[Pdns-users] Recursor problem when zone has no NS records
bert hubert
bert.hubert at netherlabs.nl
Wed Jun 4 19:53:03 UTC 2008
On Wed, Jun 04, 2008 at 12:30:43PM -0600, Derrik Pates wrote:
> A customer has recently led me to discover that pdns_recursor, when
> performing a recursive query, such as looking for a 'A' record for the
> likes of 119.177.179.77.zen.spamhaus.org, times out and fails due to the
> fact that the 'zen.spamhaus.org' contains no NS records at all. If I
> query for NS records, I just get the SOA (as is usual for the circumstance).
I verified, but zen.spamhaus.org has heaps of NS records. So I think
something else is going on.
> There are, of course, NS records to indicate the referral at the parent
> server, but for apparent "security" purposes, none are indicated in the
> zone itself. Running the same query against a BIND-based recursor gets
> correct results, along with an authority section listing several of the
> nameservers.
Do you have a source for this 'security' idea?
If you ever see PowerDNS failing again, send it a USR2 signal, which will
cause it to output a trace of all queries. Don't do this under heavy load
though.
This trace will tell us what is going wrong resolving
119.177.179.77.zen.spamhaus.org. Right now, I'd love to help, but I can't
reproduce the problem, and I don't see that any NS records are missing.
Bert
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
More information about the Pdns-users
mailing list