Linode Forum :: PowerDNS on Linode is open recursor on the extra IP

Hi there,

I've been directed here by Linode support because they don't have experience with PowerDNS. I have a linode with PowerDNS server and no recursor package installed on Ubuntu Lucid. The config has:

allow-recursion=127.0.0.1

PowerDNS is still resolving anonymous requests on the extra IP address

$ dig google.com @<my extra IP>

; <<>> DiG 9.8.5-P1 <<>> google.com @<my extra IP>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29999
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 262 IN A 74.125.235.131
google.com. 262 IN A 74.125.235.132
google.com. 262 IN A 74.125.235.135
google.com. 262 IN A 74.125.235.130
google.com. 262 IN A 74.125.235.136
google.com. 262 IN A 74.125.235.134
google.com. 262 IN A 74.125.235.128
google.com. 262 IN A 74.125.235.133
google.com. 262 IN A 74.125.235.129
google.com. 262 IN A 74.125.235.137
google.com. 262 IN A 74.125.235.142

;; Query time: 397 msec
;; SERVER: <my extra IP>#53(<my extra IP>)
;; WHEN: Thu Sep 26 21:52:40 ICT 2013
;; MSG SIZE rcvd: 204

ifconfig reports this for the interface in question:

eth0:1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:<my extra IP> Bcast:xxx.xxx.xxx.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:68

Do any of you have a workaround or any suggestions of what to look for to debug this problem? I'm kinda stuck with PowerDNS.

Author:	sammys [ Thu Sep 26, 2013 1:22 pm ]
Post subject:	PowerDNS on Linode is open recursor on the extra IP
Hi there, I've been directed here by Linode support because they don't have experience with PowerDNS. I have a linode with PowerDNS server and no recursor package installed on Ubuntu Lucid. The config has: allow-recursion=127.0.0.1 PowerDNS is still resolving anonymous requests on the extra IP address $ dig google.com @<my extra IP> ; <<>> DiG 9.8.5-P1 <<>> google.com @<my extra IP> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29999 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 262 IN A 74.125.235.131 google.com. 262 IN A 74.125.235.132 google.com. 262 IN A 74.125.235.135 google.com. 262 IN A 74.125.235.130 google.com. 262 IN A 74.125.235.136 google.com. 262 IN A 74.125.235.134 google.com. 262 IN A 74.125.235.128 google.com. 262 IN A 74.125.235.133 google.com. 262 IN A 74.125.235.129 google.com. 262 IN A 74.125.235.137 google.com. 262 IN A 74.125.235.142 ;; Query time: 397 msec ;; SERVER: <my extra IP>#53(<my extra IP>) ;; WHEN: Thu Sep 26 21:52:40 ICT 2013 ;; MSG SIZE rcvd: 204 ifconfig reports this for the interface in question: eth0:1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx inet addr:<my extra IP> Bcast:xxx.xxx.xxx.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:68 Do any of you have a workaround or any suggestions of what to look for to debug this problem? I'm kinda stuck with PowerDNS.

Author:	staticsafe [ Thu Sep 26, 2013 1:30 pm ]
Post subject:	Re: PowerDNS on Linode is open recursor on the extra IP
sammys wrote: Hi there, I've been directed here by Linode support because they don't have experience with PowerDNS. I have a linode with PowerDNS server and no recursor package installed on Ubuntu Lucid. The config has: allow-recursion=127.0.0.1 PowerDNS is still resolving anonymous requests on the extra IP address $ dig google.com @<my extra IP> ; <<>> DiG 9.8.5-P1 <<>> google.com @<my extra IP> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29999 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 262 IN A 74.125.235.131 google.com. 262 IN A 74.125.235.132 google.com. 262 IN A 74.125.235.135 google.com. 262 IN A 74.125.235.130 google.com. 262 IN A 74.125.235.136 google.com. 262 IN A 74.125.235.134 google.com. 262 IN A 74.125.235.128 google.com. 262 IN A 74.125.235.133 google.com. 262 IN A 74.125.235.129 google.com. 262 IN A 74.125.235.137 google.com. 262 IN A 74.125.235.142 ;; Query time: 397 msec ;; SERVER: <my extra IP>#53(<my extra IP>) ;; WHEN: Thu Sep 26 21:52:40 ICT 2013 ;; MSG SIZE rcvd: 204 ifconfig reports this for the interface in question: eth0:1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx inet addr:<my extra IP> Bcast:xxx.xxx.xxx.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:68 Do any of you have a workaround or any suggestions of what to look for to debug this problem? I'm kinda stuck with PowerDNS. Are you sure allow-recursion is a valid option in the config file? According to the PDNS recursor documentation [0]: allow-from Comma separated netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses, like 10.0.0.0/8. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. [0] - http://doc.powerdns.com/html/built-in-r ... r-settings

Author:	sammys [ Thu Sep 26, 2013 2:04 pm ]
Post subject:	Re: PowerDNS on Linode is open recursor on the extra IP
Thanks for the fast reply. The configuration directive you suggested is for the separate recursor, which is not installed on the server. I found one directive setting the extra IP address as a local address. I removed that and it still didn't work. After a little more digging (pun intended) I found a dnsmasq daemon running and it was responsible for the recursion. Disabling that and it's all good. We can consider this case closed. Thanks for your input.

Linode Forum https://forum.linode.com/

PowerDNS on Linode is open recursor on the extra IP https://forum.linode.com/viewtopic.php?f=19&t=10459	Page 1 of 1

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/