I have scoured the internet, and am not finding the same issue any place.
Issue Definition: Centos 7. Powerdns 3.4.10 with gmysql backend, Powerdns recursor 3.7.3. SELINUX is DISABLED. firewalld is DISABLED. pdns configured to recurse to recursor. pdns is listening on port 53. pdns-recursor is listening on port 5353.
pdns resolves items it has in it's local database. e.g.
nslookup spyware.com localhost
pdns-recursor resolves items e.g.
nslookup google.com localhost:5353
What doesn't work. Resolving non-local domains through pdns. the response I get is:
Default server: localhost
Address: ::1#53
Default server: localhost
Address: 127.0.0.1#53
google.com
Server: localhost
Address: 127.0.0.1#53
** server can't find google.com: NXDOMAIN
Error Log is:
Dec 7 16:42:17 fdnsdevbox pdns[2908]: Distributor misses a thread (4<5), spawning new one
Dec 7 16:42:17 fdnsdevbox pdns[2908]: gmysql Connection successful. Connected to database 'powerdns' on 'localhost'.
Dec 7 16:42:20 fdnsdevbox pdns[2908]: Remote 127.0.0.1 wants 'google.com|A', do = 0, bufsize = 512: packetcache MISS
Dec 7 16:42:22 fdnsdevbox pdns[2908]: Remote 127.0.0.1 wants 'google.com|A', do = 0, bufsize = 512: packetcache HIT
Dec 7 16:48:24 fdnsdevbox pdns[2908]: Remote 127.0.0.1 wants 'google.com|A', do = 0, bufsize = 512: packetcache MISS
Dec 7 16:48:25 fdnsdevbox pdns[2908]: Remote 127.0.0.1 wants 'google.com|A', do = 0, bufsize = 512: packetcache HIT
pdns.conf:
launch=gmysql
gmysql-host=localhost
gmysql-user=powerdns
gmysql-password=mypassword
gmysql-dbname=powerdns
gmysql-dnssec=yes
loglevel=10
log-dns-queries=1
logging-facility=0
recursor=127.0.0.1:5353
#recursor=8.8.8.8
allow-recursion=0.0.0.0/0
recursor.conf is:
setuid=pdns-recursor
setgid=pdns-recursor
forward-zones=.=8.8.8.8;8.8.4.4
forward-zones-recurse=.=8.8.8.8;8.8.4.4
local-port=5353
local-address=0.0.0.0,[::1]
allow-from=0.0.0.0/0
This same setup works on ubuntu, debian, and other flavors. However, centos on PDNS refuses to attempt to recurse. Setting the recursor=8.8.8.8 produces the same results.
I have also attempted the newer versions of PDNS and PDNS recursor from the PDNS repos, with the same result. My company wants me to move my ubuntu based servers to centos based because of higher security and kernel patching abilities of CENTOS.
I have gone through the docs at powerdns.com, https://www.powerdns.com/recursor.html, https://doc.powerdns.com/md/recursor/, https://joekuan.wordpress.com/2015/06/19/powerdns-configuring-authoritative-server-and-forwarding-queries-to-multiple-authoritative-servers/, https://obviate.io/2010/09/10/setting-up-powerdns-server-with-powerdns-recursor/, http://www.debiantutorials.com/installing-powerdns-recursor/, http://www.thatfleminggent.com/2009/08/09/getting-a-powerdns-recursor-up-and-going-fast, and many others.
Either I'm missing something or PDNS is just borked on CENTOS, especially since the logfile seems to indicate that pdns is not even attempting the recursion. I'm told I need to provide other proof before I can "give up" on the project.