[Pdns-users] Classless in-addr.arpa delegation broken?

Augie Schwer augie.schwer at gmail.com
Tue Jan 30 23:22:20 UTC 2007 

It seems in certain cases PowerDNS does not volunteer the CNAME it has
when asked for a PTR; which will break sites with rfc2317
(http://www.ietf.org/rfc/rfc2317.txt) setup.

Does anyone else with this type of setup have this problem? Or maybe
more importantly does anyone *not* have this problem?

We are running r950 out of the SVN trunk with a patch for #118
(http://wiki.powerdns.com/cgi-bin/trac.fcgi/ticket/118).

So for example we have a BIND master with a zone file that looks
something like this:

$TTL 3600
$ORIGIN 222.12.69.in-addr.arpa.
@               IN      SOA     sonic.net. hostmaster.sonic.net. (
                        2006121401      ; serial
                        3600            ; refresh
                        300             ; retry
                        1209600          ; expire
                        3600 )          ; minimum ttl
                IN      NS      a.auth-ns.sonic.net.
                IN      NS      b.auth-ns.sonic.net.
                IN      NS      c.auth-ns.sonic.net.
0-255           IN      NS      ns1.quantact.com.
0-255           IN      NS      ns2.quantact.com.
2               IN      CNAME   2.0-255.222.12.69.in-addr.arpa.

If you ask the BIND master for the reverse you get the CNAME and glue records:

[augie at augnix ~]$ dig -x 69.12.222.2 @mns1.sonic.net +norecurse
;; ANSWER SECTION:
2.222.12.69.in-addr.arpa. 3600  IN      CNAME   2.0-255.222.12.69.in-addr.arpa.
;; AUTHORITY SECTION:
0-255.222.12.69.in-addr.arpa. 3600 IN   NS      ns1.quantact.com.
0-255.222.12.69.in-addr.arpa. 3600 IN   NS      ns2.quantact.com.
;; ADDITIONAL SECTION:
ns1.quantact.com.       172121  IN      A       64.142.109.250
ns2.quantact.com.       172121  IN      A       64.151.119.219

But if you ask one of the PowerDNS authoritative slaves you only get the glue:

[augie at augnix ~]$ dig -x 69.12.222.2 @a.auth-ns.sonic.net +norecurse
;; AUTHORITY SECTION:
0-255.222.12.69.in-addr.arpa. 3600 IN   NS      ns1.quantact.com.
0-255.222.12.69.in-addr.arpa. 3600 IN   NS      ns2.quantact.com.

The pertinent bits in the PowerDNS slave DBs look like this:

mysql> select name,type,content from records where domain_id = 17603
and type = 'NS';
+------------------------------+------+---------------------+
| name                         | type | content             |
+------------------------------+------+---------------------+
| 222.12.69.in-addr.arpa       | NS   | a.auth-ns.sonic.net |
| 222.12.69.in-addr.arpa       | NS   | b.auth-ns.sonic.net |
| 222.12.69.in-addr.arpa       | NS   | c.auth-ns.sonic.net |
| 0-255.222.12.69.in-addr.arpa | NS   | ns1.quantact.com    |
| 0-255.222.12.69.in-addr.arpa | NS   | ns2.quantact.com    |
+------------------------------+------+---------------------+

and

mysql> select name,type,content from records where content =
'2.0-255.222.12.69.in-addr.arpa';
+--------------------------+-------+--------------------------------+
| name                     | type  | content                        |
+--------------------------+-------+--------------------------------+
| 2.222.12.69.in-addr.arpa | CNAME | 2.0-255.222.12.69.in-addr.arpa |
+--------------------------+-------+--------------------------------+


-- 
Augie Schwer    -    Augie at Schwer.us    -    http://schwer.us
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072

More information about the Pdns-users mailing list