0

What could be the problem?

● pdns-recursor.service - PowerDNS Recursor
   Loaded: loaded (/lib/systemd/system/pdns-recursor.service; enabled; vendor preset: enabled)
   Active: activating (start) since Fri 2021-05-14 17:59:58 MSK; 20ms ago
     Docs: man:pdns_recursor(1)
           man:rec_control(1)
           https://doc.powerdns.com
 Main PID: 28106 ((recursor))
    Tasks: 1 (limit: 4915)
   Memory: 268.0K
   CGroup: /system.slice/pdns-recursor.service
           └─28106 (recursor)

May 14 17:59:58 vs-otr-powerdns01 systemd[1]: Starting PowerDNS Recursor...

OS Version:

PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian

PowerDNS version:

pdns_server --version

May 15 10:54:11 PowerDNS Authoritative Server 4.1.6 (C) 2001-2018 PowerDNS.COM BV
May 15 10:54:11 Using 64-bits mode. Built using gcc 8.3.0.
May 15 10:54:11 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
May 15 10:54:11 Features: sodium openssl lua
May 15 10:54:11 Built-in modules:
May 15 10:54:11 Configured with: " '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--sysconfdir=/etc/powerdns' '--with-dynmodules=bind ldap pipe gmysql godbc gpgsql gsqlite3 geoip lua mydns remote random opendbx tinydns' '--with-modules=' '--enable-libsodium' '--enable-tools' '--without-protobuf' '--enable-unit-tests' '--enable-reproducible' '--enable-systemd' '--with-systemd=/lib/systemd/system' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/pdns-rxuCeC/pdns-4.1.6=. -fstack-protector-strong -Wformat -Werror=format-security' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/pdns-rxuCeC/pdns-4.1.6=. -fstack-protector-strong -Wformat -Werror=format-security -DPACKAGEVERSION='\''"4.1.6-3+deb10u1.Debian"'\'' -Wall'"

Logs:

May 14 17:47:27 vs-otr-powerdns01 systemd[1]: pdns-recursor.service: Main process exited, code=exited, status=1/FAILURE
-- An ExecStart= process belonging to unit pdns-recursor.service has exited.
May 14 17:47:27 vs-otr-powerdns01 systemd[1]: pdns-recursor.service: Failed with result 'exit-code'.
-- The unit pdns-recursor.service has entered the 'failed' state with result 'exit-code'.
-- Subject: A start job for unit pdns-recursor.service has failed
-- A start job for unit pdns-recursor.service has finished with a failure.
May 14 17:47:27 vs-otr-powerdns01 systemd[1]: pdns-recursor.service: Service RestartSec=100ms expired, scheduling restart.
May 14 17:47:27 vs-otr-powerdns01 systemd[1]: pdns-recursor.service: Scheduled restart job, restart counter is at 2334.
-- Automatic restarting of the unit pdns-recursor.service has been scheduled, as the result for
-- Subject: A stop job for unit pdns-recursor.service has finished
-- A stop job for unit pdns-recursor.service has finished.
-- Subject: A start job for unit pdns-recursor.service has begun execution
-- A start job for unit pdns-recursor.service has begun execution.
May 14 17:47:28 vs-otr-powerdns01 systemd[1]: pdns-recursor.service: Main process exited, code=exited, status=1/FAILURE
-- An ExecStart= process belonging to unit pdns-recursor.service has exited.
May 14 17:47:28 vs-otr-powerdns01 systemd[1]: pdns-recursor.service: Failed with result 'exit-code'.
-- The unit pdns-recursor.service has entered the 'failed' state with result 'exit-code'.
-- Subject: A start job for unit pdns-recursor.service has failed
-- A start job for unit pdns-recursor.service has finished with a failure.
May 14 17:47:28 vs-otr-powerdns01 systemd[1]: pdns-recursor.service: Service RestartSec=100ms expired, scheduling restart.
May 14 17:47:28 vs-otr-powerdns01 systemd[1]: pdns-recursor.service: Scheduled restart job, restart counter is at 2335.
-- Automatic restarting of the unit pdns-recursor.service has been scheduled, as the result for
-- Subject: A stop job for unit pdns-recursor.service has finished
-- A stop job for unit pdns-recursor.service has finished.
-- Subject: A start job for unit pdns-recursor.service has begun execution
-- A start job for unit pdns-recursor.service has begun execution.
May 14 17:47:28 vs-otr-powerdns01 systemd[1]: pdns-recursor.service: Main process exited, code=exited, status=1/FAILURE
-- An ExecStart= process belonging to unit pdns-recursor.service has exited.
May 14 17:47:28 vs-otr-powerdns01 systemd[1]: pdns-recursor.service: Failed with result 'exit-code'.
-- The unit pdns-recursor.service has entered the 'failed' state with result 'exit-code'.
-- Subject: A start job for unit pdns-recursor.service has failed
-- A start job for unit pdns-recursor.service has finished with a failure.
May 14 17:47:28 vs-otr-powerdns01 systemd[1]: pdns-recursor.service: Service RestartSec=100ms expired, scheduling restart.

/etc/powerdns/recursor.conf

# Autogenerated configuration file template
#################################
# allow-from    If set, only allow these comma separated netmasks to recurse
#
# allow-from=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10

#################################
# allow-from-file       If set, load allowed netmasks from this file
#
# allow-from-file=

#################################
# any-to-tcp    Answer ANY queries with tc=1, shunting to TCP
#
# any-to-tcp=no

#################################
# api-config-dir        Directory where REST API stores config and zones
#
# api-config-dir=

#################################
# api-key       Static pre-shared authentication key for access to the REST API
#
# api-key=

#################################
# api-logfile   Location of the server logfile (used by the REST API)
#
# api-logfile=/var/log/pdns.log

#################################
# api-readonly  Disallow data modification through the REST API when set
#
# api-readonly=no

#################################
# auth-zones    Zones for which we have authoritative data, comma separated domain=file pairs
#
# auth-zones=

#################################
# carbon-interval       Number of seconds between carbon (graphite) updates
#
# carbon-interval=30

#################################
# carbon-ourname        If set, overrides our reported hostname for carbon stats
#
# carbon-ourname=

#################################
# carbon-server If set, send metrics in carbon (graphite) format to this server IP address
#
# carbon-server=

#################################
# chroot        switch to chroot jail
#
# chroot=

#################################
# client-tcp-timeout    Timeout in seconds when talking to TCP clients
#
# client-tcp-timeout=2

#################################
# config-dir    Location of configuration directory (recursor.conf)
#
config-dir=/etc/powerdns

#################################
# config-name   Name of this virtual configuration - will rename the binary image
#
# config-name=

#################################
# cpu-map       Thread to CPU mapping, space separated thread-id=cpu1,cpu2..cpuN pairs
#
# cpu-map=

#################################
# daemon        Operate as a daemon
#
# daemon=no

#################################
# delegation-only       Which domains we only accept delegations from
#
# delegation-only=

#################################
# disable-packetcache   Disable packetcache
#
# disable-packetcache=no

#################################
# disable-syslog        Disable logging to syslog, useful when running inside a supervisor that logs stdout
#
# disable-syslog=no

#################################
# dnssec        DNSSEC mode: off/process-no-validate (default)/process/log-fail/validate
#
# dnssec=process-no-validate

#################################
# dnssec-log-bogus      Log DNSSEC bogus validations
#
# dnssec-log-bogus=no

#################################
# dont-query    If set, do not query these netmasks for DNS data
#
# dont-query=127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, ::ffff:0:0/96,
100::/64, 2001:db8::/32

#################################
# ecs-ipv4-bits Number of bits of IPv4 address to pass for EDNS Client Subnet
#
# ecs-ipv4-bits=24

#################################
# ecs-ipv6-bits Number of bits of IPv6 address to pass for EDNS Client Subnet
#
# ecs-ipv6-bits=56

#################################
# ecs-scope-zero-address        Address to send to whitelisted authoritative servers for incoming queries with ECS prefix-length source of 0
#
# ecs-scope-zero-address=

#################################
# edns-outgoing-bufsize Outgoing EDNS buffer size
#
# edns-outgoing-bufsize=1680

#################################
# edns-subnet-whitelist List of netmasks and domains that we should enable EDNS subnet for
#
# edns-subnet-whitelist=

#################################
# entropy-source        If set, read entropy from this file
#
# entropy-source=/dev/urandom

#################################
# etc-hosts-file        Path to 'hosts' file
#
# etc-hosts-file=/etc/hosts

#################################
# export-etc-hosts      If we should serve up contents from /etc/hosts
#
# export-etc-hosts=off

#################################
# export-etc-hosts-search-suffix        Also serve up the contents of /etc/hosts with this suffix
#
# export-etc-hosts-search-suffix=

#################################
# forward-zones Zones for which we forward queries, comma separated domain=ip pairs
#
# forward-zones=

#################################
# forward-zones-file    File with (+)domain=ip pairs for forwarding
#
# forward-zones-file=

#################################
# forward-zones-recurse Zones for which we forward queries with recursion bit, comma separated domain=ip pairs
#
# forward-zones-recurse=

#################################
# gettag-needs-edns-options     If EDNS Options should be extracted before calling the gettag() hook
#
# gettag-needs-edns-options=no

#################################
# hint-file     If set, load root hints from this file
#
# hint-file=
hint-file=/usr/share/dns/root.hints

#################################
# include-dir   Include *.conf files from this directory
#
# include-dir=
include-dir=/etc/powerdns/recursor.d

#################################
# latency-statistic-size        Number of latency values to calculate the qa-latency average
#
# latency-statistic-size=10000

#################################
# local-address IP addresses to listen on, separated by spaces or commas. Also accepts ports.
#
local-address=127.0.0.1,10.100.20.110

#################################
# local-port    port to listen on
#
# local-port=53

#################################
# log-common-errors     If we should log rather common errors
#
# log-common-errors=no

#################################
# log-rpz-changes       Log additions and removals to RPZ zones at Info level
#
# log-rpz-changes=no

#################################
# log-timestamp Print timestamps in log lines, useful to disable when running with a tool that timestamps stdout already
#
# log-timestamp=yes

#################################
# logging-facility      Facility to log messages as. 0 corresponds to local0
#
# logging-facility=

#################################
# loglevel      Amount of logging. Higher is more. Do not set below 3
#
# loglevel=6

#################################
# lowercase-outgoing    Force outgoing questions to lowercase
#
# lowercase-outgoing=no

#################################
# lua-config-file       More powerful configuration options
#
lua-config-file=/etc/powerdns/recursor.lua

#################################
# lua-dns-script        Filename containing an optional 'lua' script that will be used to modify dns answers
#
# lua-dns-script=

#################################
# max-cache-entries     If set, maximum number of entries in the main cache
#
# max-cache-entries=1000000

#################################
# max-cache-ttl maximum number of seconds to keep a cached entry in memory
#
# max-cache-ttl=86400

#################################
# max-mthreads  Maximum number of simultaneous Mtasker threads
#
# max-mthreads=2048

#################################
# max-negative-ttl      maximum number of seconds to keep a negative cached entry in memory
#
# max-negative-ttl=3600

#################################
# max-ns-address-qperq  Maximum outgoing NS address queries per query
#
# max-ns-address-qperq=10

#################################
# max-packetcache-entries       maximum number of entries to keep in the packetcache
#
# max-packetcache-entries=500000

#################################
# max-qperq     Maximum outgoing queries per query
#
# max-qperq=50

#################################
# max-recursion-depth   Maximum number of internal recursion calls per query, 0 for unlimited
#
# max-recursion-depth=40

#################################
# max-tcp-clients       Maximum number of simultaneous TCP clients
#
# max-tcp-clients=128

#################################
# max-tcp-per-client    If set, maximum number of TCP sessions per client (IP address)
#
# max-tcp-per-client=0

#################################
# max-tcp-queries-per-connection        If set, maximum number of TCP queries in a TCP connection
#
# max-tcp-queries-per-connection=0

#################################
# max-total-msec        Maximum total wall-clock time per query in milliseconds, 0 for unlimited
#
# max-total-msec=7000

#################################
# max-udp-queries-per-round     Maximum number of UDP queries processed per recvmsg() round, before returning back to normal processing
#
# max-udp-queries-per-round=10000

#################################
# minimum-ttl-override  Set under adverse conditions, a minimum TTL
#
# minimum-ttl-override=0

#################################
# network-timeout       Wait this number of milliseconds for network i/o
#
# network-timeout=1500

#################################
# no-shuffle    Don't change
#
# no-shuffle=off

#################################
# non-local-bind        Enable binding to non-local addresses by using FREEBIND / BINDANY socket options
#
# non-local-bind=no

#################################
# nsec3-max-iterations  Maximum number of iterations allowed for an NSEC3 record
#
# nsec3-max-iterations=2500

#################################
# packetcache-servfail-ttl      maximum number of seconds to keep a cached servfail entry in packetcache
#
# packetcache-servfail-ttl=60

#################################
# packetcache-ttl       maximum number of seconds to keep a cached entry in packetcache
#
# packetcache-ttl=3600

#################################
# pdns-distributes-queries      If PowerDNS itself should distribute queries over threads
#
# pdns-distributes-queries=yes

#################################
# processes     Launch this number of processes (EXPERIMENTAL, DO NOT CHANGE)
#
# processes=1

#################################
# query-local-address   Source IP address for sending queries
#
# query-local-address=0.0.0.0

#################################
# query-local-address6  Source IPv6 address for sending queries. IF UNSET, IPv6 WILL NOT BE USED FOR OUTGOING QUERIES
#
# query-local-address6=

#################################
# quiet Suppress logging of questions and answers
#
quiet=yes

#################################
# reuseport     Enable SO_REUSEPORT allowing multiple recursors processes to listen to 1 address
#
# reuseport=no

#################################
# root-nx-trust If set, believe that an NXDOMAIN from the root means the TLD does not exist
#
# root-nx-trust=yes

#################################
# security-poll-suffix  Domain name from which to query security update notifications
#
# security-poll-suffix=secpoll.powerdns.com.
security-poll-suffix=

#################################
# serve-rfc1918 If we should be authoritative for RFC 1918 private IP space
#
# serve-rfc1918=yes

#################################
# server-down-max-fails Maximum number of consecutive timeouts (and unreachables) to mark a server as down ( 0 => disabled )
#
# server-down-max-fails=64

#################################
# server-down-throttle-time     Number of seconds to throttle all queries to a server after being marked as down
#
# server-down-throttle-time=60

#################################
# server-id     Returned when queried for 'id.server' TXT or NSID, defaults to hostname
#
# server-id=

#################################
# setgid        If set, change group id to this gid for more security
#
setgid=pdns

#################################
# setuid        If set, change user id to this uid for more security
#
setuid=pdns

#################################
# signature-inception-skew      Allow the signture inception to be off by this number of seconds
#
# signature-inception-skew=0

#################################
# single-socket If set, only use a single socket for outgoing queries
#
# single-socket=off

#################################
# snmp-agent    If set, register as an SNMP agent
#
# snmp-agent=no

#################################
# snmp-master-socket    If set and snmp-agent is set, the socket to use to register to the SNMP master
#
# snmp-master-socket=

#################################
# soa-minimum-ttl       Don't change
#
# soa-minimum-ttl=0

#################################
# socket-dir    Where the controlsocket will live, /var/run when unset and not chrooted
#
# socket-dir=

#################################
# socket-group  Group of socket
#
# socket-group=

#################################
# socket-mode   Permissions for socket
#
# socket-mode=

#################################
# socket-owner  Owner of socket
#
# socket-owner=

#################################
# spoof-nearmiss-max    If non-zero, assume spoofing after this many near misses
#
# spoof-nearmiss-max=20

#################################
# stack-size    stack size per mthread
#
# stack-size=200000

#################################
# statistics-interval   Number of seconds between printing of recursor statistics, 0 to disable
#
# statistics-interval=1800

#################################
# stats-ringbuffer-entries      maximum number of packets to store statistics for
#
# stats-ringbuffer-entries=10000

#################################
# tcp-fast-open Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size
#
# tcp-fast-open=0

#################################
# threads       Launch this number of threads
#
# threads=2

#################################
# trace if we should output heaps of logging. set to 'fail' to only log failing domains
#
# trace=off

#################################
# udp-truncation-threshold      Maximum UDP response size before we truncate
#
# udp-truncation-threshold=1680

#################################
# use-incoming-edns-subnet      Pass along received EDNS Client Subnet information
#
# use-incoming-edns-subnet=no

#################################
# version-string        string reported on version.pdns or version.bind
#
# version-string=PowerDNS Recursor 4.1.11

#################################
# webserver     Start a webserver (for REST API)
#
# webserver=no

#################################
# webserver-address     IP Address of webserver to listen on
#
# webserver-address=127.0.0.1

#################################
# webserver-allow-from  Webserver access is only allowed from these subnets
#
# webserver-allow-from=127.0.0.1,::1

#################################
# webserver-password    Password required for accessing the webserver
#
# webserver-password=

#################################
# webserver-port        Port of webserver to listen on
#
# webserver-port=8082

#################################
# write-pid     Write a PID file
#
# write-pid=yes

forward-zones=.=77.88.8.8;77.88.8.1;2a02:6b8::feed:0ff;2a02:6b8:0:1::feed:0ff
forward-zones-recurse=.=77.88.8.8;77.88.8.1;2a02:6b8::feed:0ff;2a02:6b8:0:1::feed:0ff

/etc/powerdns/pdns.conf

allow-axfr-ips=10.100.20.111
also-notify=10.100.20.111
api=yes
api-key=<KEY>
api-logfile=/var/log/pdns.log
disable-axfr=no
include-dir=/etc/powerdns/pdns.d
launch=
master=yes
security-poll-suffix=
setgid=pdns
setuid=pdns
webserver-address=127.0.0.1
slave=no

/etc/powerdns/pdns.d/bind.conf

bind-config=/etc/powerdns/named.conf

/etc/powerdns/pdns.d/pdns.local.gmysql.conf

launch+=gmysql
gmysql-host=localhost
gmysql-port=3306
gmysql-dbname=powerdns
gmysql-user=powerdns
gmysql-password=powerdnspwd
gmysql-dnssec=yes
Ruslan
  • 1
  • 1
  • 5
  • Please post your configuration. The journal just says that there has been a failure to start, but not why. – M. Schmidt May 14 '21 at 20:25
  • @M.Schmidt Added to topic. – Ruslan May 14 '21 at 20:46
  • Using both "forward-zones" and "forward-zones-recurse" could cause unwanted problems. You should decide on one of the two - recursion bit set or not. But I am not sure if this is the only problem. If the problem persists, please include the PowerDNS-version, OS-version and any other config files that are included in the one you showed. – M. Schmidt May 15 '21 at 05:50
  • @M.Schmidt The same problem after removing "forward-zones". Added versions of OS and PowerDNS. What kind of configurations files would you like to see? If post another configs such as /etc/powerdns/pdns.conf, /etc/powerdns/pdns.d/bind.conf and /etc/powerdns/pdns.d/pdns.local.gmysql.conf, I exceeding the text limit. – Ruslan May 15 '21 at 08:15
  • @M.Schmidt I have removed commented strings in this files and added files to topic. – Ruslan May 15 '21 at 08:27
  • If there's nothing in the logs that makes things a little unclear, however my first thought, and the config snippets seem to agree, is that you have a address:port bind conflict between the two pieces of powerdns software that you are running side by side. They both want port 53, and it seems you have set `local-address` for one but not the other (and not `local-port` for either). – Håkan Lindqvist May 15 '21 at 08:46
  • @HåkanLindqvist It started! Thank you so much! – Ruslan May 15 '21 at 09:07

0 Answers0