pdsnd wont see servers without being rebooted

Tortanick · 07-17-2008, 12:20 AM

I'm using pdnsd as a caching server, and to counter openDNS's non-standard behaviour (returning its own IP for failed lookups and the 3 major search engines) and it works almost perfectly. The only problem is that for some reason when I boot my machine up it thinks all the DNS servers are down and I can't access the internet. Its easy to fix, sudo /etc/init.d/pdnsd restart, and I could probably fix it by throwing that into rc.local but I'd like to fix the issue properly rather that with a workaround.

My Distro is Debian Testing and my pdnsd.conf

Code:

// Read the pdnsd.conf(5) manpage for an explanation of the options.

/* Note: this file is overriden by automatic config files when
   /etc/default/pdnsd AUTO_MODE is set and that
   /usr/share/pdnsd/pdnsd-$AUTO_MODE.conf exists
 */

global {
        perm_cache=2048;
        cache_dir="/var/cache/pdnsd";
        run_as="pdnsd";
        server_ip = 127.0.0.1;  // Use eth0 here if you want to allow other
                                // machines on your network to query pdnsd.
        status_ctl = on;
        paranoid=on;
//      query_method=tcp_udp;   // pdnsd must be compiled with tcp
                                // query support for this to work.
        min_ttl=15m;       // Retain cached entries at least 15 minutes.
        max_ttl=1w;        // One week.
        timeout=10;        // Global timeout option (10 seconds).

        // Don't enable if you don't recurse yourself, can lead to problems
        // delegation_only="com","net";
}

/* with status_ctl=on and resolvconf installed, this will work out from the box
   this is the recommended setup for mobile machines */
//server {
//    label="resolvconf";
//}

// The servers provided by OpenDNS are fast, but they do not reply with
// NXDOMAIN for non-existant domains, instead they supply you with an
// address of one of their search engines. They also lie about the addresses of
// of the search engines of google, microsoft and yahoo.
// If you do not like this behaviour the "reject" option may be useful.
server {
        label = "opendns";
        ip = 208.67.222.222, 208.67.220.220;
        reject = 208.69.32.0/24,  // You may need to add additional address ranges
                 208.69.34.0/24,  // here if the addresses of their search engines
                 208.67.219.0/24; // change.
        reject_policy = fail;     // If you do not provide any alternative server
                                  // sections, like the following root-server
                                  // example, "negate" may be more appropriate here.
        timeout = 4;
        uptest = ping;            // Test availability using ICMP echo requests.
        ping_timeout = 100;       // ping test will time out after 10 seconds.
        interval = 15m;           // Test every 15 minutes.
        preset = off;
        caching=on;
}

// the openNIC DNS servers
server {
        label = "opennic";
        ip = 82.229.244.191
        , 88.191.51.140
        , 58.6.115.42
        , 58.6.115.43;

        uptest = query;
        interval = 1d;
        purge_cache = off;
        timeout = 20;
        caching=on;
}

/*
// This section is meant for resolving from root servers.
server {
        label = "root-servers";
        root_server=on;
        ip =    198.41.0.4
        ,       192.228.79.201
        ,       192.33.4.12
        ,       128.8.10.90
        ,       192.203.230.10
        ,       192.5.5.241
        ,       192.112.36.4
        ,       128.63.2.53
//      ,       192.36.148.17
//      ,       192.58.128.30
//      ,       193.0.14.129
//      ,       198.32.64.12
//      ,       202.12.27.33
        ;
        timeout = 5;
        uptest = query;
        interval = 30m;      // Test every half hour.
        ping_timeout = 300;  // 30 seconds.
        purge_cache = off;
        exclude = .localdomain;
        policy = included;
        preset = off;
}
*/

source {
        owner=localhost;
//      serve_aliases=on;
        file="/etc/hosts";
}

rr {
        name=localhost;
        reverse=on;
        a=127.0.0.1;
        owner=localhost;
        soa=localhost,root.localhost,42,86400,900,86400,86400;
}

/*
neg {
        name=doubleclick.net;
        types=domain;   // This will also block xxx.doubleclick.net, etc.
}
*/

/*
neg {
        name=bad.server.com;   // Badly behaved server you don't want to connect to.
        types=A,AAAA;
}
*/

unSpawn · 07-17-2008, 09:13 AM

For such issues it would be good to have (debug) log output, know if pdnsd is brought up before the interface is up and what type of networking you use. This because in some uptest= you use "ping" which, as the manual says, "If it doesn’t respond within the timeout, it is regarded to be unavailable until the next probe" which in your case (interval=) varies between fifteen minutes and one day. Not that it applies here since you're not looking for workarounds but restarting as a workaround should not be necessary with pdnsd: using "pdnsd-ctl server all retest" will make it poll all DNS servers.

Tortanick · 07-18-2008, 01:32 AM

I think your right about the network not being up, the first few lines of the debug log seem to imply it.

I removed a large chunk of the log, but it was basically more of the same, failing to get the address of the debian repositories (I do an automatic apt-get update at bootup)

Code:

* 07/18 09:05:51| pdnsd: info: pdnsd-1.2.6-par starting.
- 07/18 09:05:51| Debug messages activated
- 07/18 09:05:51| Using IPv4.
- 07/18 09:05:51| performing uptest (type=ping) for 208.67.222.222
* 07/18 09:05:51| pdnsd: warning: icmp ping: sendto() failed: Network is unreachable.
- 07/18 09:05:51| result of uptest for 208.67.222.222: failed
- 07/18 09:05:51| performing uptest (type=ping) for 208.67.220.220
* 07/18 09:05:51| pdnsd: warning: icmp ping: sendto() failed: Network is unreachable.
- 07/18 09:05:51| result of uptest for 208.67.220.220: failed
- 07/18 09:05:51| performing uptest (type=query) for 82.229.244.191
- 07/18 09:05:51| Error while connecting to 82.229.244.191: Network is unreachable
- 07/18 09:05:51| result of uptest for 82.229.244.191: failed
- 07/18 09:05:51| performing uptest (type=query) for 88.191.51.140
- 07/18 09:05:51| Error while connecting to 88.191.51.140: Network is unreachable
- 07/18 09:05:51| result of uptest for 88.191.51.140: failed
- 07/18 09:05:51| performing uptest (type=query) for 58.6.115.42
- 07/18 09:05:51| Error while connecting to 58.6.115.42: Network is unreachable
- 07/18 09:05:51| result of uptest for 58.6.115.42: failed
- 07/18 09:05:51| performing uptest (type=query) for 58.6.115.43
- 07/18 09:05:51| Error while connecting to 58.6.115.43: Network is unreachable
- 07/18 09:05:51| result of uptest for 58.6.115.43: failed
- 07/18 09:05:51| All threads started successfully.
1 07/18 09:06:03| Received query.
1 07/18 09:06:03| Questions are:
1 07/18 09:06:03| 	qc=IN (1), qt=AAAA (28), query="www.debian-multimedia.org."
1 07/18 09:06:03| Starting cached resolve for: www.debian-multimedia.org., query AAAA
1 07/18 09:06:03| Trying name servers.
1 07/18 09:06:03| No server is marked up and allowed for this domain.
1 07/18 09:06:03| Outbound msg len 43, tc=0, rc="server failed"
1 07/18 09:06:03| Answering to: 127.0.0.1, source address: 127.0.0.1
2 07/18 09:06:03| Received query.
2 07/18 09:06:03| Questions are:
2 07/18 09:06:03| 	qc=IN (1), qt=AAAA (28), query="security.debian.org."
2 07/18 09:06:03| Starting cached resolve for: security.debian.org., query AAAA
2 07/18 09:06:03| Trying name servers.
2 07/18 09:06:03| No server is marked up and allowed for this domain.
2 07/18 09:06:03| Outbound msg len 37, tc=0, rc="server failed"
2 07/18 09:06:03| Answering to: 127.0.0.1, source address: 127.0.0.1
3 07/18 09:06:03| Received query.
3 07/18 09:06:03| Questions are:
3 07/18 09:06:03| 	qc=IN (1), qt=AAAA (28), query="deb.opera.com."
3 07/18 09:06:03| Starting cached resolve for: deb.opera.com., query AAAA
3 07/18 09:06:03| Trying name servers.
3 07/18 09:06:03| No server is marked up and allowed for this domain.
3 07/18 09:06:03| Outbound msg len 31, tc=0, rc="server failed"
3 07/18 09:06:03| Answering to: 127.0.0.1, source address: 127.0.0.1
4 07/18 09:06:03| Received query.
4 07/18 09:06:03| Questions are:
4 07/18 09:06:03| 	qc=IN (1), qt=AAAA (28), query="deb.opera.com."
4 07/18 09:06:03| Starting cached resolve for: deb.opera.com., query AAAA
4 07/18 09:06:03| Trying name servers.
4 07/18 09:06:03| No server is marked up and allowed for this domain.
4 07/18 09:06:03| Outbound msg len 31, tc=0, rc="server failed"
4 07/18 09:06:03| Answering to: 127.0.0.1, source address: 127.0.0.1
5 07/18 09:06:03| Received query.
5 07/18 09:06:03| Questions are:
5 07/18 09:06:03| 	qc=IN (1), qt=AAAA (28), query="deb.opera.com.localnet."
5 07/18 09:06:03| Starting cached resolve for: deb.opera.com.localnet., query AAAA
5 07/18 09:06:03| Trying name servers.
5 07/18 09:06:03| No server is marked up and allowed for this domain.
5 07/18 09:06:03| Outbound msg len 40, tc=0, rc="server failed"
5 07/18 09:06:03| Answering to: 127.0.0.1, source address: 127.0.0.1
6 07/18 09:06:03| Received query.
6 07/18 09:06:03| Questions are:
6 07/18 09:06:03| 	qc=IN (1), qt=AAAA (28), query="deb.opera.com.localnet."
6 07/18 09:06:03| Starting cached resolve for: deb.opera.com.localnet., query AAAA
6 07/18 09:06:03| Trying name servers.
6 07/18 09:06:03| No server is marked up and allowed for this domain.
6 07/18 09:06:03| Outbound msg len 40, tc=0, rc="server failed"
6 07/18 09:06:03| Answering to: 127.0.0.1, source address: 127.0.0.1
7 07/18 09:06:03| Received query.
7 07/18 09:06:03| Questions are:
7 07/18 09:06:03| 	qc=IN (1), qt=AAAA (28), query="security.debian.org."
7 07/18 09:06:03| Starting cached resolve for: security.debian.org., query AAAA
7 07/18 09:06:03| Trying name servers.
7 07/18 09:06:03| No server is marked up and allowed for this domain.
7 07/18 09:06:03| Outbound msg len 37, tc=0, rc="server failed"
7 07/18 09:06:03| Answering to: 127.0.0.1, source address: 127.0.0.1
8 07/18 09:06:03| Received query.
8 07/18 09:06:03| Questions are:
8 07/18 09:06:03| 	qc=IN (1), qt=A (1), query="deb.opera.com."
8 07/18 09:06:03| Starting cached resolve for: deb.opera.com., query A
8 07/18 09:06:03| Trying name servers.
8 07/18 09:06:03| No server is marked up and allowed for this domain.
8 07/18 09:06:03| Outbound msg len 31, tc=0, rc="server failed"
8 07/18 09:06:03| Answering to: 127.0.0.1, source address: 127.0.0.1

<large amount cut here>

78 07/18 09:06:04| Received query.
78 07/18 09:06:04| Questions are:
78 07/18 09:06:04| 	qc=IN (1), qt=A (1), query="ftp.uk.debian.org."
78 07/18 09:06:04| Starting cached resolve for: ftp.uk.debian.org., query A
78 07/18 09:06:04| Trying name servers.
78 07/18 09:06:04| No server is marked up and allowed for this domain.
78 07/18 09:06:04| Outbound msg len 35, tc=0, rc="server failed"
78 07/18 09:06:04| Answering to: 127.0.0.1, source address: 127.0.0.1
79 07/18 09:06:04| Received query.
79 07/18 09:06:04| Questions are:
79 07/18 09:06:04| 	qc=IN (1), qt=A (1), query="ftp.uk.debian.org.localnet."
79 07/18 09:06:04| Starting cached resolve for: ftp.uk.debian.org.localnet., query A
79 07/18 09:06:04| Trying name servers.
79 07/18 09:06:04| No server is marked up and allowed for this domain.
79 07/18 09:06:04| Outbound msg len 44, tc=0, rc="server failed"
79 07/18 09:06:04| Answering to: 127.0.0.1, source address: 127.0.0.1
80 07/18 09:06:04| Received query.
80 07/18 09:06:04| Questions are:
80 07/18 09:06:04| 	qc=IN (1), qt=A (1), query="ftp.uk.debian.org.localnet."
80 07/18 09:06:04| Starting cached resolve for: ftp.uk.debian.org.localnet., query A
80 07/18 09:06:04| Trying name servers.
80 07/18 09:06:04| No server is marked up and allowed for this domain.
80 07/18 09:06:04| Outbound msg len 44, tc=0, rc="server failed"
80 07/18 09:06:04| Answering to: 127.0.0.1, source address: 127.0.0.1