<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html><body>
<p>Hi,</p>
<p><br />Sure, one of the domains that is giving me trouble is hoofdluis.nl</p>
<p>- dnssec is disabled for this backend in Powerdns config</p>
<p>- here's a few lines from the 'records' table:</p>
<p>| id | domain_id | name | type | content | ttl | prio | change_date | disabled | ordername | auth |<br />+-----+-----------+------------------------+------+------------------------------------------------------------------------+-------+------+-------------+----------+-----------+------+<br />| 349 | 38 | hoofdluis.nl | SOA | ns1.sonexo.eu info.sonexo.nl 2015102902 10800 3600 604800 3600 | 86400 | 0 | 1446148124 | 0 | NULL | 1 |<br />| 350 | 38 | hoofdluis.nl | NS | ns1.sonexo.eu | 86400 | 0 | 1446122706 | 0 | NULL | 1 |<br />| 351 | 38 | hoofdluis.nl | NS | ns2.sonexo.com | 86400 | 0 | 1446122706 | 0 | NULL | 1 |<br />| 352 | 38 | www.hoofdluis.nl | A | 185.27.174.120 | 86400 | 0 | 1446122706 | 0 | NULL | 1 |<br />| 353 | 38 | hoofdluis.nl | A | 185.27.174.120 | 86400 | 0 | 1446122706 | 0 | NULL | 1 |<br />| 355 | 38 | localhost.hoofdluis.nl | A | 127.0.0.1 | 86400 | 0 | 1446122706 | 0 | NULL | 1 |<br /><br /></p>
<p>- root@ns1:/etc/powerdns/pdns.d# pdnssec check-zone hoofdluis.nl<br />Checked 12 records of 'hoofdluis.nl', 0 errors, 0 warnings.<br /><br />I should probably add that we are running two backends, both MySQL on the same server, spread out over two different databases. One backend is more advanced and uses custom queries and dnssec but has no records whatsoever for any of the domains in the second backend, and vice versa. Advanced backend is queried first, regular one next. It'd be easy to point to this as the source of the problem but I cannot find any clue that it is causing problems since MySQL queries are ok and the first (more advanced) backend does not return any data at all for the domain hoofdluis.nl so the second backend is definitely in control.</p>
<p>Martin</p>
<p> </p>
<div> </div>
<p>On 29-10-2015 20:39, Aki Tuomi wrote:</p>
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<pre>Is it possible for you to provide actual data? Also,
- have you turned on dnssec support? gmysql-dnssec=yes
- can you provide the actual line(s) from mysql database
- can you run pdnssec check-zone zone
Aki
On Thu, Oct 29, 2015 at 08:18:29PM +0100, Martin wrote:</pre>
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px">Hi, Thanks for your reply. I'm using Poweradmin and everything seems to be ok in the database, no mixup of types and content or anything. I forgot to add that if I query the authoritative nameserver for the domain directly, dig works as expected: dig a abc.example.com @ns1.mynsserver gives me the expected NXDOMAIN result. I have enabled MySQL query log and it appears that some queries are fired but somehow the requesting client is unable to determine who is authoritative or something. You see, when I use nslookup in debug mode this happens: ------------ QUESTIONS: abc.example.com, type = A, class = IN ANSWERS: AUTHORITY RECORDS: ADDITIONAL RECORDS: ------------ ** server can't find abc.example.com: SERVFAIL I would expect to at least get some authority records. Again, <a href="http://www.example.com">www.example.com</a>is working fine in nslookup & dig. Martin On 29-10-2015 18:12, bert hubert wrote:
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px">Hi Martin, You appear to have put domain names in the type field! The error messages say the type is example.example.com. Bert On Oct 29, 2015 17:10, Martin <<a href="mailto:domains@crystalline.nl">domains@crystalline.nl</a>> wrote:
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px">Hi, I have setup a simple MySQL backend for a domain with a few MX records, a couple of A records, two NS records and a SOA record for the domain. All dig commands are run from a completely unrelated server: dig a <a href="http://www.example.com">www.example.com</a> [1] is working: it returns the right A record dig a example.com is working: it returns the right A record Now this is where things go wrong: dig a abc.example.com returns a SERVFAIL but I am expecting a NXDOMAIN response because there is no A record for abc.example.com I checked the PowerDNS logs and this is there: Oct 29 16:44:45 ns1 pdns[27687]: Exception building answer packet (Unknown DNS type 'example.example.com') sending out servfail Oct 29 16:44:45 ns1 pdns[27687]: Exception building answer packet (Unknown DNS type 'example.example.com') sending out servfail Oct 29 16:44:45 ns1 pdns[27687]: Exception building answer packet (Unknown DNS type 'example.example.com') sending out servfail Oct 29 16:44:45 ns1 pdns[27687]: Exception building answ</blockquote>
</blockquote>
er packet (Unknown DNS type 'example.example.com') sending out servfail Oct 29 16:44:45 ns1 pdns[27687]: Exception building answer packet (Unknown DNS type 'example.example.com') sending out servfail Five messages with unknow dns type 'domain.domain.tld'. I have tried an online tool like <a href="http://www.kloth.net/services/dig.php">http://www.kloth.net/services/dig.php</a> [2] as well and it generates the same error in the logs but only once instead of five times. Can anyone point me in the right direction? I'm stumped. I'm running the latest version on Debian. Thanks, Martin Links: ------ [1] <a href="http://www.example.com">http://www.example.com</a> [2] <a href="http://www.kloth.net/services/dig.php">http://www.kloth.net/services/dig.php</a></blockquote>
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px">_______________________________________________ Pdns-users mailing list <a href="mailto:Pdns-users@mailman.powerdns.com">Pdns-users@mailman.powerdns.com</a> <a href="http://mailman.powerdns.com/mailman/listinfo/pdns-users">http://mailman.powerdns.com/mailman/listinfo/pdns-users</a></blockquote>
</blockquote>
</body></html>