PowerDNS Auth 和 Recursor - 一個網域存在錯誤?

tag-icon tag-icon domain-name-system internal-dns powerdns
PowerDNS Auth 和 Recursor - 一個網域存在錯誤?

我的私有 DNS 上的某個網域出現問題。我有兩台伺服器。

伺服器 1 帶有 dnsdist。它定向到伺服器 2 的連接埠 54

具有 powerdns(連接埠 53)和 powerdns-recursor(連接埠 54)的伺服器 2

我的配置工作正常。

pdns.conf

allow-axfr-ips=X.X.X.X

also-notify=X.X.X.X

only-notify=X.X.X.X

daemon=yes

default-soa-content=ns1.example.eu1. admin.example.eu. 0 10800 3600 604800 3600

default-ttl=3600

disable-axfr=no

guardian=yes

include-dir=/etc/powerdns/pdns.d

launch=

local-address=X.X.X.X

local-port=53

log-dns-details=on

loglevel=4

master=yes

receiver-threads=2

setgid=pdns

setuid=pdns

slave=no


query-cache-ttl=60

遞歸器設定檔

dont-query=127.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, ::ffff:0:0/96, 100::/64, 2001:db8::/32
allow-from=10.0.0.0/8, 127.0.0.0/8, 10.12.0.0/16, 10.13.0.0/16, 195.88.50.0/26, 10.66.0.0/16, 10.64.0.0/16
local-address=X.X.X.X
local-port=54
forward-zones=admin=X.X.X.X:53
max-negative-ttl=300

我從網路上正確取得記錄。例如:

dig gmail.com TXT @X.X.X.X

; <<>> DiG 9.10.6 <<>> gmail.com TXT @X.X.X.X
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21866
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gmail.com.         IN  TXT

;; ANSWER SECTION:
gmail.com.      103 IN  TXT "globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
gmail.com.      103 IN  TXT "v=spf1 redirect=_spf.google.com"

但我遇到了一個域問題。更具體地說,使用一條 TXT 記錄。它正確地返回我 A、NS 記錄。但不是TXT。

dig domain.pl TXT @X.X.X.X

(此網域是範例;))

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47032
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain.pl.         IN  TXT

當我添加8.8.8時

dig domain.pl TXT @8.8.8.8

它得到正確的

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10134
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;domain.pl.         IN  TXT

;; ANSWER SECTION:
domain.pl.      3600    IN  TXT "FHEdYvpM4TH6rmkf5U/YZ9I7VY6j3YftBJ1W7TVNh+ymbXU++rhkb1sXGnleSybC8NnUtP2ALk7/mAHE9LVgGg=="

而且它不是快取。它被清理乾淨了。只是不是每次都能看到TXT紀錄。

有人有主意嗎?

在日誌中,我看到:

Failed to resolve via any of the 2 offered NS at level
failed (res=-1)

答案1

好的,我發現了問題。現在效果很好。在遞歸conf中我添加了dnssec=off

相關內容