<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">Michael,</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">the PowerDNS server IS the main recursor resolver and the IP of the PowerDNS server is actually in /etc/resolv.conf for all of the platform servers. We no longer have any BIND servers in our infrastructure.</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">Here are the dig outputs:</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="color: rgb(0, 0, 0); margin: 0px;"><div id="bloop_customfont" style="margin: 0px;"><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">$ dig @pdns01 NS labisilon.lab.domain.com</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New"><br></font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">; <<>> DiG 9.8.3-P1 <<>> @pdns01 NS labisilon.lab.domain.com</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">; (1 server found)</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; global options: +cmd</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; Got answer:</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9680</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New"><br></font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; QUESTION SECTION:</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;labisilon.lab.domain.com.<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>NS</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New"><br></font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; AUTHORITY SECTION:</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">lab.domain.com.<span class="Apple-tab-span" style="white-space:pre"> </span>900<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>SOA<span class="Apple-tab-span" style="white-space:pre"> </span>pdns01.lab.domain.com. linuxadmins.domain.com. 2013073047 86400 7200 604800 3600</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New"><br></font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; Query time: 1 msec</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New"><br></font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">[~]</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">ddecker$ dig @pdns01 A labisilon.lab.domain.com</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New"><br></font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">; <<>> DiG 9.8.3-P1 <<>> @pdns01 A labisilon.lab.domain.com</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">; (1 server found)</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; global options: +cmd</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; Got answer:</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1337</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New"><br></font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; QUESTION SECTION:</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;labisilon.lab.domain.com.<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>A</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New"><br></font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; AUTHORITY SECTION:</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">lab.domain.com.<span class="Apple-tab-span" style="white-space:pre"> </span>900<span class="Apple-tab-span" style="white-space:pre"> </span>IN<span class="Apple-tab-span" style="white-space:pre"> </span>SOA<span class="Apple-tab-span" style="white-space:pre"> </span>pdns01.lab.domain.com. linuxadmins.domain.com. 2013073047 86400 7200 604800 3600</font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New"><br></font></div><div id="bloop_customfont" style="margin: 0px;"><font face="Courier New">;; Query time: 0 msec</font></div></div></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div> <div id="bloop_sign_1386958482049402112" class="bloop_sign"><div style="font-family:helvetica,arial;font-size:13px">-- <br>Drew Decker<br>Sent with Airmail</div></div> <br><p style="color:#A0A0A8;">On December 13, 2013 at 12:08:35 PM, Michael Loftis (<a href="mailto://mloftis@wgops.com">mloftis@wgops.com</a>) wrote:</p> <blockquote type="cite" class="clean_bq"><span><div><div>No you definitely do not want to add an A record for
<br>labisilon.lab.domain.com to the powerdns server, that would cause it
<br>to always serve the A record. From the response information I take it
<br>the powerdns server isn't your recursive resolver (IE it's not whats
<br>in the /etc/resolv.conf or equivalent for your platform) - but from
<br>the output you've shown me the first half of the delegation is fine.
<br>The second half of the delegation must also exist or BIND in
<br>particular won't count it as valid (though the validation is lazy so
<br>you'll sometimes get an answer, but most of the time not) -- and hte
<br>second half is the matching NS record on the isilon, and the SOA
<br>(though the SOA is less important) -- you'll want to do the same dig
<br>@x.x.x.x NS labisilon.lab.domain.com and dig @x.x.x.x A
<br>labisilon.lab.domain.com - this is all part of diagnosing what
<br>actually *is* happening with this delegation. If the NS records aren't
<br>being returned from the isilon or the A or SOA isn't I can't really
<br>help you out there if those aren't there as I've never used the
<br>smartconnect product though there's a small chance I can get some
<br>information since we used their storage boxes at my present day job
<br>years back before I started (We literally have a couple racks worth of
<br>them sitting around after being decommissioned).
<br>
<br>
<br>... reading a bit in...is securustech.net the actual domain? It has
<br>wild cards which would be causing all manner of hell for you, if the A
<br>record you're getting back is the same as I'm seeing from the outside
<br>- 69.43.161.163 - then that would explain your problems. Your
<br>recursive resolver is getting the wildcard answers from your outside
<br>nameservers.
<br>
<br>On Fri, Dec 13, 2013 at 8:23 AM, Drew Decker <drewrockshard@gmail.com> wrote:
<br>> Same output -
<br>>
<br>> dig @psl-pdns01 A pslisilon.lab.securustech.net
<br>>
<br>> ; <<>> DiG 9.8.3-P1 <<>> @pdns01 A labisilon.lab.domain.com
<br>> ; (1 server found)
<br>> ;; global options: +cmd
<br>> ;; Got answer:
<br>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24930
<br>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
<br>>
<br>> ;; QUESTION SECTION:
<br>> ;labisilon.lab.domain.com. IN A
<br>>
<br>> ;; AUTHORITY SECTION:
<br>> labisilon.lab.domain.com 900 IN NS lab-isilon.lab.domain.com.
<br>>
<br>> ;; ADDITIONAL SECTION:
<br>> lab-isilon.lab.domain.com. 900 IN A x.x.x.x
<br>>
<br>> ;; Query time: 2 msec
<br>>
<br>> Do I need to specifically add an “A” record of labisilon.lab.domain.com ->
<br>> x.x.x.x?
<br>> --
<br>> Drew Decker
<br>> Sent with Airmail
<br>>
<br>> On December 13, 2013 at 10:18:10 AM, Michael Loftis (mloftis@wgops.com)
<br>> wrote:
<br>>
<br>> labisilon.lab.example.com
<br>
<br>
<br>
<br>--
<br>
<br>"Genius might be described as a supreme capacity for getting its possessors
<br>into trouble of all kinds."
<br>-- Samuel Butler
<br></div></div></span></blockquote></body></html>