[Pdns-users] recursor unable to resolve asn.routeviews.org data

J Knight jknight+pdns at spamshield.org
Fri Aug 17 13:30:13 UTC 2007


Has anyone seen this post to the list (or has a comment on it)?

Thanks - Jamie

On 8/11/2007 at 2:06 AM, "J Knight" <jknight+pdns at spamshield.org> wrote:

> Date: Sat, 11 Aug 2007 02:06:47 -0400
> From: J Knight <jknight+pdns at spamshield.org>
> Message-ID: <916807326.20070811020647 at spamshield.org>
> To: pdns-users at mailman.powerdns.com

> Greetings.

> So we've tried to switch from BIND to PDNS-recursor (Linux Recursor 3.1.4-1, as
> installed from official rpm), but we hit a rather significant snag:

> routeviews.org provides a DNS-based Internet route information service
> in the asn.routeviews.org zone:

> It's provided with a BIND server on their end, and provides THREE answers
> for a single query (that to our knowledge are ASCII "null"-separated)

> (dig against our BIND server):
>      $ dig @bind  101.67.83.202.asn.routeviews.org txt
>      ...
>      ;; QUESTION SECTION:
>      ;101.67.83.202.asn.routeviews.org. IN   TXT

>      ;; ANSWER SECTION:
>      101.67.83.202.asn.routeviews.org. 600 IN TXT    "9723" "202.83.67.0" "24"

>      ;; AUTHORITY SECTION:
>      asn.routeviews.org.     808     IN      NS      ns3.routeviews.org.
>      asn.routeviews.org.     808     IN      NS      route-views.linx.routeviews.org.
>      asn.routeviews.org.     808     IN      NS      route-views.wide.routeviews.org.

>      ;; Query time: 65 msec


> Which means: IP 202.83.67.101 is part of route 202.83.67.0/24, originating from ASN 9723.

> The same query through the Recursor:

>     $ dig @recursor  101.67.83.202.asn.routeviews.org txt
>     ...
>     ;; QUESTION SECTION:
>     ;101.67.83.202.asn.routeviews.org. IN   TXT

>     ;; ANSWER SECTION:
>     101.67.83.202.asn.routeviews.org. 600 IN TXT    "9723"

>     ;; Query time: 134 msec

> Clearly, that poses a show-stopper problem for any user of the above service,
> which we use a couple 10,000 times a day :(

> Recursor Bug?
> Multi-answers not implemented?
> Multi-answers ignored for security reasons?
> Multi-answers obsolete in protocol?

> Yes, the Windows XP (*choke*) client DNS resolver is returning all three answers, too,
> so it's not just BIND knowing about this rather elaborate reply format...






More information about the Pdns-users mailing list