[Pdns-users] Behavior when asking for out-of-zone queries

Marc Haber mh+pdns-users at zugschlus.de
Mon Nov 14 12:42:59 UTC 2011 

Hi,

for demonstration purposes, I have created outsidecname.zugschlus.de
which points out-of-zone. The Name Servers that zugschlus.de is
delegated to are bind9, test1.zugschlus.de is a PowerDNS nameserver
running as slave for zugschlus.de with a bind backend. Sorry,
test1.zugschlus.de only has IPv6 connectivity.

Currently, test1.zugschlus.de is running powerdns static 2.9.22.x.3,
locally built.

When I query test1.zugschlus.de recursively for
outsidecname.zugschlus.de, it returns a non-authoritative SERVFAIL
with the correct CNAME in the answer section and says that recursion
was requested but not available:

$ dig @test1.zugschlus.de outsidecname.zugschlus.de

; <<>> DiG 9.7.3 <<>> @test1.zugschlus.de outsidecname.zugschlus.de
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13247
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;outsidecname.zugschlus.de.     IN      A

;; ANSWER SECTION:
outsidecname.zugschlus.de. 86400 IN     CNAME   wiki.scy.syscovery.com.

;; Query time: 157 msec
;; SERVER: 2001:8d8:81:20c0:5054:ff:fe2b:ed7f#53(2001:8d8:81:20c0:5054:ff:fe2b:ed7f)
;; WHEN: Mon Nov 14 11:40:48 2011
;; MSG SIZE  rcvd: 79

When I send the same query to dns2.notwork.de (a bind9 installation),
I get an authoritative NOERROR answer with the correct CNAME in the
answer section and the same warning.

When I add +norecurse to the query, the PowerDNS 2.9 server returns an
authoritative NOERROR as well.

When I replace the authoritative PowerDNS 2.9.22.x.3 with a 3.1 pre,
pulled from svn this morning, I get an authoritative NOERROR even for
a recursive query.

Is this an intended change between 2.9.22.x.3 and current svn? If so,
is there a patch for 2.9.22.x.3 which will backport the new behavior
to the 2.9 series, or has the code diverged so wide that we'd better
rush an update to 3.x?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

More information about the Pdns-users mailing list