon=yes
> dont-query=127.0.0.0/8
> local-address=127.0.0.1
> log-common-errors=no
> loglevel=4
> max-cache-entries=400
> max-negative
> 10 instances ??
> Im experimenting with 4 recursor instances because I have plenty of cpu and
> ram:
>
> top - 16:20:08 up 8 days, 7:36, 3 users, load average: 0.06, 0.05, 0.05
> Tasks: 383 total, 1 running, 382 sleeping, 0 stopped, 0 zombie
> Cpu(s): 5.5%us, 2.5%sy, 0.0%ni, 91.4%id,
> Tip: What most people running PowerDNS do is use 2 seperate IPs voor
> PowerDNS recursor and PowerDNS Authoritative Server.
>
> So for domains the server is authoritative for it will receive them on
> the Authoritative Server and the recursive queries it can receive them
> on the recursor.
T
> Ok, maybe my question has not been clear: what "threads" parameter means in
> the config file? What it affects?
https://doc.powerdns.com/md/recursor/settings/#threads
"Spawn this number of threads on startup" - the important point here
is that this is operating system threads, as opposed to Pow
> Just a question from my side, when you say 4 thread you mean with 4 DNS
> server in parallel?
I meant exactly what I wrote. In the config file, recursor.conf, there
is a section
#
# threads Launch this number of threads
#
# threads=2
and we have configured
> I'm running PowerDNS Recursor 3.7.3 on a pair of Ubuntu 14.04.3 LTS servers.
> I'm getting intermittent SERVFAIL responses on both servers to queries for a
> particular name. Could someone please help me understand what might be
> causing these failures? Here are examples of the SERVFAIL response
> Does someone tell me what is the right configuration to allow query from all
> internet?
> Under allow-from I have only RFC 1918 IP. I suppose that "allow from all" it
> should be 0.0.0.0/0
>
> Can you confirm or correct me?
We simply have
allow-from=
in our recursor.conf.
Steinar Haug, AS 2
> I have pdns-recursor and pdns on the same host and port but on
> different IP$,1ry(Bs. When I query pdns and it can not answer, so it passes
> the query on to pdns-recursor, which then responds with the answer but then
> pdns discards the packets. What did I do wrong? I have tried this
> > I've got a pdns server at one site that is causing me massive headaches.
> > Every morning when the staff come in and start using it (and were not
> > talking
> > large numbers) it fails to serve external dns and has to be restarted
> > (usually) or rebooted.
>
> Which version of PowerDNS
> > - Is PowerDNS recursor meant to have a coherent cache? The observed
> > behavior on my 3.6.2/FreeBSD 9.3 installation is that I have as many
> > caches as I have threads (as configured with "threads=..." in
> > recursor.conf). This is clearly visible on the TTL of the replies,
> > e.g. (queryin
> You can update auth-zones using 'rec_control reload-zones' at runtime
> without restarting the recursor, which will discover new zones to be blocked
> or no no longer blocked.
A couple of questions regarding reload-zones:
- Is PowerDNS recursor meant to have a coherent cache? The observed
behav
> From PowerDNS users we have heard of problems caused by various domain names
> related to PowerDNS Security Advisory 2014-02 (CVE-2014-8601),
> http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/
>
> If you are not yet in a position to upgrade to 3.6.2, or even if you have
> upgraded
> That's because you should not be touching these settings. In fact it is
> currently documented as "pdns_recursor.cc:::arg().setSwitch(
> "disable-edns", "Disable EDNS - EXPERIMENTAL, LEAVE DISABLED" )= """.
>
> For now, everyone should be leaving these settings to their default values
> sinc
> Also, I could find anything about disable-edns / disable-edns-ping at
. could *not* find
Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listi
> > According to RFC 6975, Option code 5 of the OPT RR should be used to
> > signal DAU (DNSSEC Algorithm Understood) - however, I doubt that this
> > is really what PowerDNS recursor is trying to tell me here. It seems
> > more likely that the inclusion of these additional 8 bytes in the
> > query
I'm trying to use PowerDNS recursor 3.5.3 with EDNS turned on:
disable-edns=no
in order to handle larger UDP message sizes. This leads to a failure
to resolve certain Ebay DNS names, e.g. i.ebayimg.com which through
a twisty maze of Akamai etc DNS results in the following, if EDNS is
turned off:
34 matches
Mail list logo