Hi there,

I've been directed here by Linode support because they don't have experience with PowerDNS. I have a linode with PowerDNS server and no recursor package installed on Ubuntu Lucid. The config has:

allow-recursion=127.0.0.1

PowerDNS is still resolving anonymous requests on the extra IP address

$ dig google.com @<my extra IP>

; <<>> DiG 9.8.5-P1 <<>> google.com @<my extra IP>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29999
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 262 IN A 74.125.235.131
google.com. 262 IN A 74.125.235.132
google.com. 262 IN A 74.125.235.135
google.com. 262 IN A 74.125.235.130
google.com. 262 IN A 74.125.235.136
google.com. 262 IN A 74.125.235.134
google.com. 262 IN A 74.125.235.128
google.com. 262 IN A 74.125.235.133
google.com. 262 IN A 74.125.235.129
google.com. 262 IN A 74.125.235.137
google.com. 262 IN A 74.125.235.142

;; Query time: 397 msec
;; SERVER: <my extra IP>#53(<my extra IP>)
;; WHEN: Thu Sep 26 21:52:40 ICT 2013
;; MSG SIZE rcvd: 204

ifconfig reports this for the interface in question:

eth0:1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:<my extra IP> Bcast:xxx.xxx.xxx.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:68

Do any of you have a workaround or any suggestions of what to look for to debug this problem? I'm kinda stuck with PowerDNS.

Are you sure allow-recursion is a valid option in the config file?

According to the PDNS recursor documentation [0]:

allow-from

Comma separated netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses, like 10.0.0.0/8. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer.

[0] - http://doc.powerdns.com/html/built-in-r ... r-settings

Thanks for the fast reply. The configuration directive you suggested is for the separate recursor, which is not installed on the server. I found one directive setting the extra IP address as a local address. I removed that and it still didn't work.

After a little more digging (pun intended) I found a dnsmasq daemon running and it was responsible for the recursion. Disabling that and it's all good. We can consider this case closed. Thanks for your input.