[Pdns-users] Odd Recursor/Authoritative problem with a private domain

Jeremy Utley pdns at gammanetworking.com
Thu Jul 21 18:00:12 UTC 2011

Hello to all on the list!

I'm seeing something kind of weird in our DNS setup, and was hoping I 
could bounce it off all of you to see if I could get some input.  First 
off, structure of our system:

6 Recursor servers, sitting behind a Foundry Load balancer, running 
pdns-recursor version 3.3-1 from the RPMs provided by PowerDNS
6 Authoritative servers, also sitting behind a Foundry Load balancer, 
running pdns-static-2.9.22-1 from the RPMs provided by PowerDNS

Other than the below problem, the setup works wonderfully.  On to the 

We set up a "private" zone named gnint.prv within our authoritative DNS 
servers to provide for private hostnames on our backend network (using  Within our recursors, we put the following 
into our config:


and within the stub-zone.conf file, we have the following:


The IP's referenced in the stub-zone.conf file are our load balancer 
IP's that split across all 6 authoritative servers.

When I try to do a lookup of an address I have defined within the 
gnint.prv domain using the linux "host" command, I get the following:

$ host gn-ldap01.gnint.prv
gn-ldap01.gnint.prv has address
Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN)
Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN)

Notice that I get 2 NXDOMAIN responses along with the valid response.  
This is what bugs me, because I think this causes *some* machines to 
fail to resolve the hostname.  If I try some other domain against the 
recursors, I only see one answer:

$ host www.gammanetworking.com
www.gammanetworking.com has address

Of course, this would not be working thru the stub-zone.conf facility, 
but instead looking up via whois record.

Also, interesting to note that reverse DNS lookups do not show a similar 

$ host domain name pointer gn-ldap01.gnint.prv.

Does anyone have any ideas on what I'm missing?


More information about the Pdns-users mailing list