Page MenuHomeVyOS Platform
Create Task
Maniphest T1041

DNS forwarding always requires an upstream recursor - but not needed with PowerDNS Recursor
Closed, ResolvedPublicBUG
Actions

Description

The current DNS forwarding implementation using PowerDNS always requires specifying an upstream recorsor server by

  • set service dns forwarding name-server x.x.x.x

Without this setting /etc/powerdns/recursor.conf will contain

# name-server
forward-zones-recurse=.=

which leads to not resolving any queries. We can make the name-server node optional and by this PowerDNS recursor will directly contact the root-zone. This can be done by removing forward-zones-recurse=.= from the generated /etc/powerdns/recursor.conf file.

@syncer @dmbaturin @UnicronNL please comment.

Details

Difficulty level
Easy (less than an hour)
Version
1.2.0-rc8
Why the issue appeared?
Design mistake

Event Timeline

c-po created this task.Nov 25 2018, 3:10 AM
syncer triaged this task as Normal priority.Nov 25 2018, 3:14 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc9); removed VyOS 1.2 Crux.

yes, make sense,
maybe we can do
set service dns forwarding name-server use-root-servers
or something similar

c-po added a comment.EditedNov 25 2018, 3:39 AM

Or, if no name-server is set, use the root servers, this is the most easy implementation.

syncer added a comment.Nov 25 2018, 3:59 AM

right, but not that obvious

c-po added a comment.Nov 25 2018, 10:05 AM

Could be done by Help text and documentation

dmbaturin edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc10); removed VyOS 1.2 Crux (VyOS 1.2.0-rc9).Nov 25 2018, 8:20 PM

Is the root hints file included in the package? I can't find it. Or it has a built-in list of root servers?

c-po added a comment.Nov 25 2018, 10:30 PM

Eoot hints could be speciefied, if none is specified, buildin one is used.

https://doc.powerdns.com/md/recursor/settings/#hint-file

c-po added a comment.EditedNov 26 2018, 12:14 AM

Another idea (if having no name-server entries is disliked) would be

set service dns forwarding enable-recursor

syncer edited projects, added VyOS 1.2 Crux ( VyOS 1.2.0-rc11); removed VyOS 1.2 Crux (VyOS 1.2.0-rc10).Dec 5 2018, 11:58 PM
pasik added a subscriber: pasik.Dec 16 2018, 11:22 AM
syncer edited projects, added VyOS 1.2 Crux ( VyOS 1.2.0-EPA); removed VyOS 1.2 Crux ( VyOS 1.2.0-rc11).Dec 21 2018, 10:07 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-EPA2); removed VyOS 1.2 Crux ( VyOS 1.2.0-EPA).Jan 1 2019, 6:10 PM
c-po added a comment.Jan 1 2019, 7:16 PM

Just hit this at my site, too.

Any additional thoughts?

I still think providing no name-server should fallback to full recurse

c-po claimed this task.Jan 1 2019, 7:16 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-EPA3); removed VyOS 1.2 Crux (VyOS 1.2.0-EPA2).Jan 3 2019, 1:54 PM
c-po closed this task as Resolved.Jan 12 2019, 9:57 AM
c-po changed Why the issue appeared? from Will be filled on close to Design mistake.
syncer added a project: VyOS-1.2.0-GA.Jan 25 2019, 2:38 PM