[Pdns-users] Non authoritive secondary & recursion

Sean Boran sean at boran.com
Tue Feb 10 13:13:26 UTC 2009 

2009/2/10 Stefan Schmidt <stefan.schmidt at freenet.ag>

> ....
> > I've set up a pdns as a secondary for a list of internal domains. It is
> non
> > authoritive in that its IP address is not listed as a NS in the domain
> > records.
>
> Authority means that the nameserver has local content for that query.
> Whenever you load a Zone in BIND or PowerDNS you make it authoritative
> for that Zone.
>

OK

> The pdns is configured to forward any requests it does not understand
> (e.g.
> > internet queries) to another DNS server, using "recursor").
> >
> > The problem is that it does not want to seem to answer requests for the
> > records in the secondary domain that is hosts.
> >
> > nslookup router238-4.vptt.ch
> > ;; Got recursion not available from 193.5.227.236, trying next server
> >
> > Is this because it is not authoritive? Is there any way to force pdns to
> > answer?
> > I tried allow-recursion-override=on
>
> I think you're missing the IP or network range you are querying your
> server from in the allow-recursion= statement.


recursion is not restricted (see below)

 In addition to that PowerDNS does not seem to have the zone you set it
> up for (vptt.ch?) available locally or it would have answered anyways.
>
> Are there any loglines that may point to such a problem?
>
> It would be best if you could post your pdns.conf as there is many many
> ways to configure PowerDNS as a slave/secondary nameserver and without
> it all we can do is very wild guessing. ;)


Here you are:

allow-recursion-override=on
config-dir=/etc/powerdns
daemon=yes
default-soa-name=a.misconfigured.powerdns.vptt.ch
disable-axfr=no
disable-tcp=no
guardian=yes
lazy-recursion=yes
local-address=0.0.0.0
local-port=53
log-failed-updates=
module-dir=/usr/lib/powerdns
query-logging=no
recursor=10.1.1.10
setgid=pdns
setuid=pdns
slave=yes
socket-dir=/var/run
wildcards=
version-string=powerdns

Zone transferts are working fine, the DB does contain all entries for the
secondary zones.
The mysql backend contains standard queries.


> One wild guess that might just be it is: Did you set slave=yes in your
> pdns.conf to enable PowerDNS to go fetch to zone via AXFR?
> ( http://doc.powerdns.com/slave.html )


Yes, otherwsie transfers would not work.

Sean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20090210/6509e26c/attachment-0001.html>

More information about the Pdns-users mailing list