[Pdns-users] Have I got a good one....
lorens-pdns-3987 at tagged.lorens.org
Fri Mar 3 23:11:56 UTC 2006
On Fri, Mar 03, 2006 at 11:56:34PM +0100, bert hubert wrote:
> On Fri, Mar 03, 2006 at 02:47:01PM -0800, Alan Hodgson wrote:
> > > go on vacation. And if you get the same results and it is broken in
> > > PDNS, please fix or give a work around before this woman comes in
> > > an' coughs up gagged sweet 'taters on my carpet.
> > precursor 2.9.18 resolves it fine. Both authoritative nameservers appear to
> > be serving A records for the domain with authoritative answers, so it looks
> > OK to me.
> Still looking into it but 'messageboardoflove.com' has something decidedly
> odd to it nameserverwise. Sometimes you need 4s timeouts to be able to
> resolve it, but not always.
> PowerDNS might need to do a better job here, but the domain is pretty broken
> it appears.
dnsreport.com screams about one problem straight off:
% Missing (stealth) nameservers FAIL: You have one or more missing
% (stealth) nameservers. The following nameserver(s) are listed (at your
% nameservers) as nameservers for your domain, but are not listed at the
% the parent nameservers (therefore, they may or may not get used,
% depending on whether your DNS servers return them in the authority
% section for other requests, per RFC2181 5.4.1). You need to make sure
% that these stealth nameservers are working; if they are not responding,
% you may have serious problems! The DNS Report will not query these
% servers, so you need to be very careful that they are working properly.
% This is listed as an ERROR because there are some cases where nasty
% problems can occur (if the TTLs vary from the NS records at the root
% servers and the NS records point to your own domain, for example).
% FAIL Missing nameservers 2 ERROR: One or more of the nameservers
% listed at the parent servers are not listed as NS records at your
% nameservers. The problem NS records are:
This can be hard to see even with dig, you have to really do
every single lookup by hand.
It basically means that the NS records in the TLD nameservers
point to nameservers that are authoritative for the domain, but
which consider themselves to have other names. Oh, and that
there are seven of them, not two.
Based on my experience with pdns, I'd suspect the pdns doesn't
like the bad values, while bind closes its eyes hard and skates.
At the very least it's a nice place if you want somewhere
authoritative to point to saying it's not your fault :-)
More information about the Pdns-users