pdns-recursor doesnt connect to dns root servers

classic Classic list List threaded Threaded
4 messages Options
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

pdns-recursor doesnt connect to dns root servers

florian-41

Hi everyone!

I want to update dns records from root dns servers using pdns-recursor.
I already looked around, but I didn't find an solution for my problem:

Failed to update . records, RCODE=2


I use a squeeze package:
server:~# aptitude show pdns-recursor
Package: pdns-recursor                  
State: installed
Automatically installed: no
Version: 3.2-4
[..]

server:~# grep -v ^# /etc/powerdns/recursor.conf | grep -v ^$
allow-from=127.0.0.0/8, 172.16.1.0/24, ::1/128
dont-query=
forward-zones=mydomain.org=127.1.2.3
local-address=127.0.0.1,172.16.1.200
local-port=53
log-common-errors=yes
quiet=yes
setgid=pdns
setuid=pdns


server:~# tail /var/syslog
Dec 20 19:08:29 server pdns_recursor[18538]: PowerDNS recursor 3.2 (C)
2001-2010 PowerDNS.COM BV (Jul 20 2010, 13:06:28, gcc 4.4.4) starting up
Dec 20 19:08:29 server pdns_recursor[18538]: PowerDNS comes with
ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to
redistribute it according to the terms of the GPL version 2.
Dec 20 19:08:29 server pdns_recursor[18538]: Operating in 64 bits mode
Dec 20 19:08:29 server pdns_recursor[18538]: Reading random entropy from
'/dev/urandom'
Dec 20 19:08:29 server pdns_recursor[18538]: Only allowing queries from:
127.0.0.0/8, 172.16.1.0/24, ::1/128, fe80::/10
Dec 20 19:08:29 server pdns_recursor[18538]: Redirecting queries for zone
'mydomain.org' to: 127.1.2.3:53
Dec 20 19:08:29 server pdns_recursor[18538]: Inserting rfc 1918 private
space zones
Dec 20 19:08:29 server pdns_recursor[18538]: Listening for UDP queries on
127.0.0.1:53
Dec 20 19:08:29 server pdns_recursor[18538]: Listening for UDP queries on
172.16.1.200:53
Dec 20 19:08:29 server pdns_recursor[18538]: Enabled TCP data-ready filter
for (slight) DoS protection
Dec 20 19:08:29 server pdns_recursor[18538]: Listening for TCP queries on
127.0.0.1:53
Dec 20 19:08:29 server pdns_recursor[18538]: Listening for TCP queries on
172.16.1.200:53
Dec 20 19:08:29 server pdns_recursor[18538]: Calling daemonize, going to
background
Dec 20 19:08:29 server pdns_recursor[18539]: Set effective group id to 108
Dec 20 19:08:29 server pdns_recursor[18539]: Set effective user id to 104
Dec 20 19:08:29 server pdns_recursor[18539]: Launching 2 threads
Dec 20 19:08:29 server pdns_recursor[18539]: Done priming cache with root
hints
Dec 20 19:08:29 server pdns_recursor[18539]: Done priming cache with root
hints
Dec 20 19:08:29 server pdns_recursor[18539]: Enabled 'epoll' multiplexer
Dec 20 19:08:54 server pdns_recursor[18539]: Failed to update . records,
RCODE=2
Dec 20 19:08:54 server pdns_recursor[18539]: Failed to update . records,
RCODE=2

I see it trying to connect to root dns (watch -n 1 "lsof -i -n -P|grep
pdns") but it only seems to run through a list and never succeeds.

server:~# nmap -p53 -sU 202.12.27.33

Starting Nmap 5.00 ( http://nmap.org ) at 2010-12-20 19:23 CET
Interesting ports on M.ROOT-SERVERS.NET (202.12.27.33):
PORT   STATE         SERVICE
53/udp open|filtered domain

Nmap done: 1 IP address (1 host up) scanned in 0.57 seconds

server:~# telnet 202.12.27.33 53
connects

So it's not a firewall issue? I think I switched them off.

If I change the root domain to an other dns forewarder pdns-recursor runs
without errors. But it doesn't use root dns so it's not a fix.
forward-zones=mydomain.org=127.1.2.3,.=172.16.1.1
To set ".=IP" works for all public dns

Any help welcome :)

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: pdns-recursor doesnt connect to dns root servers

bert hubert-2
Can you tcpdump -s 1500 port 53 -w for-bert while it starts?

Sent from my phone.

----- Reply message -----
From: "florian" <[hidden email]>
Date: Mon, Dec 20, 2010 19:39
Subject: [Pdns-users] pdns-recursor doesnt connect to dns root servers
To: <[hidden email]>


Hi everyone!

I want to update dns records from root dns servers using pdns-recursor.
I already looked around, but I didn't find an solution for my problem:

Failed to update . records, RCODE=2


I use a squeeze package:
server:~# aptitude show pdns-recursor
Package: pdns-recursor                  
State: installed
Automatically installed: no
Version: 3.2-4
[..]

server:~# grep -v ^# /etc/powerdns/recursor.conf | grep -v ^$
allow-from=127.0.0.0/8, 172.16.1.0/24, ::1/128
dont-query=
forward-zones=mydomain.org=127.1.2.3
local-address=127.0.0.1,172.16.1.200
local-port=53
log-common-errors=yes
quiet=yes
setgid=pdns
setuid=pdns


server:~# tail /var/syslog
Dec 20 19:08:29 server pdns_recursor[18538]: PowerDNS recursor 3.2 (C)
2001-2010 PowerDNS.COM BV (Jul 20 2010, 13:06:28, gcc 4.4.4) starting up
Dec 20 19:08:29 server pdns_recursor[18538]: PowerDNS comes with
ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to
redistribute it according to the terms of the GPL version 2.
Dec 20 19:08:29 server pdns_recursor[18538]: Operating in 64 bits mode
Dec 20 19:08:29 server pdns_recursor[18538]: Reading random entropy from
'/dev/urandom'
Dec 20 19:08:29 server pdns_recursor[18538]: Only allowing queries from:
127.0.0.0/8, 172.16.1.0/24, ::1/128, fe80::/10
Dec 20 19:08:29 server pdns_recursor[18538]: Redirecting queries for zone
'mydomain.org' to: 127.1.2.3:53
Dec 20 19:08:29 server pdns_recursor[18538]: Inserting rfc 1918 private
space zones
Dec 20 19:08:29 server pdns_recursor[18538]: Listening for UDP queries on
127.0.0.1:53
Dec 20 19:08:29 server pdns_recursor[18538]: Listening for UDP queries on
172.16.1.200:53
Dec 20 19:08:29 server pdns_recursor[18538]: Enabled TCP data-ready filter
for (slight) DoS protection
Dec 20 19:08:29 server pdns_recursor[18538]: Listening for TCP queries on
127.0.0.1:53
Dec 20 19:08:29 server pdns_recursor[18538]: Listening for TCP queries on
172.16.1.200:53
Dec 20 19:08:29 server pdns_recursor[18538]: Calling daemonize, going to
background
Dec 20 19:08:29 server pdns_recursor[18539]: Set effective group id to 108
Dec 20 19:08:29 server pdns_recursor[18539]: Set effective user id to 104
Dec 20 19:08:29 server pdns_recursor[18539]: Launching 2 threads
Dec 20 19:08:29 server pdns_recursor[18539]: Done priming cache with root
hints
Dec 20 19:08:29 server pdns_recursor[18539]: Done priming cache with root
hints
Dec 20 19:08:29 server pdns_recursor[18539]: Enabled 'epoll' multiplexer
Dec 20 19:08:54 server pdns_recursor[18539]: Failed to update . records,
RCODE=2
Dec 20 19:08:54 server pdns_recursor[18539]: Failed to update . records,
RCODE=2

I see it trying to connect to root dns (watch -n 1 "lsof -i -n -P|grep
pdns") but it only seems to run through a list and never succeeds.

server:~# nmap -p53 -sU 202.12.27.33

Starting Nmap 5.00 ( http://nmap.org ) at 2010-12-20 19:23 CET
Interesting ports on M.ROOT-SERVERS.NET (202.12.27.33):
PORT   STATE         SERVICE
53/udp open|filtered domain

Nmap done: 1 IP address (1 host up) scanned in 0.57 seconds

server:~# telnet 202.12.27.33 53
connects

So it's not a firewall issue? I think I switched them off.

If I change the root domain to an other dns forewarder pdns-recursor runs
without errors. But it doesn't use root dns so it's not a fix.
forward-zones=mydomain.org=127.1.2.3,.=172.16.1.1
To set ".=IP" works for all public dns

Any help welcome :)

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users




_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: pdns-recursor doesnt connect to dns root servers

bert hubert-2
On Tue, Dec 21, 2010 at 06:24:56PM +0100, Florian Krolikowski wrote:
> Hi Bert!
>
> Here the requested tcpdump. I hope it is meaningful for you. Thanks a
> lot for your help.

Hi Florian,

It appears that there is no PowerDNS issue - PowerDNS is sending correct
root priming queries, but getting no responses.

Can you try:

dig +bufsize=1280 +norecurs -t ns . @198.41.0.4

And see if you get an answer? It may be that you are behind a firewall that
drops answers >512 bytes.

If this 'dig' line gets an answer, can you tcpdump it too?

        Bert

>
> Flo
>
> On 12/20/2010 08:37 PM, [hidden email] wrote:
> > Can you tcpdump -s 1500 port 53 -w for-bert while it starts?
> >
> > Sent from my phone.
> >
> > ----- Reply message -----
> > From: "florian" <[hidden email]>
> > Date: Mon, Dec 20, 2010 19:39
> > Subject: [Pdns-users] pdns-recursor doesnt connect to dns root servers
> > To: <[hidden email]>
> >
> >
> > Hi everyone!
> >
> > I want to update dns records from root dns servers using pdns-recursor.
> > I already looked around, but I didn't find an solution for my problem:
> >
> > Failed to update . records, RCODE=2
> >
> >
> > I use a squeeze package:
> > server:~# aptitude show pdns-recursor
> > Package: pdns-recursor                  
> > State: installed
> > Automatically installed: no
> > Version: 3.2-4
> > [..]
> >
> > server:~# grep -v ^# /etc/powerdns/recursor.conf | grep -v ^$
> > allow-from=127.0.0.0/8, 172.16.1.0/24, ::1/128
> > dont-query=
> > forward-zones=mydomain.org=127.1.2.3
> > local-address=127.0.0.1,172.16.1.200
> > local-port=53
> > log-common-errors=yes
> > quiet=yes
> > setgid=pdns
> > setuid=pdns
> >
> >
> > server:~# tail /var/syslog
> > Dec 20 19:08:29 server pdns_recursor[18538]: PowerDNS recursor 3.2 (C)
> > 2001-2010 PowerDNS.COM BV (Jul 20 2010, 13:06:28, gcc 4.4.4) starting up
> > Dec 20 19:08:29 server pdns_recursor[18538]: PowerDNS comes with
> > ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to
> > redistribute it according to the terms of the GPL version 2.
> > Dec 20 19:08:29 server pdns_recursor[18538]: Operating in 64 bits mode
> > Dec 20 19:08:29 server pdns_recursor[18538]: Reading random entropy from
> > '/dev/urandom'
> > Dec 20 19:08:29 server pdns_recursor[18538]: Only allowing queries from:
> > 127.0.0.0/8, 172.16.1.0/24, ::1/128, fe80::/10
> > Dec 20 19:08:29 server pdns_recursor[18538]: Redirecting queries for zone
> > 'mydomain.org' to: 127.1.2.3:53
> > Dec 20 19:08:29 server pdns_recursor[18538]: Inserting rfc 1918 private
> > space zones
> > Dec 20 19:08:29 server pdns_recursor[18538]: Listening for UDP queries on
> > 127.0.0.1:53
> > Dec 20 19:08:29 server pdns_recursor[18538]: Listening for UDP queries on
> > 172.16.1.200:53
> > Dec 20 19:08:29 server pdns_recursor[18538]: Enabled TCP data-ready filter
> > for (slight) DoS protection
> > Dec 20 19:08:29 server pdns_recursor[18538]: Listening for TCP queries on
> > 127.0.0.1:53
> > Dec 20 19:08:29 server pdns_recursor[18538]: Listening for TCP queries on
> > 172.16.1.200:53
> > Dec 20 19:08:29 server pdns_recursor[18538]: Calling daemonize, going to
> > background
> > Dec 20 19:08:29 server pdns_recursor[18539]: Set effective group id to 108
> > Dec 20 19:08:29 server pdns_recursor[18539]: Set effective user id to 104
> > Dec 20 19:08:29 server pdns_recursor[18539]: Launching 2 threads
> > Dec 20 19:08:29 server pdns_recursor[18539]: Done priming cache with root
> > hints
> > Dec 20 19:08:29 server pdns_recursor[18539]: Done priming cache with root
> > hints
> > Dec 20 19:08:29 server pdns_recursor[18539]: Enabled 'epoll' multiplexer
> > Dec 20 19:08:54 server pdns_recursor[18539]: Failed to update . records,
> > RCODE=2
> > Dec 20 19:08:54 server pdns_recursor[18539]: Failed to update . records,
> > RCODE=2
> >
> > I see it trying to connect to root dns (watch -n 1 "lsof -i -n -P|grep
> > pdns") but it only seems to run through a list and never succeeds.
> >
> > server:~# nmap -p53 -sU 202.12.27.33
> >
> > Starting Nmap 5.00 ( http://nmap.org ) at 2010-12-20 19:23 CET
> > Interesting ports on M.ROOT-SERVERS.NET (202.12.27.33):
> > PORT   STATE         SERVICE
> > 53/udp open|filtered domain
> >
> > Nmap done: 1 IP address (1 host up) scanned in 0.57 seconds
> >
> > server:~# telnet 202.12.27.33 53
> > connects
> >
> > So it's not a firewall issue? I think I switched them off.
> >
> > If I change the root domain to an other dns forewarder pdns-recursor runs
> > without errors. But it doesn't use root dns so it's not a fix.
> > forward-zones=mydomain.org=127.1.2.3,.=172.16.1.1
> > To set ".=IP" works for all public dns
> >
> > Any help welcome :)
> >
> > _______________________________________________
> > Pdns-users mailing list
> > [hidden email]
> > http://mailman.powerdns.com/mailman/listinfo/pdns-users
> >
> >
> >
>


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: pdns-recursor doesnt connect to dns root servers

alexgig
This post has NOT been accepted by the mailing list yet.
Hello!

I'm installed pdns-recursor and his config file is have default parameters. I didn't change him. But in log file I view this error:

Failed to update . records, got an exception
Failed to update . records, RCODE=-1

How I correct this problem?
Loading...