[Pdns-users] Feedback on the recursor 3.0 requested + 3.0.1

[Stephen Harker]

bert hubert wrote:
> Hi everybody,
> 
> Tomorrow the PowerDNS Recursor 3.0.1 will be released, with nothing but
> fixes for real observed problems, including one stability problem. 
> 
> If you are running 3.0, please let me know either privately or here, if you
> are observing any problems or if things are ticking along well. Now is your
> chance to report any issues!

I have noticed one issue on one of our recursing nameservers. It was
until recently running pdns with djb's dnscache as the local recursor.
There are no backends configured as this is not an authoratative server.
The pdns version is 2.9.17 from Debian Sarge running on a Sarge box and
the recursor from your supplied .deb

ii  pdns-server              2.9.17-13sarge2
ii  pdns-recursor            3.0.1-1

Doing successive lookups against this server for an MX record shows the
TTL ticking down until the main priority 10 record expires. Then, the
recursor just gives the (still valid) priority 20 record by itself and
doesn't bother re-fetching and giving out the expired record. This
obviously causes mail to go missing, expecially if the backup MX looks
up and finds itself as the only MX and bounces the mail.

bludger:~# dig @localhost noblemarine.co.uk mx

; <<>> DiG 9.2.4 <<>> @localhost noblemarine.co.uk mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7043
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;noblemarine.co.uk.             IN      MX

;; ANSWER SECTION:
noblemarine.co.uk.      10518   IN      MX      20
bludger.positive-internet.com.
noblemarine.co.uk.      68      IN      MX      10
pop3.positive-internet.com.

;; ADDITIONAL SECTION:
pop3.positive-internet.com. 10403 IN    A       80.87.128.64
bludger.positive-internet.com. 10399 IN A       80.87.128.93

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Thu May  4 16:28:08 2006
;; MSG SIZE  rcvd: 133

bludger:~# dig @localhost noblemarine.co.uk mx

; <<>> DiG 9.2.4 <<>> @localhost noblemarine.co.uk mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34707
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;noblemarine.co.uk.             IN      MX

;; ANSWER SECTION:
noblemarine.co.uk.      10451   IN      MX      20
bludger.positive-internet.com.
noblemarine.co.uk.      1       IN      MX      10
pop3.positive-internet.com.

;; ADDITIONAL SECTION:
bludger.positive-internet.com. 10332 IN A       80.87.128.93
pop3.positive-internet.com. 10336 IN    A       80.87.128.64

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Thu May  4 16:29:15 2006
;; MSG SIZE  rcvd: 133

bludger:~# dig @localhost noblemarine.co.uk mx

; <<>> DiG 9.2.4 <<>> @localhost noblemarine.co.uk mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50964
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;noblemarine.co.uk.             IN      MX

;; ANSWER SECTION:
noblemarine.co.uk.      10450   IN      MX      20
bludger.positive-internet.com.

;; ADDITIONAL SECTION:
bludger.positive-internet.com. 10331 IN A       80.87.128.93

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Thu May  4 16:29:16 2006
;; MSG SIZE  rcvd: 96

Switching back to the djb dnscache recursor and re-running the queries
shows that the TTL for both records is set to that of the lowest TTL
record so that these are re-fetched at the same time...

bludger:~# dig @localhost noblemarine.co.uk mx

; <<>> DiG 9.2.4 <<>> @localhost noblemarine.co.uk mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3230
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;noblemarine.co.uk.             IN      MX

;; ANSWER SECTION:
noblemarine.co.uk.      350     IN      MX      10
pop3.positive-internet.com.
noblemarine.co.uk.      10800   IN      MX      20
bludger.positive-internet.com.

;; Query time: 216 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Thu May  4 16:31:56 2006
;; MSG SIZE  rcvd: 101

bludger:~# dig @localhost noblemarine.co.uk mx

; <<>> DiG 9.2.4 <<>> @localhost noblemarine.co.uk mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54652
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;noblemarine.co.uk.             IN      MX

;; ANSWER SECTION:
noblemarine.co.uk.      349     IN      MX      10
pop3.positive-internet.com.
noblemarine.co.uk.      349     IN      MX      20
bludger.positive-internet.com.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Thu May  4 16:31:57 2006
;; MSG SIZE  rcvd: 101

bludger:~# dig @localhost noblemarine.co.uk mx

; <<>> DiG 9.2.4 <<>> @localhost noblemarine.co.uk mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40109
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;noblemarine.co.uk.             IN      MX

;; ANSWER SECTION:
noblemarine.co.uk.      347     IN      MX      10
pop3.positive-internet.com.
noblemarine.co.uk.      347     IN      MX      20
bludger.positive-internet.com.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Thu May  4 16:31:59 2006
;; MSG SIZE  rcvd: 101

Has anyone else noticed this and is there a fix for it? Or is it
possibly an issue with pdns-server 2.9.17 itself?

Regards,

Stephen