[Pdns-users] Issue with recursive lookups in pdns 3

Grant Keller gkeller at corp.sonic.net
Sat Oct 8 00:21:03 UTC 2011 

On 10/04/2011 04:56 PM, Grant Keller wrote:
> The problem, and I realise that I did not mention this before, is that
> these servers are mixed auth and recursive. What I am seeing with these
> queries is that pdns 3.0 is only returning the authoritative answer,
> while pdns 2.9 returns the recursive information.
>

After doing a bit more digging, It appears that  the query:

dig A office1.ct.vpn.cleartunnel.net @granttest.noc.sonic.net

only produces the Authoritative result and does not bother trying to ask 
the recursive server. I turned off the quiet option in the 
recurser.conf, and the log does not show anything, though it works as 
expected for other domains. Again, after that query, I get:

; <<>> DiG 9.7.3 <<>> A office1.ct.vpn.cleartunnel.net @granttest
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10494
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;office1.ct.vpn.cleartunnel.net.	IN	A

;; AUTHORITY SECTION:
vpn.cleartunnel.net.	3600	IN	NS	ns1.vpn.cleartunnel.net.

;; ADDITIONAL SECTION:
ns1.vpn.cleartunnel.net. 3600	IN	A	69.12.220.27

;; Query time: 4 msec
;; SERVER: 76.191.254.131#53(76.191.254.131)
;; WHEN: Fri Oct  7 13:07:47 2011
;; MSG SIZE  rcvd: 82


The expected Behaviour in my mind would be to then pass it off to the 
recurser to return information like this:

  dig A office1.ct.vpn.cleartunnel.net @ns1.vpn.cleartunnel.net

; <<>> DiG 9.7.3 <<>> A office1.ct.vpn.cleartunnel.net 
@ns1.vpn.cleartunnel.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25752
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;office1.ct.vpn.cleartunnel.net.	IN	A

;; ANSWER SECTION:
office1.ct.vpn.cleartunnel.net.	3600 IN	A	69.12.220.2

;; AUTHORITY SECTION:
vpn.cleartunnel.net.	3600	IN	NS	ns1.vpn.cleartunnel.net.

;; ADDITIONAL SECTION:
ns1.vpn.cleartunnel.net. 3600	IN	A	69.12.220.27

;; Query time: 2 msec
;; SERVER: 69.12.220.27#53(69.12.220.27)
;; WHEN: Fri Oct  7 17:17:59 2011
;; MSG SIZE  rcvd: 98


Which is exactly what happens when I do the same query to a mixed auth 
recursive server running pnds 2.9 rather then pdns 3:


dig A office1.ct.vpn.cleartunnel.net @c.ns.sr.sonic.net

; <<>> DiG 9.7.3 <<>> A office1.ct.vpn.cleartunnel.net @c.ns.sr.sonic.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9672
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;office1.ct.vpn.cleartunnel.net.	IN	A

;; ANSWER SECTION:
office1.ct.vpn.cleartunnel.net.	3600 IN	A	69.12.220.2

;; Query time: 34 msec
;; SERVER: 64.142.56.28#53(64.142.56.28)
;; WHEN: Fri Oct  7 17:20:20 2011
;; MSG SIZE  rcvd: 64

-- 
Grant Keller

More information about the Pdns-users mailing list