search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
4.27k stars 418 forks source link

Forwarder zone returns RCODE: Refused #646

Closed untbu closed 1 year ago

untbu commented 1 year ago

I have a ns-record for one sudomain pointing to my Technitium DNS server. There I have one primary zone and one forwarder zone which forwards to a local DNS server. If I request a domain which is served from my local DNS server directly from my Technitium DNS server, everything works. This also works if the request comes from outside of my local network. But if I request it from another public DNS server like Cloudflare, I get the response SERVFAIL and the Query Logs app logs Response Type: Authoritative and RCODE: Refused. The primary zone is working as expected using Cloudflare, so there's no problem between Cloudflare and my Technitium DNS server. Recursion is set to Allow, although this should make no difference. I also put a reflection DNS server (Pi-hole) in front of the local DNS server to check if the request arrives, but it doesn't. The log contains no errors. Maybe I'm missing something?

Response using DNS Client

{
  "Metadata": {
    "NameServer": "one.one.one.one (1.1.1.1)",
    "Protocol": "Udp",
    "DatagramSize": "139 bytes",
    "RoundTripTime": "65.33 ms"
  },
  "EDNS": {
    "UdpPayloadSize": 1232,
    "ExtendedRCODE": "ServerFailure",
    "Version": 0,
    "Flags": "None",
    "Options": [
      {
        "Code": "EXTENDED_DNS_ERROR",
        "Length": "30 bytes",
        "Data": {
          "InfoCode": "NoReachableAuthority",
          "ExtraText": "at delegation ddns.untbu.de."
        }
      },
      {
        "Code": "EXTENDED_DNS_ERROR",
        "Length": "56 bytes",
        "Data": {
          "InfoCode": "NetworkError",
          "ExtraText": "109.90.179.149:53 rcode=REFUSED for gg.ddns.untbu.de A"
        }
      }
    ]
  },
  "DnsClientExtendedErrors": [
    {
      "InfoCode": "NetworkError",
      "ExtraText": "one.one.one.one (1.1.1.1) returned RCODE=ServerFailure for gg.ddns.untbu.de. A IN"
    }
  ],
  "Identifier": 16266,
  "IsResponse": true,
  "OPCODE": "StandardQuery",
  "AuthoritativeAnswer": false,
  "Truncation": false,
  "RecursionDesired": true,
  "RecursionAvailable": true,
  "Z": 0,
  "AuthenticData": false,
  "CheckingDisabled": false,
  "RCODE": "ServerFailure",
  "QDCOUNT": 1,
  "ANCOUNT": 0,
  "NSCOUNT": 0,
  "ARCOUNT": 1,
  "Question": [
    {
      "Name": "gg.ddns.untbu.de",
      "Type": "A",
      "Class": "IN"
    }
  ],
  "Answer": [],
  "Authority": [],
  "Additional": [
    {
      "Name": "",
      "Type": "OPT",
      "Class": "1232",
      "TTL": "0 (0 sec)",
      "RDLENGTH": "94 bytes",
      "RDATA": {
        "Options": [
          {
            "Code": "EXTENDED_DNS_ERROR",
            "Length": "30 bytes",
            "Data": {
              "InfoCode": "NoReachableAuthority",
              "ExtraText": "at delegation ddns.untbu.de."
            }
          },
          {
            "Code": "EXTENDED_DNS_ERROR",
            "Length": "56 bytes",
            "Data": {
              "InfoCode": "NetworkError",
              "ExtraText": "109.90.179.149:53 rcode=REFUSED for gg.ddns.untbu.de A"
            }
          }
        ]
      },
      "DnssecStatus": "Disabled"
    }
  ]
}
ShreyasZare commented 1 year ago

Thanks for the post. Your setup is not entirely clear to me. I am assuming that you have ddns.untbu.de setup on your Technitium DNS Server running on 109.90.179.149.

When I try to query gg.ddns.untbu.de to 109.90.179.149, there is no response at all. Check your network config to make sure that the requests are reaching the DNS server. You can use the dnsclient.net website to test if its responding from the Internet.

untbu commented 1 year ago

Sorry, I just changed some wiring which took longer than expected so the server was unreachable. Your assumption is right. I want my Technitium DNS Server to handle everything for untbu.de, but because I have active subdomains, I can only use one subdomain as long as it's not working properly. The ns-record for ddns.untbu.de is pointing to 109.90.179.149, my Technitium DNS Server.

ddns.untbu.de is configured as forwarder zone and tt.ddns.untbu.de is configured as primary zone to test the general communication with my Technitium DNS Server. I also tried to disable the primary zone because it may conflict with the forwarder zone, but this changed nothing.

ShreyasZare commented 1 year ago

Thanks for the details. If you have created a forwarder zone then that will not respond positively unless the request has Recursion Desired flag set. This flag is not set by recursive resolvers which is why you see the errors from cloudflare.

This check seems to be an issue with such a setup so, will get the code updated to allow it in the next release. Meanwhile, try using only primary zones which will work as expected.

untbu commented 1 year ago

Thank you. So I will do my basic setup and wait for the next release.

ShreyasZare commented 1 year ago

Version 11.3 is now available which fixes this issue. Do update and let me know your feedback.

untbu commented 1 year ago

It works as expected, thank you!

ShreyasZare commented 1 year ago

Thanks for confirming.

liang-hiwin commented 1 year ago

I'm having the same problem now

https://github.com/TechnitiumSoftware/DnsServer/issues/683


{
  "Metadata": {
    "NameServer": "alldns.yyyy.com:5300 (127.0.0.1)",
    "Protocol": "Udp",
    "DatagramSize": "104 bytes",
    "RoundTripTime": "0.79 ms"
  },
  "EDNS": {
    "UdpPayloadSize": 4096,
    "ExtendedRCODE": "ServerFailure",
    "Version": 0,
    "Flags": "None",
    "Options": [
      {
        "Code": "EXTENDED_DNS_ERROR",
        "Length": "47 bytes",
        "Data": {
          "InfoCode": "Other",
          "ExtraText": "Server exception for api.smoot.apple.cn. A IN"
        }
      },
      {
        "Code": "EXTENDED_DNS_ERROR",
        "Length": "2 bytes",
        "Data": {
          "InfoCode": "CachedError",
          "ExtraText": null
        }
      }
    ]
  },
  "DnsClientExtendedErrors": [
    {
      "InfoCode": "NetworkError",
      "ExtraText": "alldns.yyyy.com:5300 (127.0.0.1) returned RCODE=ServerFailure for api.smoot.apple.cn. A IN"
    }
  ],
  "Identifier": 37613,
  "IsResponse": true,
  "OPCODE": "StandardQuery",
  "AuthoritativeAnswer": false,
  "Truncation": false,
  "RecursionDesired": true,
  "RecursionAvailable": true,
  "Z": 0,
  "AuthenticData": false,
  "CheckingDisabled": false,
  "RCODE": "ServerFailure",
  "QDCOUNT": 1,
  "ANCOUNT": 0,
  "NSCOUNT": 0,
  "ARCOUNT": 1,
  "Question": [
    {
      "Name": "api.smoot.apple.cn",
      "Type": "A",
      "Class": "IN"
    }
  ],
  "Answer": [],
  "Authority": [],
  "Additional": [
    {
      "Name": "",
      "Type": "OPT",
      "Class": "4096",
      "TTL": "0 (0 sec)",
      "RDLENGTH": "57 bytes",
      "RDATA": {
        "Options": [
          {
            "Code": "EXTENDED_DNS_ERROR",
            "Length": "47 bytes",
            "Data": {
              "InfoCode": "Other",
              "ExtraText": "Server exception for api.smoot.apple.cn. A IN"
            }
          },
          {
            "Code": "EXTENDED_DNS_ERROR",
            "Length": "2 bytes",
            "Data": {
              "InfoCode": "CachedError",
              "ExtraText": null
            }
          }
        ]
      },
      "DnssecStatus": "Disabled"
    }
  ]
}

IMG_2096

ShreyasZare commented 1 year ago

I'm having the same problem now

683

The problem you are facing is totally unrelated to the issue discussed above.