DNS-server: Resolution issues with TinyDNS/dnscache

minus

So, I installed the dns-server package on 1.2RC4 and the setup went smooth. I populated about 76 records for our internal domain, and made sure that the SOA record for domain is setup correctly. A dig on our domain shows that the pfsense server is indeed returning the records I gave it…but that's all it will return. If a lookup of www.google.com goes through, I get the following in the logs:

2008-02-22 12:20:28.452055500      10.1.0.116:3486 A        not_authority            mail.google.com
2008-02-22 12:20:30.364022500      10.1.0.116:3487 A        responded                www.digg.com.mydomain.net
2008-02-22 12:20:30.364599500      10.1.0.116:3487 A        not_authority            www.digg.com
2008-02-22 12:20:33.451714500      10.1.0.116:3487 A        responded                mail.google.com.mydomain.net
2008-02-22 12:20:33.455924500      10.1.0.116:3487 A        not_authority            mail.google.com
2008-02-22 12:20:35.348065500      10.1.0.116:3487 A        not_authority            www.google.com
2008-02-22 12:20:35.367486500      10.1.0.116:3487 A        not_authority            www.digg.com
2008-02-22 12:20:38.455287500      10.1.0.116:3487 A        not_authority            mail.google.com
2008-02-22 12:20:40.347193500      10.1.0.116:3487 A        not_authority            www.google.com
2008-02-22 12:20:40.367155500      10.1.0.116:3487 A        responded                www.digg.com.mydomain.net

Eventually the lookup times out. Here are my related settings:

• DNS Forwarder: Off

• DNS Cacher server forwarders: On

• General Setup|DNS Servers: Set for 127.0.0.1

Any clues as to why it will only return records for the one domain I have an SOA for?

dotdash

It sounds like it is operating correctly. Per design, TinyDNS does not act as recursive caching server. See this post: http://forum.pfsense.org/index.php/topic,7812.0.html

minus

TinyDNS itself doesn't but dnscache (another part of djbdns) is supposed to be doing the recursive lookups. I'm thining this is a config issue or a bug.

See here: http://cr.yp.to/djbdns/dnscache.html

And this is what's running on my pfsense box:

Gtinydns 23922  0.0  0.0  1396   724  ??  I    12:53PM   0:00.01 /usr/local/bin/tinydns
root     52631  0.0  0.0  1264   624  ??  I     6:53PM   0:00.01 supervise tinydns
root     52633  0.0  0.0  1264   624  ??  S     6:53PM   0:42.81 supervise dnscache
Gdnslog  52649  0.0  0.0  1292   656  ??  S     6:53PM   0:04.14 multilog t ./main
Gdnslog  52654  0.0  0.0  1276   528  ??  I     6:53PM   0:00.01 multilog t ./main
root      3078  0.0  0.1  1596  1048  p0  S+    2:58PM   0:00.00 grep dns

I'm not super familiar with BSD, but something tells me that "supervise dnscache" doesn't mean that it's running as it is should be.

velosity

I am having the same issue.  TinyDNS is getting the request for the non auth domain, it's just is not forwarding it.  I also have supervise running, don't know what that means.

sullrich

Turn off the DNS forwarder service?

velosity

DNS forwarder service is off.

sullrich

Okay, the dnscache portions are sorta experimental (is the polite way to put it).  Have not heard from the developer for quite a while now that was adding those features.

velosity

Ok, thanks for the response.  I'm still a bsd noob, but i will see what i can do to get it working.  What does the supervise mean?

sullrich

That is the DJB way.  I suggest reading up on the "DJB" way :)

minus

Anyone ever figure out some new info about this one?

nexusone

I'm also seeing this problem.

I have to disable DNS forwarding to get tinydns to correctly bind to the interface and start. With DNS forwarder disabled I get no external resolution. Re-enable DNS forwarder, and disable tinydns and external resolution comes back.