[Pdns-users] PDNS & pdns-recursor on same machine problems

Augie Schwer augie.schwer at gmail.com
Wed Nov 26 19:05:26 UTC 2008


Your authoritative servers are broken. No really :

[augie at augnix ~]$ dig ns oldbridgeinc.com +trace
[snip]
oldbridgeinc.com.       172800  IN      NS      ns1.jbdesign.net.
oldbridgeinc.com.       172800  IN      NS      ns2.jbdesign.net.

[augie at augnix ~]$ dig ns oldbridgeinc.com @ns2.jbdesign.net +short
[augie at augnix ~]$ dig ns oldbridgeinc.com @ns1.jbdesign.net +short

No answer; your name servers do not provide NS records for your
domain; this could screw up your recursion.

--Augie

On Wed, Nov 26, 2008 at 8:52 AM, Baird, Josh <jbaird at follett.com> wrote:
>
> Any ideas?
>
> -----Original Message-----
> From: pdns-users-bounces at mailman.powerdns.com on behalf of Baird, Josh
> Sent: Mon 11/24/2008 5:06 PM
> To: bert hubert
> Cc: pdns-users at mailman.powerdns.com
> Subject: RE: [Pdns-users] PDNS & pdns-recursor on same machine problems
>
>
> Bert,
>
> Sure.. running the recursor with --trace completely killed this box, but I
> do believe I was able to get some data for you :)
>
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] question for
> 'oldbridgeinc.com.|A' from 172.15.64.11
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Looking for CNAME cache hit of 'oldbridgeinc.com.|CNAME'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: No
> CNAME cache hit of 'oldbridgeinc.com.|CNAME' found
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: No
> cache hit for 'oldbridgeinc.com.|A', trying to find an appropriate NS record
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Checking if we have NS in cache for 'oldbridgeinc.com.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: no
> valid/useful NS in cache for 'oldbridgeinc.com.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Checking if we have NS in cache for 'com.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS
> (with ip, or non-glue) in cache for 'com.' -> 'a.gtld-servers.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> within bailiwick: 0, not in cache / did not look at cache
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS
> (with ip, or non-glue) in cache for 'com.' -> 'b.gtld-servers.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> within bailiwick: 0, not in cache / did not look at cache
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS
> (with ip, or non-glue) in cache for 'com.' -> 'c.gtld-servers.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> within bailiwick: 0, not in cache / did not look at cache
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS
> (with ip, or non-glue) in cache for 'com.' -> 'd.gtld-servers.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> within bailiwick: 0, not in cache / did not look at cache
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS
> (with ip, or non-glue) in cache for 'com.' -> 'e.gtld-servers.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> within bailiwick: 0, not in cache / did not look at cache
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS
> (with ip, or non-glue) in cache for 'com.' -> 'f.gtld-servers.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> within bailiwick: 0, not in cache / did not look at cache
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS
> (with ip, or non-glue) in cache for 'com.' -> 'g.gtld-servers.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> within bailiwick: 0, not in cache / did not look at cache
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS
> (with ip, or non-glue) in cache for 'com.' -> 'h.gtld-servers.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> within bailiwick: 0, not in cache / did not look at cache
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS
> (with ip, or non-glue) in cache for 'com.' -> 'i.gtld-servers.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> within bailiwick: 0, not in cache / did not look at cache
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS
> (with ip, or non-glue) in cache for 'com.' -> 'j.gtld-servers.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> within bailiwick: 0, not in cache / did not look at cache
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS
> (with ip, or non-glue) in cache for 'com.' -> 'k.gtld-servers.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> within bailiwick: 0, not in cache / did not look at cache
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS
> (with ip, or non-glue) in cache for 'com.' -> 'l.gtld-servers.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> within bailiwick: 0, not in cache / did not look at cache
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS
> (with ip, or non-glue) in cache for 'com.' -> 'm.gtld-servers.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> within bailiwick: 0, not in cache / did not look at cache
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: We
> have NS in cache for 'com.' (flawedNSSet=0)
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Cache consultations done, have 13 NS to contact
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Nameservers: b.gtld-servers.net.(256ms), a.gtld-servers.net.(275ms),
> d.gtld-servers.net.(287ms),
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]
> oldbridgeinc.com.:              g.gtld-servers.net.(300ms),
> c.gtld-servers.net.(302ms), i.gtld-servers.net.(325ms),
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]
> oldbridgeinc.com.:              h.gtld-servers.net.(325ms),
> j.gtld-servers.net.(354ms), f.gtld-servers.net.(363ms),
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]
> oldbridgeinc.com.:              e.gtld-servers.net.(599ms),
> l.gtld-servers.net.(625ms), k.gtld-servers.net.(728ms),
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]
> oldbridgeinc.com.:              m.gtld-servers.net.(751ms)
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Trying to resolve NS 'b.gtld-servers.net.' (1/13)
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   b.gtld-servers.net.:
> Looking for CNAME cache hit of 'b.gtld-servers.net.|CNAME'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   b.gtld-servers.net.:
> No CNAME cache hit of 'b.gtld-servers.net.|CNAME' found
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   b.gtld-servers.net.:
> Found cache hit for A: 192.33.14.30[ttl=172674]
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Resolved 'com.' NS b.gtld-servers.net. to: 192.33.14.30
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Trying IP 192.33.14.30:53, asking 'oldbridgeinc.com.|A'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Got
> 4 answers from b.gtld-servers.net. (192.33.14.30), rcode=0, in 142ms
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> accept answer 'oldbridgeinc.com.|NS|ns1.jbdesign.net.' from 'com.'
> nameservers? YES!
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> accept answer 'oldbridgeinc.com.|NS|ns2.jbdesign.net.' from 'com.'
> nameservers? YES!
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> accept answer 'ns1.jbdesign.net.|A|72.29.72.189' from 'com.' nameservers?
> NO!
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> accept answer 'ns2.jbdesign.net.|A|12.44.213.89' from 'com.' nameservers?
> NO!
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> determining status after receiving this packet
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: got
> NS record 'oldbridgeinc.com.' -> 'ns1.jbdesign.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: got
> NS record 'oldbridgeinc.com.' -> 'ns2.jbdesign.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> status=did not resolve, got 2 NS, looping to them
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Nameservers: ns1.jbdesign.net.(0ms), ns2.jbdesign.net.(0ms)
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Trying to resolve NS 'ns1.jbdesign.net.' (1/2)
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.:
> Looking for CNAME cache hit of 'ns1.jbdesign.net.|CNAME'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: No
> CNAME cache hit of 'ns1.jbdesign.net.|CNAME' found
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: No
> cache hit for 'ns1.jbdesign.net.|A', trying to find an appropriate NS record
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.:
> Cache consultations done, have 1 NS to contact
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.:
> Nameservers: 72.29.72.189:53(-1172ms)
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.:
> Trying to resolve NS '72.29.72.189:53' (1/1)
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.:
> Domain has hardcoded nameserver(s)
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.:
> Resolved 'jbdesign.net.' NS 72.29.72.189:53 to: 72.29.72.189
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.:
> Trying IP 72.29.72.189:53, asking 'ns1.jbdesign.net.|A'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.:
> query throttled
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.:
> Failed to resolve via any of the 1 offered NS at level 'jbdesign.net.'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.:
> failed (res=-1)
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Failed to get IP for NS ns1.jbdesign.net., trying next if available
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Trying to resolve NS 'ns2.jbdesign.net.' (2/2)
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns2.jbdesign.net.:
> Looking for CNAME cache hit of 'ns2.jbdesign.net.|CNAME'
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns2.jbdesign.net.: No
> CNAME cache hit of 'ns2.jbdesign.net.|CNAME' found
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns2.jbdesign.net.:
> Found cache hit for A: 12.44.213.89[ttl=86395]
> Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Resolved 'oldbridgeinc.com.' NS ns2.jbdesign.net. to: 12.44.213.89
> Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Trying IP 12.44.213.89:53, asking 'oldbridgeinc.com.|A'
> Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> query throttled
> Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Failed to resolve via any of the 2 offered NS at level 'oldbridgeinc.com.'
> Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> Invalidating nameservers for level 'oldbridgeinc.com.', next query might
> succeed
> Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:
> failed (res=-1)
> Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] answer to question
> 'oldbridgeinc.com.|A': 0 answers, 0 additional, took 1 packets, 2 throttled,
> 0 timeouts, 0 tcp connections, rcode=2
>
> It look's like it is trying to hand the query off to
> ns1.jbdesign.net/ns2.jbdesign.net which is correct (ns2 runs on this same
> box, on a different interface).  This recursor IS able to resolve both  NS1
> and NS2 (only because I have added jbdesign.net to the forwarders= option in
> recursor.conf).  Unfortuantly, dig didn't return any useful info probably
> due to the fact that --trace made the recursor completely unresponsive, but
> here is the output after I turned --trace off:
>
> root at thunder:/etc/rc.d/init.d$ dig oldbridgeinc.com @172.15.64.11
>
> ; <<>> DiG 9.3.4-P1 <<>> oldbridgeinc.com @172.15.64.11
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54661
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;oldbridgeinc.com.              IN      A
>
> ;; ANSWER SECTION:
> oldbridgeinc.com.       86400   IN      A       72.29.72.191
>
> ;; Query time: 116 msec
> ;; SERVER: 172.15.64.11#53(172.15.64.11)
> ;; WHEN: Mon Nov 24 17:05:20 2008
> ;; MSG SIZE  rcvd: 50
>
>
> Thanks,
>
> Josh
>
>
>
> -----Original Message-----
> From: bert hubert [mailto:bert.hubert at netherlabs.nl]
> Sent: Mon 11/24/2008 4:43 PM
> To: Baird, Josh
> Cc: pdns-users at mailman.powerdns.com
> Subject: Re: [Pdns-users] PDNS & pdns-recursor on same machine problems
>
> On Mon, Nov 24, 2008 at 03:36:07PM -0600, Baird, Josh wrote:
>
>> I have a set of authoritative servers running PDNS.  One of these servers
>> is
>> also running pdns-recursor which is bound to a separate IP address.  The
>> recursor is having problems resolving domains that the authoritative
>> instance is authoritative for.  Trying to resolve hostnames within these
>> domains doesn't bail with a NXDOMAIN or a FAIL, but it just does not
>> return
>> an IP address:
>
> Josh,
>
> Can you run the recursor in '--trace' mode, and show the output when it
> tries to resolve a domain for you that is hosted on the same machine?
>
> Instead of 'host', could you use 'dig', as in 'dig blah.com
> @ip-address-of-recursor'?
>
> Dig is a little bit more verbose in its output.
>
>> Is there a way to make the recursor resolve these domains without manually
>> forwarding each of them back to the IP address that the authoritative
>> server
>> is listening on?  Shouldn't it use recursion for these queries?
>
> Yes, it should just work, without special configuration.
>
> Please let us know!
>
>         Bert
>
> --
> http://www.PowerDNS.com      Open source, database driven DNS Software
> http://netherlabs.nl              Open and Closed source services
>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>



-- 
Augie Schwer    -    Augie at Schwer.us    -    http://schwer.us
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072


More information about the Pdns-users mailing list