<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 13/11/2017 09:05, Mislav | SysAdmin
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:01983bce-d6ed-03f0-b451-8694b72d7dd0@gmail.com">Hi. I've
noticed some problems with CNAME resolving on our pdns server.
Here is the example:
<br>
<blockquote type="cite" style="color: #000000;">$ nslookup
mobile-universe.ch ns1.private.ch
<br>
Server: ns1.private.ch
<br>
Address: private#53
<br>
<br>
Non-authoritative answer:
<br>
Name: mobile-universe.ch
<br>
Address: 18.194.35.161
<br>
<br>
$ nslookup <a class="moz-txt-link-abbreviated"
href="http://www.mobile-universe.ch" moz-do-not-send="true">www.mobile-universe.ch</a>
ns1.private.ch
<br>
Server: ns1.private.ch
<br>
Address: private#53
<br>
<br>
** server can't find <a class="moz-txt-link-abbreviated"
href="http://www.mobile-universe.ch" moz-do-not-send="true">www.mobile-universe.ch</a>:
NXDOMAIN
</blockquote>
</blockquote>
<br>
So I'm guessing that "ns1.private.ch" is a made-up name, right? But
this is running pdns-recursor? Which version?<br>
<br>
Resolving that name works for me using pdns-recursor
4.0.6-1pdns.xenial under Ubuntu 16.04:<br>
<br>
<tt># dig @192.168.5.53 <a class="moz-txt-link-abbreviated" href="http://www.mobile-universe.ch">www.mobile-universe.ch</a> a</tt><tt><br>
</tt><tt><br>
</tt><tt>; <<>> DiG 9.8.1-P1 <<>>
@192.168.5.53 <a class="moz-txt-link-abbreviated" href="http://www.mobile-universe.ch">www.mobile-universe.ch</a> a</tt><tt><br>
</tt><tt>; (1 server found)</tt><tt><br>
</tt><tt>;; global options: +cmd</tt><tt><br>
</tt><tt>;; Got answer:</tt><tt><br>
</tt><tt>;; ->>HEADER<<- opcode: QUERY, status: NOERROR,
id: 26749</tt><tt><br>
</tt><tt>;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0,
ADDITIONAL: 0</tt><tt><br>
</tt><tt><br>
</tt><tt>;; QUESTION SECTION:</tt><tt><br>
</tt><tt>;www.mobile-universe.ch. IN A</tt><tt><br>
</tt><tt><br>
</tt><tt>;; ANSWER SECTION:</tt><tt><br>
</tt><tt><a class="moz-txt-link-abbreviated" href="http://www.mobile-universe.ch">www.mobile-universe.ch</a>. 3600 IN CNAME
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com.</tt><tt><br>
</tt><tt>elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com.
60 IN A 52.58.17.141</tt><tt><br>
</tt><tt>elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com.
60 IN A 52.57.147.203</tt><tt><br>
</tt><tt><br>
</tt><tt>;; Query time: 504 msec</tt><tt><br>
</tt><tt>;; SERVER: 192.168.5.53#53(192.168.5.53)</tt><tt><br>
</tt><tt>;; WHEN: Mon Nov 13 09:21:37 2017</tt><tt><br>
</tt><tt>;; MSG SIZE rcvd: 142</tt><br>
<br>
<br>
So something must be different on your side, although I can't think
why you'd get NXDOMAIN rather than SRVFAIL.<br>
<br>
I suggest you turn on tracing for the <tt>mobile-universe.ch</tt>
and <tt>eu-central-1.elb.amazonaws.com</tt> domains, clear the
cache for those domains, and then do the query again. See:<br>
<br>
<a moz-do-not-send="true"
href="https://doc.powerdns.com/recursor/running.html#tracing-queries">https://doc.powerdns.com/recursor/running.html#tracing-queries<br>
<a></a></a><a moz-do-not-send="true"
href="https://doc.powerdns.com/recursor/running.html#cache-management">https://doc.powerdns.com/recursor/running.html#cache-management<br>
</a><br>
You could also tcpdump all the DNS traffic which it sends during
that time.<br>
<br>
FYI, here is where the authoritative servers are:<br>
<p><tt>$ dig +trace <a class="moz-txt-link-abbreviated" href="http://www.mobile-universe.ch">www.mobile-universe.ch</a>. a</tt><tt><br>
</tt><tt><br>
</tt><tt>...</tt><tt><br>
</tt><tt><br>
</tt><tt>mobile-universe.ch. 3600 IN NS
ns1a.plentymarkets.eu.</tt><tt><br>
</tt><tt>mobile-universe.ch. 3600 IN NS
ns2a.plentymarkets.eu.</tt><tt><br>
</tt><tt>;; Received 94 bytes from 130.59.31.41#53(130.59.31.41)
in 115 ms</tt><tt><br>
</tt><tt><br>
</tt><tt><a class="moz-txt-link-abbreviated" href="http://www.mobile-universe.ch">www.mobile-universe.ch</a>. 3600 IN CNAME
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com.</tt><tt><br>
</tt><tt>com. 3600 IN SOA ns1.com.
hostmaster.com. 3 86400 10800 3600000 172800</tt><tt><br>
</tt><tt>;; Received 161 bytes from 185.61.8.110#53(185.61.8.110)
in 31 ms</tt><tt><br>
</tt></p>
<p><tt><br>
</tt></p>
<p><tt>$ dig +trace
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. a</tt></p>
<p><tt>...</tt></p>
<p><tt>elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. 60
IN A 52.58.17.141</tt><tt><br>
</tt><tt>elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com.
60 IN A 52.57.147.203</tt><tt><br>
</tt><tt>eu-central-1.elb.amazonaws.com. 1800 IN NS
ns-1326.awsdns-37.org.</tt><tt><br>
</tt><tt>eu-central-1.elb.amazonaws.com. 1800 IN NS
ns-1689.awsdns-19.co.uk.</tt><tt><br>
</tt><tt>eu-central-1.elb.amazonaws.com. 1800 IN NS
ns-417.awsdns-52.com.</tt><tt><br>
</tt><tt>eu-central-1.elb.amazonaws.com. 1800 IN NS
ns-613.awsdns-12.net.</tt></p>
<p>And all four AWS nameservers agree on the results: none is giving
NXDOMAIN.<br>
</p>
<p><tt># for i in ns-1326.awsdns-37.org. ns-1689.awsdns-19.co.uk.
ns-417.awsdns-52.com. ns-613.awsdns-12.net.; do echo "=== $i
==="; dig +short @$i
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. a;
done</tt><tt><br>
</tt><tt>=== ns-1326.awsdns-37.org. ===</tt><tt><br>
</tt><tt>52.58.17.141</tt><tt><br>
</tt><tt>52.57.147.203</tt><tt><br>
</tt><tt>=== ns-1689.awsdns-19.co.uk. ===</tt><tt><br>
</tt><tt>52.57.147.203</tt><tt><br>
</tt><tt>52.58.17.141</tt><tt><br>
</tt><tt>=== ns-417.awsdns-52.com. ===</tt><tt><br>
</tt><tt>52.57.147.203</tt><tt><br>
</tt><tt>52.58.17.141</tt><tt><br>
</tt><tt>=== ns-613.awsdns-12.net. ===</tt><tt><br>
</tt><tt>52.58.17.141</tt><tt><br>
</tt><tt>52.57.147.203</tt></p>
<p>Regards,</p>
<p>Brian.<br>
</p>
</body>
</html>