[Pdns-users] Pipe-backend: ABI-v3, TXT, and DNSSEC
leen at consolejunkie.net
Mon Aug 8 21:34:19 UTC 2011
On 08/08/2011 06:57 PM, Jan-Piet Mens wrote:
> I was curious as to wether PowerDNS would sign records produced by the
> PIPE back-end, particularly since the release notes indicate it may be
> possible ( also says "partial support").
> I set up a small test with PowerDNS 3.0.1  and the example
> backend-v3.pl . I encountered the following issues:
I tried that too. I did rename mine test.net and used gpsqlite3 because
I already had that setup.
> 0. Configuration `powerdns.conf` contains only:
> 1. A query of type ANY produces a SERVFAIL with the sample back-end. The
> console logs:
> Exception building answer packet (Parsing record content: Data field
> in DNS should start with quote (") at position 3 of '" "hallo
> allemaal!""') sending out servfail
> Changing quotes to single quotes, or removing them altogether doesn't
> improve: I can't get PowerDNS to reply with a TXT RR.
Seems that part works for me if I remove all quotes:
print "DATA $bits $auth $qname $qclass TXT 3600 -1 hallo allemaal!\n";
Although it does add a space at the start:
$ dig +short +norec +dnssec @127.0.0.1 test.net txt
TXT 8 2 3600 20110818000000 20110804000000 63826 test.net.
" hallo allemaal!"
> 2. I created a zone in gmysql called example.com, type=NATIVE and
> signed it with `pdnssec secure-zone example.com`. (Records table for
> the zone is empty)
Yes, it won't work without a records-table.
> 3. I query the PIPE backend `dig @127.0.0.1 example.com any' and get
> expected results including 3 DNSKEY RR
> 4. I query the PIPE backend `dig @127.0.0.1 +dnssec example.com any' and
> powerdns aborts with the following message on the console:
> Default beforeAndAfterAbsolute called!
> Got a signal 6, attempting to print trace
> A bug or two, surely? :-)
It does work for +dnssec for webserver.$domain A or $domain SOA
Which is really encouraging.
But it crashes as stated above if it just doesn't find things and needs
to do DNSSEC.
I was using NSEC and asking for AAAA also crashes the whole thing.
A normal request to the pipe-backend looks like:
24718 Received: Q test.net IN SOA -1 127.0.0.1 127.0.0.1 127.0.0.1/32
24718 Sent SOA records
24718 End of data
But a request just before a crash says:
Ã¯Â¿Å/32 Received: Q test.net IN SOA -1 0.0.0.0 0.0.0.0 8
24724 Sent SOA records
24724 End of data
Which suggests to me something in the PowerDNS-code isn't able to handle
there is no result from any backend in combination with DNSSEC.
> Additionally, I note that the documentation for the PIPE backend 
> has no mention of ABI version 3, nor does it describe the bits and auth
> returned by the example pipe backend. Could somebody explain what the
> `bits' are?
> Thanks & regards,
> : http://downloads.powerdns.com/releases/rpm/pdns-static-3.0-1.i386.rpm
> : http://wiki.powerdns.com/trac/browser/trunk/pdns/modules/pipebackend/backend-v3.pl?rev=2239
> : http://doc.powerdns.com/backends-detail.html#pipebackend
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
More information about the Pdns-users