[Pdns-users] Issue with recursive lookups in pdns 3

Grant Keller gkeller at corp.sonic.net
Mon Oct 17 20:54:23 UTC 2011


On 10/09/2011 09:25 AM, Christian Affolter wrote:
> Hi
>
>> The problem, and I realise that I did not mention this before, is that
>> these servers are mixed auth and recursive. What I am seeing with these
>> queries is that pdns 3.0 is only returning the authoritative answer,
>> while pdns 2.9 returns the recursive information.
>
> I've encountered the same behavioural change while updating form 2.9.22
> to 3.0 with enabled recursion support.
>
> For testing purpose I've added the test.com records as described in [1],
> without the www.test.com record:
>
> SELECT name,type,content FROM records;
> +--------------------+------+-------------------------+
> | name               | type | content                 |
> +--------------------+------+-------------------------+
> | test.com           | NS   | dns-us1.powerdns.net    |
> | test.com           | NS   | dns-eu1.powerdns.net    |
> | mail.test.com      | A    | 195.194.193.192         |
> | localhost.test.com | A    | 127.0.0.1               |
> | test.com           | MX   | mail.test.com           |
> | test.com           | SOA  | localhost ahu at ds9a.nl 1 |
> +--------------------+------+-------------------------+
>
>
> Querying a 2.9.22 authoritative server with enabled recursion support
> for www.test.com, returns the 'official' content (50.23.225.49) via
> recursion.
>
> On the other hand a 3.0 auth server with the same configuration and
> data, returns NXDOMAIN.
>
> According to the documentation [2], local overriding should be supported:
> [...] To make sure that the local authoritative database overrides
> recursive information, PowerDNS first tries to answer a question from
> its own database. If that succeeds, the answer packet is sent back
> immediately without involving the recursor in any way. This means that
> for questions for which there is no answer, PowerDNS will consult the
> recursor for an recursive query, even if PowerDNS is authoritative for a
> domain [...]
>
> Relevant configuration options:
> allow-recursion-override=no
> recursor=127.0.0.1:5300
>
>
> Did I miss some new configuration options which should be enabled to get
> the old behaviour back?

I have the same options set. To provide more info, the domain I have 
been having problems with have the following records set in the database:


  | domain_id | name                      | type  | content 
                                                   |
+-----------+---------------------------+-------+-----------------------------------------------------------------------------------+
|     17524 | cleartunnel.net           | SOA   | a.auth-ns.sonic.net. 
hostmaster.cleartunnel.net. 2007092101 3600 900 1209600 3600 |
|     17524 | cleartunnel.net           | NS    | a.auth-ns.sonic.net 
                                                           |
|     17524 | cleartunnel.net           | A     | 69.12.220.27 
                                                    |
|     17524 | cleartunnel.net           | MX    | mail.cleartunnel.net 
                                                            |
|     17524 | cleartunnel.net           | MX    | custmx.sonic.net 
                                                        |
|     17524 | grippe.cleartunnel.net    | A     | 69.12.220.31 
                                                    |
|     17524 | voip.cleartunnel.net      | A     | 69.12.220.23 
                                                    |
|     17524 | asterisk.cleartunnel.net  | CNAME | voip.cleartunnel.net 
                                                            |
|     17524 | nms.dc.sr.cleartunnel.net | A     | 69.12.220.27 
                                                    |
|     17524 | console1.cleartunnel.net  | CNAME | 
e0.console1.dc.sr.cleartunnel.net           |
|     17524 | fw.cleartunnel.net        | A     | 69.12.220.2 
                                                   |
|     17524 | backup.cleartunnel.net    | A     | 69.12.220.30 
                                                    |
|     17524 | mail.cleartunnel.net      | A     | 69.12.220.25 
                                                    |
|     17524 | www.cleartunnel.net       | CNAME | cleartunnel.net 
                                                       |
|     17524 | nms.cleartunnel.net       | A     | 69.12.220.27 
                                                    |
|     17524 | vpn.cleartunnel.net       | NS    | 
ns1.vpn.cleartunnel.net           |
|     17524 | ns1.vpn.cleartunnel.net   | A     | 69.12.220.27 
                                                    |
|     17524 | cleartunnel.net           | NS    | b.auth-ns.sonic.net 
                                                           |
|     17524 | cleartunnel.net           | NS    | c.auth-ns.sonic.net


Thank you for all your help so far.


>
> Thanks and regards
> Christian
>
>
>
> [1] http://doc.powerdns.com/configuring-db-connection.html#configuring-mysql
> [2] http://doc.powerdns.com/recursion.html#recursion-details
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>


-- 
Grant Keller



More information about the Pdns-users mailing list