[Pdns-users] mx failure scenario

Augie Schwer augie.schwer at gmail.com
Thu Jan 4 23:57:51 UTC 2007 

On 12/21/06, bert hubert <bert.hubert at netherlabs.nl> wrote:
> On Thu, Dec 21, 2006 at 10:00:30AM -0800, gnu not unix wrote:
> > I have a problem with my parent zone (sf.ca.us), where they
> > are running powerdns (they used to run bind), and this change
> > seems to have resulted in my loss of email connectivity.
> Something definitely is odd:
> $ dig +norecurs -t mx wraith.sf.ca.us @B.AUTH-NS.SONIC.NET.
> ; <<>> DiG 9.3.2 <<>> +norecurs -t mx wraith.sf.ca.us @B.AUTH-NS.SONIC.NET.
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42774
> ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 2
> ;; QUESTION SECTION:
> ;wraith.sf.ca.us.               IN      MX
> ;; AUTHORITY SECTION:
> sf.ca.us.               259200  IN      SOA     ns1.sonic.net. hostmaster.sonic.net. 2006122102 3600 300 1209600 3600
> wraith.sf.ca.us.        3600    IN      NS      wraith.sf.ca.us.
> wraith.sf.ca.us.        3600    IN      NS      smidge.wraith.sf.ca.us.
> This SOA record should not be there. I have no easy explanation why it is
> there.

Here is where the spurious SOA gets inserted:

http://wiki.powerdns.com/cgi-bin/trac.fcgi/attachment/ticket/117/pdns-packethandler.cc.patch

The above patch removes the addition of the spurious SOA in to the
reply packet, but I'm having a hard time understanding why the code
bit was needed in the first place, so no guarantees that it won't
break something else.

Index: packethandler.cc
===================================================================
--- packethandler.cc    (revision 941)
+++ packethandler.cc    (working copy)
@@ -404,8 +404,6 @@
        r->addRecord(rr);
       }
     }
-    if(hits && !found && !rfound && shortcut ) // we found matching
qnames but not a qtype
-      return 2;

     if(rfound)
       return 1; // ANY lookup found the right answer immediately
@@ -640,20 +638,6 @@
     }
     mret=makeCanonic(p, r, target); // traverse CNAME chain until we
have a useful record (may actually give the correct answer!)

-    if(mret==2) { // there is some data, but not of the correct type
-      DLOG(L<<"There is some data, but not of the correct type"<<endl);
-      SOAData sd;
-      if(getAuth(p, &sd, target, 0)) {
-       rr.qname=sd.qname;
-       rr.qtype=QType::SOA;
-       rr.content=DNSPacket::serializeSOAData(sd);
-       rr.ttl=sd.ttl;
-       rr.domain_id=sd.domain_id;
-       rr.d_place=DNSResourceRecord::AUTHORITY;
-       r->addRecord(rr);
-      }
-    }
-
     if(mret == 1)
       goto sendit; // this might be the end of it (client requested a
CNAME, or we found the answer already)



-- 
Augie Schwer    -    Augie at Schwer.us    -    http://schwer.us
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072

More information about the Pdns-users mailing list