[Pdns-users] Odd Recursor/Authoritative problem with a private domain
Jeremy Utley
pdns at gammanetworking.com
Thu Jul 21 18:00:12 UTC 2011
Hello to all on the list!
I'm seeing something kind of weird in our DNS setup, and was hoping I
could bounce it off all of you to see if I could get some input. First
off, structure of our system:
6 Recursor servers, sitting behind a Foundry Load balancer, running
pdns-recursor version 3.3-1 from the RPMs provided by PowerDNS
6 Authoritative servers, also sitting behind a Foundry Load balancer,
running pdns-static-2.9.22-1 from the RPMs provided by PowerDNS
Other than the below problem, the setup works wonderfully. On to the
problem.
We set up a "private" zone named gnint.prv within our authoritative DNS
servers to provide for private hostnames on our backend network (using
10.1.20.0/255.255.252.0). Within our recursors, we put the following
into our config:
forward-zones-file=/etc/powerdns/stub-zone.conf
and within the stub-zone.conf file, we have the following:
gnint.prv=66.152.94.11, 66.152.94.12, 66.152.94.13
10.in-addr.arpa=66.152.94.11, 66.152.94.12, 66.152.94.13
The IP's referenced in the stub-zone.conf file are our load balancer
IP's that split across all 6 authoritative servers.
When I try to do a lookup of an address I have defined within the
gnint.prv domain using the linux "host" command, I get the following:
$ host gn-ldap01.gnint.prv
gn-ldap01.gnint.prv has address 10.1.20.1
Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN)
Host gn-ldap01.gnint.prv not found: 3(NXDOMAIN)
Notice that I get 2 NXDOMAIN responses along with the valid response.
This is what bugs me, because I think this causes *some* machines to
fail to resolve the hostname. If I try some other domain against the
recursors, I only see one answer:
$ host www.gammanetworking.com
www.gammanetworking.com has address 66.152.94.25
Of course, this would not be working thru the stub-zone.conf facility,
but instead looking up via whois record.
Also, interesting to note that reverse DNS lookups do not show a similar
problem:
$ host 10.1.20.1
1.20.1.10.in-addr.arpa domain name pointer gn-ldap01.gnint.prv.
Does anyone have any ideas on what I'm missing?
Jeremy
More information about the Pdns-users
mailing list