[Pdns-users] Issue with recursive lookups in pdns 3
Stefan Schmidt
zaphodb at zaphods.net
Tue Oct 4 11:53:59 UTC 2011
Ah sorry, i didn't hit reply-all there.
Stefan
---------- Forwarded message ----------
From: Stefan Schmidt <zaphodb at zaphods.net>
Date: Tue, Oct 4, 2011 at 1:51 PM
Subject: Re: [Pdns-users] Issue with recursive lookups in pdns 3
To: Grant Keller <gkeller at corp.sonic.net>
On Tue, Oct 4, 2011 at 2:33 AM, Grant Keller <gkeller at corp.sonic.net> wrote:
> Hello all,
>
> We just started upgrading our nameservers to pdns 3.0, and we have noticed a
> problem with the new version not following delegation properly. One instance
> we have seen:
> Is this a bug?
I would say it is highly unlikely that this is a bug.
It seems that one of your servers knows about vpn.cleartunnel.net
while the other doesn't.
For me they now both answer the same for IN A
office1.ct.vpn.cleartunnel.net which is
;; AUTHORITY SECTION:
vpn.cleartunnel.net. 3600 IN NS ns1.vpn.cleartunnel.net.
;; ADDITIONAL SECTION:
ns1.vpn.cleartunnel.net. 3600 IN A 69.12.220.27
When querying/testing your authoritative name servers make sure you
use the +norec flag as otherwise answers from the recursive lookups
might mislead you.
Or is it actually recursive DNS through PowerDNS server that you are debugging?
On the importance of separating those two functions please see
http://cr.yp.to/djbdns/separation.html .
zaphodb at mandelbrot:~$ dig @69.12.221.213 soa vpn.cleartunnel.net +norec
; <<>> DiG 9.7.3 <<>> @69.12.221.213 soa vpn.cleartunnel.net +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34057
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;vpn.cleartunnel.net. IN SOA
;; AUTHORITY SECTION:
cleartunnel.net. 3600 IN SOA a.auth-ns.sonic.net.
hostmaster.cleartunnel.net. 2007092101 3600 900 1209600 3600
;; Query time: 165 msec
;; SERVER: 69.12.221.213#53(69.12.221.213)
;; WHEN: Tue Oct 4 13:39:22 2011
;; MSG SIZE rcvd: 115
zaphodb at mandelbrot:~$ dig @64.142.56.28 soa vpn.cleartunnel.net +norec
; <<>> DiG 9.7.3 <<>> @64.142.56.28 soa vpn.cleartunnel.net +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17676
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;vpn.cleartunnel.net. IN SOA
;; AUTHORITY SECTION:
vpn.cleartunnel.net. 3600 IN NS ns1.vpn.cleartunnel.net.
;; ADDITIONAL SECTION:
ns1.vpn.cleartunnel.net. 3600 IN A 69.12.220.27
;; Query time: 165 msec
;; SERVER: 64.142.56.28#53(64.142.56.28)
;; WHEN: Tue Oct 4 13:39:29 2011
;; MSG SIZE rcvd: 71
More information about the Pdns-users
mailing list