[Pdns-users] recursor unable to resolve asn.routeviews.org data

J Knight jknight+pdns at spamshield.org
Sat Aug 11 06:06:47 UTC 2007


Greetings.

So we've tried to switch from BIND to PDNS-recursor (Linux Recursor 3.1.4-1, as
installed from official rpm), but we hit a rather significant snag:

routeviews.org provides a DNS-based Internet route information service
in the asn.routeviews.org zone:

It's provided with a BIND server on their end, and provides THREE answers
for a single query (that to our knowledge are ASCII "null"-separated)

(dig against our BIND server):
     $ dig @bind  101.67.83.202.asn.routeviews.org txt
     ...
     ;; QUESTION SECTION:
     ;101.67.83.202.asn.routeviews.org. IN   TXT

     ;; ANSWER SECTION:
     101.67.83.202.asn.routeviews.org. 600 IN TXT    "9723" "202.83.67.0" "24"

     ;; AUTHORITY SECTION:
     asn.routeviews.org.     808     IN      NS      ns3.routeviews.org.
     asn.routeviews.org.     808     IN      NS      route-views.linx.routeviews.org.
     asn.routeviews.org.     808     IN      NS      route-views.wide.routeviews.org.

     ;; Query time: 65 msec


Which means: IP 202.83.67.101 is part of route 202.83.67.0/24, originating from ASN 9723.

The same query through the Recursor:

    $ dig @recursor  101.67.83.202.asn.routeviews.org txt
    ...
    ;; QUESTION SECTION:
    ;101.67.83.202.asn.routeviews.org. IN   TXT

    ;; ANSWER SECTION:
    101.67.83.202.asn.routeviews.org. 600 IN TXT    "9723"

    ;; Query time: 134 msec

Clearly, that poses a show-stopper problem for any user of the above service,
which we use a couple 10,000 times a day :(

Recursor Bug?
Multi-answers not implemented?
Multi-answers ignored for security reasons?
Multi-answers obsolete in protocol?

Yes, the Windows XP (*choke*) client DNS resolver is returning all three answers, too,
so it's not just BIND knowing about this rather elaborate reply format...







More information about the Pdns-users mailing list