0

I have scoured the internet, and am not finding the same issue any place.

Issue Definition: Centos 7. Powerdns 3.4.10 with gmysql backend, Powerdns recursor 3.7.3. SELINUX is DISABLED. firewalld is DISABLED. pdns configured to recurse to recursor. pdns is listening on port 53. pdns-recursor is listening on port 5353.

pdns resolves items it has in it's local database. e.g.
nslookup spyware.com localhost
pdns-recursor resolves items e.g.
nslookup google.com localhost:5353

What doesn't work. Resolving non-local domains through pdns. the response I get is:

Default server: localhost
Address: ::1#53
Default server: localhost
Address: 127.0.0.1#53

google.com
Server: localhost
Address: 127.0.0.1#53

** server can't find google.com: NXDOMAIN

Error Log is:
Dec 7 16:42:17 fdnsdevbox pdns[2908]: Distributor misses a thread (4<5), spawning new one
Dec 7 16:42:17 fdnsdevbox pdns[2908]: gmysql Connection successful. Connected to database 'powerdns' on 'localhost'.
Dec 7 16:42:20 fdnsdevbox pdns[2908]: Remote 127.0.0.1 wants 'google.com|A', do = 0, bufsize = 512: packetcache MISS
Dec 7 16:42:22 fdnsdevbox pdns[2908]: Remote 127.0.0.1 wants 'google.com|A', do = 0, bufsize = 512: packetcache HIT
Dec 7 16:48:24 fdnsdevbox pdns[2908]: Remote 127.0.0.1 wants 'google.com|A', do = 0, bufsize = 512: packetcache MISS
Dec 7 16:48:25 fdnsdevbox pdns[2908]: Remote 127.0.0.1 wants 'google.com|A', do = 0, bufsize = 512: packetcache HIT

pdns.conf:
launch=gmysql
gmysql-host=localhost
gmysql-user=powerdns
gmysql-password=mypassword
gmysql-dbname=powerdns
gmysql-dnssec=yes
loglevel=10
log-dns-queries=1
logging-facility=0
recursor=127.0.0.1:5353
#recursor=8.8.8.8
allow-recursion=0.0.0.0/0

recursor.conf is:
setuid=pdns-recursor
setgid=pdns-recursor
forward-zones=.=8.8.8.8;8.8.4.4
forward-zones-recurse=.=8.8.8.8;8.8.4.4
local-port=5353
local-address=0.0.0.0,[::1]
allow-from=0.0.0.0/0

This same setup works on ubuntu, debian, and other flavors. However, centos on PDNS refuses to attempt to recurse. Setting the recursor=8.8.8.8 produces the same results.

I have also attempted the newer versions of PDNS and PDNS recursor from the PDNS repos, with the same result. My company wants me to move my ubuntu based servers to centos based because of higher security and kernel patching abilities of CENTOS. 

I have gone through the docs at powerdns.com, 
https://www.powerdns.com/recursor.html, 
https://doc.powerdns.com/md/recursor/, 
https://joekuan.wordpress.com/2015/06/19/powerdns-configuring-authoritative-server-and-forwarding-queries-to-multiple-authoritative-servers/,
https://obviate.io/2010/09/10/setting-up-powerdns-server-with-powerdns-recursor/, 
http://www.debiantutorials.com/installing-powerdns-recursor/, 
http://www.thatfleminggent.com/2009/08/09/getting-a-powerdns-recursor-up-and-going-fast, and many others.

Either I'm missing something or PDNS is just borked on CENTOS, especially since the logfile seems to indicate that pdns is not even attempting the recursion. I'm told I need to provide other proof before I can "give up" on the project.

Harmony Wright
  • 1
  • 2
  • sorry I don't know much about powerdns over bind, but do you have a .hints db file? https://doc.powerdns.com/md/recursor/settings/#hint-file – Jacob Evans Dec 07 '16 at 23:06
  • Can't speak to the issue but you basically have the set up backward. The recursor should listen on 53 with a `forward-zones` of spyware.com=127.0.0.1:5353 and the authoritative listens on 5353. See https://doc.powerdns.com/md/authoritative/recursion/ – Mark Wagner Dec 08 '16 at 00:11
  • No. Not how it works. Might be how it's done on bind, but that's why I'm not using bind. The DB is too large to do what you're talking about, and changes frequently. Works fine on other platforms this way, and technically, all dns servers with forwarding enabled should forward requests they cannot answer. However, this one is refusing to do that, (forwarding). – Harmony Wright Dec 08 '16 at 19:08
  • If the following statement is true (found elsewhere on this board), then PowerDNS is truly a useless product now: PowerDNS 3+ - Recursive queries for subdomains The recursor forwarding behaviour in PowerDNS 3 has indeed changed, compared to 2.9.22. The behaviour you are looking for is not currently available. We recommend pointing your clients directly to a recursor. Sorry. shareedit answered Dec 26 '12 at 14:14 Habbie – Harmony Wright Dec 08 '16 at 20:10

0 Answers0