[Pdns-users] Trying to understand SERVFAIL for CNAME and truncated responses
Anthony Eden
anthonyeden at gmail.com
Thu Jan 27 17:12:45 UTC 2011
Hello all,
We're using PowerDNS to serve authoritative records for our clients
at DNSimple.com. We've noticed some behavior which I'm hoping someone can
shed some light on.
In the default configuration when someone would query our server for a
CNAME record the server would return SERVFAIL + the CNAME record. In the
logs we would see:
Not authoritative for 'some.other.name.com', sending servfail
Where some.other.name.com is the content of the CNAME record. What's
bizarre is that in many cases the UDP packet appears to be truncated [1]. In
order
to stop this behavior we set --send-root-referral=lean in pdns.conf and
now we receive a NOERROR response [2]. It seems like we may still have
something
misconfigured as what I think we really want is [3], a NOERROR without
the root referral records. Can someone help us figure out if we've done the
best
we can or if we should be doing something else to ensure that basic
CNAME responses return NOERROR responses that fit in a UDP packet? Is there
Thanks in advance for any assistance.
Sincerely,
Anthony Eden
[1] Example of truncated response and TCP mode retry
$ dig @ns3.dnsimple.com production.s3.rubygems.org
;; Warning: Message parser reports malformed message packet.
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.6.0-APPLE-P2 <<>> @ns3.dnsimple.com production.s3.rubygems.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22307
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;production.s3.rubygems.org. IN A
;; ANSWER SECTION:
production.s3.rubygems.org. 3600 IN CNAME
production.s3.rubygems.org.s3.amazonaws.com.
;; Query time: 416 msec
;; SERVER: 66.220.0.169#53(66.220.0.169)
;; WHEN: Thu Jan 27 17:21:49 2011
;; MSG SIZE rcvd: 101
[2] Current response
$ dig @ns3.dnsimple.com production.s3.rubygems.org
; <<>> DiG 9.6.0-APPLE-P2 <<>> @ns3.dnsimple.com production.s3.rubygems.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38917
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;production.s3.rubygems.org. IN A
;; ANSWER SECTION:
production.s3.rubygems.org. 3600 IN CNAME
production.s3.rubygems.org.s3.amazonaws.com.
;; AUTHORITY SECTION:
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
;; Query time: 203 msec
;; SERVER: 66.220.0.169#53(66.220.0.169)
;; WHEN: Thu Jan 27 17:39:21 2011
;; MSG SIZE rcvd: 312
[3]
; <<>> DiG 9.6.0-APPLE-P2 <<>> @ns3.dnsimple.com production.s3.rubygems.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38917
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;production.s3.rubygems.org. IN A
;; ANSWER SECTION:
production.s3.rubygems.org. 3600 IN CNAME
production.s3.rubygems.org.s3.amazonaws.com.
;; Query time: 203 msec
;; SERVER: 66.220.0.169#53(66.220.0.169)
;; WHEN: Thu Jan 27 17:39:21 2011
;; MSG SIZE rcvd: 312
--
http://anthonyeden.com | twitter: @aeden | skype: anthonyeden
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20110127/70a55d3a/attachment.html>
More information about the Pdns-users
mailing list