[Pdns-users] External CNAME w/ auth and recursor

Sebastien Luttringer sebastien.luttringer at smartjog.com
Wed Mar 5 16:09:59 UTC 2008 

Sascha Holzleiter wrote:
> Sebastien Luttringer schrieb:
>> test.tdf-pmm.wan is an alias for ns.seblu.net.
>>
>> # host  test.tdf-pmm.wan 127.0.0.1
>> Using domain server:
>> Name: 127.0.0.1
>> Address: 127.0.0.1#53
>> Aliases:
>>
>> Host test.tdf-pmm.wan not found: 3(NXDOMAIN)
>>
>> test-1:/var/www/tupa# host ns.seblu.net 127.0.0.1
>> Using domain server:
>> Name: 127.0.0.1
>> Address: 127.0.0.1#53
>> Aliases:
>>
>> ns.seblu.net has address 88.191.33.22
>>
>> This is very strange that everybody else don't have the same problem
>
> It isn't strange at all. Your nameserver is just not authorative for
> the external domain you
> specified in the CNAME record and thus cannot give the correct answer
> without recursing.
>
> If you use a utility like dig(1) to test this i'll bet you'll see
> something like this:
>
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 643
> ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> That's why you can query the CNAME type because if you ask no further
> the nameserver can give you the correct answer but he cannot give you
> the A record of the CNAME RR because he isn't allowed to recurse...
Perhaps you don't have read the start of this thread, but my pdns is
used as a recursive and authoritative servers by users. They can queries
for www.google.com or tdf-pmm.wan (local zone). So firstly pdns_server
should find the cname and ask to the configured (in pdns.conf) recursor
to answer to this external cname. No ?

And for your example dig answer that...

# dig @127.0.0.1 test.tdf-pmm.wan
; <<>> DiG 9.3.4 <<>> @127.0.0.1 test.tdf-pmm.wan
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33663
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;test.tdf-pmm.wan.              IN      A

;; AUTHORITY SECTION:
.                       3320    IN      SOA     a.root-servers.net.
nstld.verisign-grs.com. 2008030401 1800 900 604800 86400

;; Query time: 33 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar  5 17:08:09 2008
;; MSG SIZE  rcvd: 109

Now with cname record, authority is set to 0.

# dig @127.0.0.1 -t cname test.tdf-pmm.wan
; <<>> DiG 9.3.4 <<>> @127.0.0.1 -t cname test.tdf-pmm.wan
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52395
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;test.tdf-pmm.wan.              IN      CNAME

;; ANSWER SECTION:
test.tdf-pmm.wan.       86400   IN      CNAME   ns.seblu.net.

;; Query time: 34 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar  5 17:08:04 2008
;; MSG SIZE  rcvd: 60

-- 
Sebastien "Seblu" Luttringer      sebastien.luttringer at smartjog.com
Smartjog SA                       http://www.smartjog.com/

More information about the Pdns-users mailing list