I'm running pdns-server, as you guessed. I only enabled recursion, because nslook complained when I hadn't enabled it. Would it be better to try to set up a recursor in front of pdns-server, and then disable recursion on the server?
On Fri, 21 Jul 2017 at 16:48, Brian Candler <[email protected]> wrote: > On 21/07/2017 15:21, Rune Sørensen wrote: > > OK, dig outputs using the actual domain. > The server 10.255.0.3 that you are running dig against: is it running > pdns-server (the authoritative server), or pdns-recursor? > > If it's pdns-server, then I would not expect it to return any results > for a domain other than those it's authoritative for. That's unless you > have set the "recursor" option - have you done so? > > https://doc.powerdns.com/md/authoritative/recursion/ > > If it's pdns-recursor, then it should always send queries to the > authoritative nameservers listed in NS records for the domains in > question (i.e. cloudflare in this case), unless you have configured > forward-zones. > > It seems to me that you are running the authoritative server. The only > oddball I can see is your case 3. Something, somewhere, is doing a > recursive lookup to get the A records for bbc.co.uk. > > I don't think it's cloudflare: > > $ dig @alan.ns.cloudflare.com. test3.flcn.io. cname > > ; <<>> DiG 9.8.3-P1 <<>> @alan.ns.cloudflare.com. test3.flcn.io. cname > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10682 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;test3.flcn.io. IN CNAME > > ;; ANSWER SECTION: > test3.flcn.io. 300 IN CNAME bbc.co.uk. > > ;; Query time: 29 msec > ;; SERVER: 2400:cb00:2049:1::adf5:3b39#53(2400:cb00:2049:1::adf5:3b39) > ;; WHEN: Fri Jul 21 15:41:16 2017 > ;; MSG SIZE rcvd: 54 > > $ dig @alan.ns.cloudflare.com. test3.flcn.io. a > > ; <<>> DiG 9.8.3-P1 <<>> @alan.ns.cloudflare.com. test3.flcn.io. a > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21446 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;test3.flcn.io. IN A > > ;; ANSWER SECTION: > test3.flcn.io. 300 IN CNAME bbc.co.uk. > > ;; Query time: 26 msec > ;; SERVER: 2400:cb00:2049:1::adf5:3b39#53(2400:cb00:2049:1::adf5:3b39) > ;; WHEN: Fri Jul 21 15:41:19 2017 > ;; MSG SIZE rcvd: 54 > > So presumably it is at your side. If you have recursion enabled in > pdns-server, then I think you should move away from it - it has been > removed in pdns-server 4.1.0 anyway. > > Regards, > > Brian. > -- *Rune Tor Sørensen* Site Reliability Engineer +45 3172 2097 <javascript:void(0);> LinkedIn <https://www.linkedin.com/in/runets> Twitter <https://twitter.com/Areian> *Copenhagen* Falcon.io Aps H.C. Andersens Blvd. 27 1553 Copenhagen CVR no.: 33362226 [image: Falcon.io] <https://www.falcon.io/?utm_source=Employee%20emails&utm_medium=email&utm_content=Rune%20Tor%20S%C3%B8rensen&utm_campaign=Mail%20signature> Meet Your Customers
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
