29 Dub
2022
29 Dub
'22
8:48
Hi,
i installed knot-resolver on my mail server and i see a issue with a specific domain,
dovecot.org.
Everything is working as expected but this single domain doesn't always resolve.
After some time postfix cannot check the domain where mails coming from and doesn't
accept them.
If i do dig dovecot.org, i get this (SERVFAIL):
dig dovecot.org
; <<>> DiG 9.11.26-RedHat-9.11.26-6.el8 <<>> dovecot.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27594
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;dovecot.org. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fr Apr 29 08:34:55 CEST 2022
;; MSG SIZE rcvd: 40
it starts working again if do dig +cd, like this:
dig +cd dovecot.org
; <<>> DiG 9.11.26-RedHat-9.11.26-6.el8 <<>> +cd dovecot.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56130
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;dovecot.org. IN A
;; ANSWER SECTION:
dovecot.org. 300 IN A 94.237.12.234
;; Query time: 245 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fr Apr 29 08:34:59 CEST 2022
;; MSG SIZE rcvd: 56
i didn't have this kind of issue using unbound before i switched, so i think here
would be the right place to ask.
i'm using the knot-resolver 5.5.0 package from epel on rockylinux 8.5 and my kresd
config is very simple:
net.listen('127.0.0.1', 53, { kind = 'dns' })
net.listen('127.0.0.1', 853, { kind = 'tls' })
--net.listen('127.0.0.1', 443, { kind = 'doh2' })
net.listen('::1', 53, { kind = 'dns', freebind = true })
net.listen('::1', 853, { kind = 'tls', freebind = true })
--net.listen('::1', 443, { kind = 'doh2' })
-- Load useful modules
modules = {
'hints > iterate', -- Allow loading /etc/hosts or custom root hints
'stats', -- Track internal statistics
'predict', -- Prefetch expiring/frequent records
}
-- Cache size
cache.size = 100 * MB
-- use /etc/hosts entries
-- hints.add_hosts()
net.ipv6 = false
Anything i can do to track this down?
Thanks in advance for your help.
Juergen