[Pdns-users] Recursive Weirdness (Was: 2.9.4 -> 2.9.8 breakage)

Damian Gerow damian at sentex.net
Wed Jul 30 20:31:28 UTC 2003 

Thus spake bert hubert (ahu at ds9a.nl) [30/07/03 14:09]:
> > I have a PowerDNS server that supports recursive queries, using a dnscache
> > installation (from djbdns) on an RFC1918 network to do the lookups.
> 
> Can you point your install at 130.161.180.1 and 195.96.96.97? I just
> verified if everything works as it should and it does so here.

Both show the same behaviour.  Except that now once I get a successful query
in, we go back to the original behaviour of pdns happily responding with
cached queries, no matter who is asking.

I just went back and double-checked, and we are also still doing the old
behaviour, no matter which recursor I use.  Don't know why I got that wrong
last time.

> Have you bound separately to the addresses of your host? ie, 64.7.134.90 and
> 10.9.22.8? Can you do queries with 'dig'?

Yes,  I explicitly bind to certain interfaces:

    local-address=64.7.134.90,172.16.0.8,10.9.22.8,127.0.0.1

> dig www.microsoft.com @64.7.134.90
> 
> Gives way better diagnostics.

If you have an SSH public key, I can give you access to my pdns box and my
recursor box, and you can play around with it.

Well, here it is, outside first:

  Outside (199.212.134.1):
    % dig @64.7.134.90 www.microsoft.com +rec

    ; <<>> DiG 8.3 <<>> @64.7.134.90 www.microsoft.com +rec 
    ; (1 server found)
    ;; res options: init recurs defnam dnsrch
    ;; got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 475
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUERY SECTION:
    ;;      www.microsoft.com, type = A, class = IN

    ;; Total query time: 57 msec
    ;; FROM: granite.sentex.ca to SERVER: 64.7.134.90  64.7.134.90
    ;; WHEN: Wed Jul 30 16:22:59 2003
    ;; MSG SIZE  sent: 35  rcvd: 35

    %

  Inside (10.9.22.21):
    % dig @10.9.22.8 www.microsoft.com +rec

    ; <<>> DiG 8.3 <<>> @10.9.22.8 www.microsoft.com +rec 
    ; (1 server found)
    ;; res options: init recurs defnam dnsrch
    ;; got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56405
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUERY SECTION:
    ;;      www.microsoft.com, type = A, class = IN

    ;; Total query time: 3 msec
    ;; FROM: pandora.afflictions.org to SERVER: 10.9.22.8  10.9.22.8
    ;; WHEN: Wed Jul 30 16:30:15 2003
    ;; MSG SIZE  sent: 35  rcvd: 35

    %

And on run two, we go inside, outside (after stopping/starting pdns):

  Inside (10.9.22.21):
    % dig @10.9.22.8 www.microsoft.com +rec

    ; <<>> DiG 8.3 <<>> @10.9.22.8 www.microsoft.com +rec 
    ; (1 server found)
    ;; res options: init recurs defnam dnsrch
    ;; got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45984
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUERY SECTION:
    ;;      www.microsoft.com, type = A, class = IN

    ;; ANSWER SECTION:
    www.microsoft.com.      1h54m46s IN CNAME  www.microsoft.akadns.net.
    www.microsoft.akadns.net.  5M IN A  207.46.249.190
    www.microsoft.akadns.net.  5M IN A  207.46.134.222
    www.microsoft.akadns.net.  5M IN A  207.46.134.190
    www.microsoft.akadns.net.  5M IN A  207.46.134.155
    www.microsoft.akadns.net.  5M IN A  207.46.249.222

    ;; Total query time: 150 msec
    ;; FROM: pandora.afflictions.org to SERVER: 10.9.22.8  10.9.22.8
    ;; WHEN: Wed Jul 30 16:31:34 2003
    ;; MSG SIZE  sent: 35  rcvd: 153

    %

  Outside (199.212.134.1):
    % dig @64.7.134.90 www.microsoft.com +rec

    ; <<>> DiG 8.3 <<>> @64.7.134.90 www.microsoft.com +rec 
    ; (1 server found)
    ;; res options: init recurs defnam dnsrch
    ;; got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33180
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUERY SECTION:
    ;;      www.microsoft.com, type = A, class = IN

    ;; ANSWER SECTION:
    www.microsoft.com.      1h54m46s IN CNAME  www.microsoft.akadns.net.
    www.microsoft.akadns.net.  5M IN A  207.46.249.190
    www.microsoft.akadns.net.  5M IN A  207.46.134.222
    www.microsoft.akadns.net.  5M IN A  207.46.134.190
    www.microsoft.akadns.net.  5M IN A  207.46.134.155
    www.microsoft.akadns.net.  5M IN A  207.46.249.222

    ;; Total query time: 24 msec
    ;; FROM: granite.sentex.ca to SERVER: 64.7.134.90  64.7.134.90
    ;; WHEN: Wed Jul 30 16:25:16 2003
    ;; MSG SIZE  sent: 35  rcvd: 153

    %

Also note that a 'pdns_control purge' can be done instead of a pdns
stop/start.  It's almost like once an answer makes it in to the cache, the
ACL is never checked.

More information about the Pdns-users mailing list