You are not logged in.

#1 2016-12-23 01:34:09

madman_xxx
Member
From: PL
Registered: 2013-07-31
Posts: 31

pdnsd queries other servers infinitely when receives bogus info

Hello,

I am facing this weird behaviour. There is an address, doubleverify.com that, in my belief, contains junk entries and this causes my pdnsd to go mad.

Here is my pdnsd config:

global {
        perm_cache=1024;
        cache_dir="/var/cache/pdnsd";
        pid_file = /var/run/pdnsd.pid;
        run_as="pdnsd";
        server_ip = 0.0.0.0; 
        status_ctl = on;
        query_method=udp_only;
        min_ttl=1m;
        max_ttl=1w
        timeout=10s;
        neg_domain_pol=on;
        neg_ttl=10s;
        udpbufsize=1024;
        par_queries=1;
}

# Orange
server {
        label= "wwp0s3f2u4i7";
        timeout=10s;
        purge_cache=on;
        uptest=query;
        query_test_name=orange.pl;
        lean_query=on;
}

and this is a DNS record dump:

> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> set type=AAAA
> tps10249.doubleverify.com
Server:         8.8.8.8
Address:        8.8.8.8#53
> tps10249.doubleverify.com
Server:         194.204.159.1
Address:        194.204.159.1#53

Non-authoritative answer:
*** Can't find tps10249.doubleverify.com: No answer

Authoritative answers can be found from:


> server 194.204.159.1
Default server: 194.204.159.1
Address: 194.204.159.1#53
>doubleverify.com
        origin = dvadnj01.doubleverify.prod
        mail addr = hostmaster.doubleverify.prod
        serial = 1364924270
        refresh = 1800
        retry = 300
        expire = 1209600
        minimum = 900


> set type=SOA
> server 194.204.159.1
Default server: 194.204.159.1
Address: 194.204.159.1#53
> doubleverify.com
Server:         194.204.159.1
Address:        194.204.159.1#53

Non-authoritative answer:
doubleverify.com
        origin = dvadnj01.doubleverify.prod
        mail addr = hostmaster.doubleverify.prod
        serial = 1364924270
        refresh = 1800
        retry = 300
        expire = 1209600
        minimum = 900

Authoritative answers can be found from:
>

It's hard to say how this pdnsd lookup loop starts, but I have already observed it twice. Packet sniffing shows DNS AAAA requests being sent continuously for host tps10249.doubleverify.com and tps10249.doubleverify.com. Is it a misconfiguration issue or a bug in pdnsd? I have tried to contact the pdnsd author, but received no reply...

Last edited by madman_xxx (2016-12-23 01:35:05)

Offline

Board footer

Powered by FluxBB