<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7652.24">
<TITLE>RE: [Pdns-users] PDNS & pdns-recursor on same machine problems</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<BR>
<P><FONT SIZE=2>Any ideas?<BR>
<BR>
-----Original Message-----<BR>
From: pdns-users-bounces@mailman.powerdns.com on behalf of Baird, Josh<BR>
Sent: Mon 11/24/2008 5:06 PM<BR>
To: bert hubert<BR>
Cc: pdns-users@mailman.powerdns.com<BR>
Subject: RE: [Pdns-users] PDNS & pdns-recursor on same machine problems<BR>
<BR>
<BR>
Bert,<BR>
<BR>
Sure.. running the recursor with --trace completely killed this box, but I do believe I was able to get some data for you :)<BR>
<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] question for 'oldbridgeinc.com.|A' from 172.15.64.11<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Looking for CNAME cache hit of 'oldbridgeinc.com.|CNAME'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: No CNAME cache hit of 'oldbridgeinc.com.|CNAME' found<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: No cache hit for 'oldbridgeinc.com.|A', trying to find an appropriate NS record<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Checking if we have NS in cache for 'oldbridgeinc.com.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: no valid/useful NS in cache for 'oldbridgeinc.com.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Checking if we have NS in cache for 'com.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS (with ip, or non-glue) in cache for 'com.' -> 'a.gtld-servers.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within bailiwick: 0, not in cache / did not look at cache<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS (with ip, or non-glue) in cache for 'com.' -> 'b.gtld-servers.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within bailiwick: 0, not in cache / did not look at cache<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS (with ip, or non-glue) in cache for 'com.' -> 'c.gtld-servers.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within bailiwick: 0, not in cache / did not look at cache<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS (with ip, or non-glue) in cache for 'com.' -> 'd.gtld-servers.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within bailiwick: 0, not in cache / did not look at cache<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS (with ip, or non-glue) in cache for 'com.' -> 'e.gtld-servers.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within bailiwick: 0, not in cache / did not look at cache<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS (with ip, or non-glue) in cache for 'com.' -> 'f.gtld-servers.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within bailiwick: 0, not in cache / did not look at cache<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS (with ip, or non-glue) in cache for 'com.' -> 'g.gtld-servers.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within bailiwick: 0, not in cache / did not look at cache<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS (with ip, or non-glue) in cache for 'com.' -> 'h.gtld-servers.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within bailiwick: 0, not in cache / did not look at cache<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS (with ip, or non-glue) in cache for 'com.' -> 'i.gtld-servers.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within bailiwick: 0, not in cache / did not look at cache<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS (with ip, or non-glue) in cache for 'com.' -> 'j.gtld-servers.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within bailiwick: 0, not in cache / did not look at cache<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS (with ip, or non-glue) in cache for 'com.' -> 'k.gtld-servers.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within bailiwick: 0, not in cache / did not look at cache<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS (with ip, or non-glue) in cache for 'com.' -> 'l.gtld-servers.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within bailiwick: 0, not in cache / did not look at cache<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS (with ip, or non-glue) in cache for 'com.' -> 'm.gtld-servers.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within bailiwick: 0, not in cache / did not look at cache<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: We have NS in cache for 'com.' (flawedNSSet=0)<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Cache consultations done, have 13 NS to contact<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Nameservers: b.gtld-servers.net.(256ms), a.gtld-servers.net.(275ms), d.gtld-servers.net.(287ms),<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: g.gtld-servers.net.(300ms), c.gtld-servers.net.(302ms), i.gtld-servers.net.(325ms),<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: h.gtld-servers.net.(325ms), j.gtld-servers.net.(354ms), f.gtld-servers.net.(363ms),<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: e.gtld-servers.net.(599ms), l.gtld-servers.net.(625ms), k.gtld-servers.net.(728ms),<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: m.gtld-servers.net.(751ms)<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Trying to resolve NS 'b.gtld-servers.net.' (1/13)<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] b.gtld-servers.net.: Looking for CNAME cache hit of 'b.gtld-servers.net.|CNAME'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] b.gtld-servers.net.: No CNAME cache hit of 'b.gtld-servers.net.|CNAME' found<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] b.gtld-servers.net.: Found cache hit for A: 192.33.14.30[ttl=172674]<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Resolved 'com.' NS b.gtld-servers.net. to: 192.33.14.30<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Trying IP 192.33.14.30:53, asking 'oldbridgeinc.com.|A'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Got 4 answers from b.gtld-servers.net. (192.33.14.30), rcode=0, in 142ms<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: accept answer 'oldbridgeinc.com.|NS|ns1.jbdesign.net.' from 'com.' nameservers? YES!<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: accept answer 'oldbridgeinc.com.|NS|ns2.jbdesign.net.' from 'com.' nameservers? YES!<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: accept answer 'ns1.jbdesign.net.|A|72.29.72.189' from 'com.' nameservers? NO!<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: accept answer 'ns2.jbdesign.net.|A|12.44.213.89' from 'com.' nameservers? NO!<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: determining status after receiving this packet<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: got NS record 'oldbridgeinc.com.' -> 'ns1.jbdesign.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: got NS record 'oldbridgeinc.com.' -> 'ns2.jbdesign.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: status=did not resolve, got 2 NS, looping to them<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Nameservers: ns1.jbdesign.net.(0ms), ns2.jbdesign.net.(0ms)<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Trying to resolve NS 'ns1.jbdesign.net.' (1/2)<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: Looking for CNAME cache hit of 'ns1.jbdesign.net.|CNAME'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: No CNAME cache hit of 'ns1.jbdesign.net.|CNAME' found<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: No cache hit for 'ns1.jbdesign.net.|A', trying to find an appropriate NS record<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: Cache consultations done, have 1 NS to contact<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: Nameservers: 72.29.72.189:53(-1172ms)<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: Trying to resolve NS '72.29.72.189:53' (1/1)<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: Domain has hardcoded nameserver(s)<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: Resolved 'jbdesign.net.' NS 72.29.72.189:53 to: 72.29.72.189<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: Trying IP 72.29.72.189:53, asking 'ns1.jbdesign.net.|A'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: query throttled<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: Failed to resolve via any of the 1 offered NS at level 'jbdesign.net.'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: failed (res=-1)<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Failed to get IP for NS ns1.jbdesign.net., trying next if available<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Trying to resolve NS 'ns2.jbdesign.net.' (2/2)<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns2.jbdesign.net.: Looking for CNAME cache hit of 'ns2.jbdesign.net.|CNAME'<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns2.jbdesign.net.: No CNAME cache hit of 'ns2.jbdesign.net.|CNAME' found<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns2.jbdesign.net.: Found cache hit for A: 12.44.213.89[ttl=86395]<BR>
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Resolved 'oldbridgeinc.com.' NS ns2.jbdesign.net. to: 12.44.213.89<BR>
Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Trying IP 12.44.213.89:53, asking 'oldbridgeinc.com.|A'<BR>
Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: query throttled<BR>
Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Failed to resolve via any of the 2 offered NS at level 'oldbridgeinc.com.'<BR>
Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Invalidating nameservers for level 'oldbridgeinc.com.', next query might succeed<BR>
Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: failed (res=-1)<BR>
Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] answer to question 'oldbridgeinc.com.|A': 0 answers, 0 additional, took 1 packets, 2 throttled, 0 timeouts, 0 tcp connections, rcode=2<BR>
<BR>
It look's like it is trying to hand the query off to ns1.jbdesign.net/ns2.jbdesign.net which is correct (ns2 runs on this same box, on a different interface). This recursor IS able to resolve both NS1 and NS2 (only because I have added jbdesign.net to the forwarders= option in recursor.conf). Unfortuantly, dig didn't return any useful info probably due to the fact that --trace made the recursor completely unresponsive, but here is the output after I turned --trace off:<BR>
<BR>
root@thunder:/etc/rc.d/init.d$ dig oldbridgeinc.com @172.15.64.11<BR>
<BR>
; <<>> DiG 9.3.4-P1 <<>> oldbridgeinc.com @172.15.64.11<BR>
; (1 server found)<BR>
;; global options: printcmd<BR>
;; Got answer:<BR>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54661<BR>
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<BR>
<BR>
;; QUESTION SECTION:<BR>
;oldbridgeinc.com. IN A<BR>
<BR>
;; ANSWER SECTION:<BR>
oldbridgeinc.com. 86400 IN A 72.29.72.191<BR>
<BR>
;; Query time: 116 msec<BR>
;; SERVER: 172.15.64.11#53(172.15.64.11)<BR>
;; WHEN: Mon Nov 24 17:05:20 2008<BR>
;; MSG SIZE rcvd: 50<BR>
<BR>
<BR>
Thanks,<BR>
<BR>
Josh<BR>
<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: bert hubert [<A HREF="mailto:bert.hubert@netherlabs.nl">mailto:bert.hubert@netherlabs.nl</A>]<BR>
Sent: Mon 11/24/2008 4:43 PM<BR>
To: Baird, Josh<BR>
Cc: pdns-users@mailman.powerdns.com<BR>
Subject: Re: [Pdns-users] PDNS & pdns-recursor on same machine problems<BR>
<BR>
On Mon, Nov 24, 2008 at 03:36:07PM -0600, Baird, Josh wrote:<BR>
<BR>
> I have a set of authoritative servers running PDNS. One of these servers is<BR>
> also running pdns-recursor which is bound to a separate IP address. The<BR>
> recursor is having problems resolving domains that the authoritative<BR>
> instance is authoritative for. Trying to resolve hostnames within these<BR>
> domains doesn't bail with a NXDOMAIN or a FAIL, but it just does not return<BR>
> an IP address:<BR>
<BR>
Josh,<BR>
<BR>
Can you run the recursor in '--trace' mode, and show the output when it<BR>
tries to resolve a domain for you that is hosted on the same machine?<BR>
<BR>
Instead of 'host', could you use 'dig', as in 'dig blah.com<BR>
@ip-address-of-recursor'?<BR>
<BR>
Dig is a little bit more verbose in its output.<BR>
<BR>
> Is there a way to make the recursor resolve these domains without manually<BR>
> forwarding each of them back to the IP address that the authoritative server<BR>
> is listening on? Shouldn't it use recursion for these queries?<BR>
<BR>
Yes, it should just work, without special configuration.<BR>
<BR>
Please let us know!<BR>
<BR>
Bert<BR>
<BR>
--<BR>
<A HREF="http://www.PowerDNS.com">http://www.PowerDNS.com</A> Open source, database driven DNS Software<BR>
<A HREF="http://netherlabs.nl">http://netherlabs.nl</A> Open and Closed source services<BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>