[Pdns-users] Problems with NAPTR records (Debian Sarge)
Kostas Zorbadelos
kzorba at otenet.gr
Thu Mar 2 10:16:58 UTC 2006
On Thu, Mar 02, 2006 at 10:24:05AM +0100, Norbert Sendetzky wrote:
> Hi Kostas
>
Hello Norbert
> > dn: dc=3.1.2.8.9.8.3.0.1.2.0.3,dc=e164.arpa,ou=domains,dc=otenet,dc=gr
> > changetype: add
> > objectclass: otenetDNSDomain
> > objectclass: domainrelatedobject
> > dc: 3.1.2.8.9.8.3.0.1.2.0.3
> > associateddomain: 3.1.2.8.9.8.3.0.1.2.0.3.e164.arpa
> > NAPTRRecord: 10 100 u E2U+sip !^.*$!sip:prod2 at 212.205.221.1!
> >
> > Is something wrong to the way NAPTR records are stored in ldap?
>
> I don't know much about NATPR Records but I had a look into my code and I
> think there is nothing which would prevent serving these types of records.
>
> Could you please
> - send us your pdns.conf (if it isn't confidential)
It's included attached. The include file in the last line only has the
necessary settings for the ldap connection which is succesful.
> - activate query logging in your config and send me the output
>
I activated as much as I could find in the conf file but the output in
the file (pdns.log) was not writen. There was output in syslog though,
which is included.
The query:
kzorba at tagoba(0)[11:17 AM]~>dig -t NAPTR 6.1.2.8.9.8.3.0.1.2.0.3.e164.arpa @tagoba
; <<>> DiG 9.2.4 <<>> -t NAPTR 6.1.2.8.9.8.3.0.1.2.0.3.e164.arpa @tagoba
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32298
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;6.1.2.8.9.8.3.0.1.2.0.3.e164.arpa. IN NAPTR
;; Query time: 4 msec
;; SERVER: 62.103.146.237#53(tagoba)
;; WHEN: Thu Mar 2 11:51:14 2006
;; MSG SIZE rcvd: 51
The pdns logs:
Mar 2 11:50:21 tagoba pdns[24276]: Listening on controlsocket in '/var/run/pdns.controlsocket'
Mar 2 11:50:21 tagoba pdns[24278]: Guardian is launching an instance
Mar 2 11:50:21 tagoba pdns[24278]: [LdapBackend] This is the ldap module version 2.9.17 (Sep 4 2005, 17:23:15) reporting
Mar 2 11:50:21 tagoba pdns[24278]: This is a guarded instance of pdns
Mar 2 11:50:21 tagoba pdns[24278]: UDP server bound to 62.103.146.237:53
Mar 2 11:50:21 tagoba pdns[24278]: TCP server bound to 62.103.146.237:53
Mar 2 11:50:21 tagoba pdns[24278]: PowerDNS 2.9.17 (C) 2001-2005 PowerDNS.COM BV (Sep 4 2005, 17:27:37) starting up
Mar 2 11:50:21 tagoba pdns[24278]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
Mar 2 11:50:21 tagoba pdns[24278]: Set effective group id to 110
Mar 2 11:50:21 tagoba pdns[24278]: Set effective user id to 106
Mar 2 11:50:21 tagoba pdns[24278]: DNS Proxy launched, local port 13945, remote 127.0.0.1:53
Mar 2 11:50:21 tagoba pdns[24278]: Creating backend connection for TCP
Mar 2 11:50:21 tagoba pdns[24278]: [LdapBackend] LDAP servers = pandora.otenet.gr:789
Mar 2 11:50:21 tagoba pdns[24278]: [LdapBackend] Ldap connection succeeded
Mar 2 11:50:21 tagoba pdns[24278]: About to create 3 backend threads
Mar 2 11:50:21 tagoba pdns[24278]: [LdapBackend] LDAP servers = pandora.otenet.gr:789
Mar 2 11:50:21 tagoba pdns[24278]: [LdapBackend] Ldap connection succeeded
Mar 2 11:50:21 tagoba pdns[24278]: [LdapBackend] LDAP servers = pandora.otenet.gr:789
Mar 2 11:50:21 tagoba pdns[24278]: [LdapBackend] Ldap connection succeeded
Mar 2 11:50:21 tagoba pdns[24278]: [LdapBackend] LDAP servers = pandora.otenet.gr:789
Mar 2 11:50:21 tagoba pdns[24278]: [LdapBackend] Ldap connection succeeded
Mar 2 11:50:21 tagoba pdns[24278]: Done launching threads, ready to distribute questions
Mar 2 11:51:14 tagoba pdns[24278]: Query: '6.1.2.8.9.8.3.0.1.2.0.3.e164.arpa|ANY'
The ldap logs:
[02/Mar/2006:11:51:57 +0200] conn=64 op=0 msgId=1 - BIND dn="cn=rootDN" method=128 version=3
[02/Mar/2006:11:51:57 +0200] conn=64 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=rootdn"
[02/Mar/2006:11:52:50 +0200] conn=62 op=1 msgId=2 - SRCH base="ou=domains,dc=otenet,dc=gr" scope=2 filter="(associatedDomain=6.1.2.8.9.8.3.0.1.2.0.3.e164.arpa)" attrs="dNSTTL aRecord nSRecord cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord rprecord aAAARecord LocRecord sRVRecord nAPTRRecord"
[02/Mar/2006:11:52:50 +0200] conn=62 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
This query returns one record as result. What puzzles me though is
that if I do the ldapsearch with the linux client (openldap 2.2.26), I
get:
ldapsearch -h pandora -p 789 -D cn=rootDN -w XXXXXX -x associatedDomain=6.1.2.8.9.8.3.0.1.2.0.3.e164.arpa dNSTTL aRecord nSRecord cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord rprecord aAAARecord LocRecord sRVRecord nAPTRRecord
dn: dc=6.1.2.8.9.8.3.0.1.2.0.3,dc=e164.arpa,ou=domains,dc=otenet,dc=gr
aRecord: 10.0.0.1
nAPTRRecord:: MTAgMTAwIHUgRTJVK3NpcCAhXi4qJCFzaXA6a21hckBzaXAxLnNpcC5vdGVuZXQu
Z3IhIA==
(nAPTRRecord seems corrupted)
However if I do the same query with the Solaris ldapsearch I get a
clear result
kzorba at pandora(0)[12:06pm]/opt/DSServers>ldapsearch -h pandora -p 789
-D "cn=rootDN" -w XXXXXXX -b ou=domains,dc=otenet,dc=gr
associateddomain=6.1.2.8.9.8.3.0.1.2.0.3.e164.arpa dNSTTL aRecord
nSRecord cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord
tXTRecord rprecord aAAARecord LocRecord sRVRecord nAPTRRecord
dc=6.1.2.8.9.8.3.0.1.2.0.3,dc=e164.arpa,ou=domains,dc=otenet,dc=gr
aRecord=10.0.0.1
nAPTRRecord=10 100 u E2U+sip !^.*$!sip:kmar at sip1.sip.otenet.gr!
Any ideas welcome!
We use SUN JES ldap server (former iPlanet I guess)
I also include the answer by a BIND nameserver for
completeness:
bank:~-> cat /var/named/chroot/var/named/otenet.e164.arpa.zone
$TTL 86400
@ IN SOA bank.otenet.gr. root (
2006020803 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS bank.otenet.gr.
6.1.2.8.9.8.3.0.1.2.0.3 NAPTR 10 100 "u" "E2U+sip" "!^.*$!sip:kmar at sip1.sip.otenet.gr!".
3.1.2.8.9.8.3.0.1.2.0.3 NAPTR 10 100 "u" "E2U+sip" "!^.*$!sip:prod2 at 212.205.221.1!".
bank:~-> dig -t NAPTR 6.1.2.8.9.8.3.0.1.2.0.3.otenet.e164.arpa
; <<>> DiG 9.2.5 <<>> -t NAPTR 6.1.2.8.9.8.3.0.1.2.0.3.otenet.e164.arpa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15270
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;6.1.2.8.9.8.3.0.1.2.0.3.otenet.e164.arpa. IN NAPTR
;; ANSWER SECTION:
6.1.2.8.9.8.3.0.1.2.0.3.otenet.e164.arpa. 86400 IN NAPTR 10 100 "u" "E2U+sip" "!^.*$!sip:kmar at sip1.sip.otenet.gr!" .
;; AUTHORITY SECTION:
otenet.e164.arpa. 86400 IN NS bank.otenet.gr.
;; Query time: 35 msec
;; SERVER: 212.205.221.1#53(212.205.221.1)
;; WHEN: Thu Mar 2 11:35:57 2006
;; MSG SIZE rcvd: 148
> > kzorba at tagoba(0)[06:28 PM]~/WorkingArea/pdns-2.9.19>make
> > powerldap.hh:72: error: type specifier omitted for parameter `uint16_t'
> > powerldap.hh:72: error: parse error before `=' token
>
> Your version lacks a patch which is already in SVN. I've attached it below.
> Please patch your source and try to recompile.
>
OK, I will do that and let you know.
Thanks for everything
Kostas
>
> Norbert
> --
> OpenPGP public key
> http://www.linuxnetworks.de/norbert.pubkey.asc
>
--
Kostas Zorbadelos
m at il contact: kzorba (at) otenet.gr
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-------------- next part --------------
# Autogenerated configuration file template
#################################
# allow-axfr-ips If disabled, DO allow zonetransfers from these IP addresses
#
# allow-axfr-ips=
#################################
# allow-recursion List of netmasks that are allowed to recurse
#
allow-recursion=127.0.0.1
#################################
# allow-recursion-override Local data even about hosts that don't exist will
# override the internet. (on/off)
#
# allow-recursion-override=
allow-recursion-override=on
#################################
# cache-ttl Seconds to store packets in the PacketCache
#
# cache-ttl=20
#################################
# chroot If set, chroot to this directory for more security
#
# chroot=/var/spool/powerdns
#################################
# config-dir Location of configuration directory (pdns.conf)
#
config-dir=/etc/powerdns
#################################
# config-name Name of this virtual configuration - will rename the binary image
#
# config-name=
#################################
# control-console Debugging switch - don't use
#
# control-console=no
#################################
# daemon Operate as a daemon
#
daemon=yes
#################################
# default-soa-name name to insert in the SOA record if none set in the backend
#
# default-soa-name=a.misconfigured.powerdns.server
#################################
# disable-axfr Disable zonetransfers but do allow TCP queries
#
disable-axfr=yes
#################################
# disable-tcp Do not listen to TCP queries
#
# disable-tcp=no
#################################
# distributor-threads Default number of Distributor (backend) threads to start
#
# distributor-threads=3
#################################
# fancy-records Process URL and MBOXFW records
#
# fancy-records=no
#################################
# guardian Run within a guardian process
#
guardian=yes
#################################
# launch Which backends to launch and order to query them in
#
# launch=
launch=ldap
#################################
# lazy-recursion Only recurse if question cannot be answered locally
#
lazy-recursion=yes
#################################
# load-modules Load this module - supply absolute or relative path
#
# load-modules=
#################################
# local-address Local IP address to which we bind
#
local-address=62.103.146.237
#################################
# local-ipv6 Local IP address to which we bind
#
# local-ipv6=
#################################
# local-port The port on which we listen
#
local-port=53
#################################
# log-dns-details If PDNS should log failed update requests
#
# log-dns-details=
log-dns-details=yes
#################################
# log-failed-updates If PDNS should log failed update requests
#
# log-failed-updates=
log-failed-updates=yes
#################################
# logfile Logfile to use
#
logfile=/var/log/powerdns/pdns.log
#################################
# logging-facility Log under a specific facility
#
# logging-facility=
#################################
# loglevel Amount of logging. Higher is more. Do not set below 3
#
# loglevel=4
loglevel=9
#################################
# master Act as a master
#
# master=no
#################################
# max-queue-length Maximum queuelength before considering situation lost
#
# max-queue-length=5000
#################################
# max-tcp-connections Maximum number of TCP connections
#
# max-tcp-connections=10
#################################
# module-dir Default directory for modules
#
module-dir=/usr/lib/powerdns
#################################
# negquery-cache-ttl Seconds to store packets in the PacketCache
#
# negquery-cache-ttl=60
#################################
# only-soa Make sure that no SOA serial is less than this number
#
# only-soa=org
#################################
# out-of-zone-additional-processing Do out of zone additional processing
#
# out-of-zone-additional-processing=no
#################################
# query-cache-ttl Seconds to store packets in the PacketCache
#
# query-cache-ttl=20
#################################
# query-logging Hint backends that queries should be logged
#
# query-logging=no
query-logging=yes
#################################
# queue-limit Maximum number of milliseconds to queue a query
#
# queue-limit=1500
#################################
# query-local-address The IP address to use as a source address for sending
# queries.
# query-local-address=
#################################
# receiver-threads Number of receiver threads to launch
#
# receiver-threads=1
#################################
# recursive-cache-ttl Seconds to store packets in the PacketCache
#
# recursive-cache-ttl=10
#################################
# recursor If recursion is desired, IP address of a recursing nameserver
#
# recursor=
recursor=127.0.0.1
#################################
# setgid If set, change group id to this gid for more security
#
setgid=pdns
#################################
# setuid If set, change user id to this uid for more security
#
setuid=pdns
#################################
# skip-cname Do not perform CNAME indirection for each query
#
# skip-cname=no
#################################
# slave Act as a slave
#
# slave=no
#################################
# slave-cycle-interval Reschedule failed SOA serial checks once every .. seconds
#
# slave-cycle-interval=60
#################################
# smtpredirector Our smtpredir MX host
#
# smtpredirector=a.misconfigured.powerdns.smtp.server
#################################
# soa-minimum-ttl Default SOA mininum ttl
#
# soa-minimum-ttl=3600
#################################
# soa-serial-offset Make sure that no SOA serial is less than this number
#
# soa-serial-offset=0
#################################
# socket-dir Where the controlsocket will live
#
socket-dir=/var/run
#################################
# strict-rfc-axfrs Perform strictly rfc compliant axfrs (very slow)
#
# strict-rfc-axfrs=no
#################################
# urlredirector Where we send hosts to that need to be url redirected
#
# urlredirector=127.0.0.1
#################################
# use-logfile Use a log file
#
use-logfile=yes
#################################
# webserver Start a webserver for monitoring
#
# webserver=no
#################################
# webserver-address IP Address of webserver to listen on
#
# webserver-address=127.0.0.1
#################################
# webserver-password Password required for accessing the webserver
#
# webserver-password=
#################################
# webserver-port Port of webserver to listen on
#
# webserver-port=8081
#################################
# webserver-print-arguments If the webserver should print arguments
#
# webserver-print-arguments=no
#################################
# wildcard-url Process URL and MBOXFW records
#
# wildcard-url=no
#################################
# wildcards Honor wildcards in the database
#
# wildcards=
#################################
# version-string What should PowerDNS return for version
# allowed methods are anonymouse / powerdns / full / custom
version-string=powerdns
include=/etc/powerdns/pdns.d
More information about the Pdns-users
mailing list