[Pdns-users] Issue with recursive lookups in pdns 3
Grant Keller
gkeller at corp.sonic.net
Mon Oct 17 20:54:23 UTC 2011
On 10/09/2011 09:25 AM, Christian Affolter wrote:
> Hi
>
>> The problem, and I realise that I did not mention this before, is that
>> these servers are mixed auth and recursive. What I am seeing with these
>> queries is that pdns 3.0 is only returning the authoritative answer,
>> while pdns 2.9 returns the recursive information.
>
> I've encountered the same behavioural change while updating form 2.9.22
> to 3.0 with enabled recursion support.
>
> For testing purpose I've added the test.com records as described in [1],
> without the www.test.com record:
>
> SELECT name,type,content FROM records;
> +--------------------+------+-------------------------+
> | name | type | content |
> +--------------------+------+-------------------------+
> | test.com | NS | dns-us1.powerdns.net |
> | test.com | NS | dns-eu1.powerdns.net |
> | mail.test.com | A | 195.194.193.192 |
> | localhost.test.com | A | 127.0.0.1 |
> | test.com | MX | mail.test.com |
> | test.com | SOA | localhost ahu at ds9a.nl 1 |
> +--------------------+------+-------------------------+
>
>
> Querying a 2.9.22 authoritative server with enabled recursion support
> for www.test.com, returns the 'official' content (50.23.225.49) via
> recursion.
>
> On the other hand a 3.0 auth server with the same configuration and
> data, returns NXDOMAIN.
>
> According to the documentation [2], local overriding should be supported:
> [...] To make sure that the local authoritative database overrides
> recursive information, PowerDNS first tries to answer a question from
> its own database. If that succeeds, the answer packet is sent back
> immediately without involving the recursor in any way. This means that
> for questions for which there is no answer, PowerDNS will consult the
> recursor for an recursive query, even if PowerDNS is authoritative for a
> domain [...]
>
> Relevant configuration options:
> allow-recursion-override=no
> recursor=127.0.0.1:5300
>
>
> Did I miss some new configuration options which should be enabled to get
> the old behaviour back?
I have the same options set. To provide more info, the domain I have
been having problems with have the following records set in the database:
| domain_id | name | type | content
|
+-----------+---------------------------+-------+-----------------------------------------------------------------------------------+
| 17524 | cleartunnel.net | SOA | a.auth-ns.sonic.net.
hostmaster.cleartunnel.net. 2007092101 3600 900 1209600 3600 |
| 17524 | cleartunnel.net | NS | a.auth-ns.sonic.net
|
| 17524 | cleartunnel.net | A | 69.12.220.27
|
| 17524 | cleartunnel.net | MX | mail.cleartunnel.net
|
| 17524 | cleartunnel.net | MX | custmx.sonic.net
|
| 17524 | grippe.cleartunnel.net | A | 69.12.220.31
|
| 17524 | voip.cleartunnel.net | A | 69.12.220.23
|
| 17524 | asterisk.cleartunnel.net | CNAME | voip.cleartunnel.net
|
| 17524 | nms.dc.sr.cleartunnel.net | A | 69.12.220.27
|
| 17524 | console1.cleartunnel.net | CNAME |
e0.console1.dc.sr.cleartunnel.net |
| 17524 | fw.cleartunnel.net | A | 69.12.220.2
|
| 17524 | backup.cleartunnel.net | A | 69.12.220.30
|
| 17524 | mail.cleartunnel.net | A | 69.12.220.25
|
| 17524 | www.cleartunnel.net | CNAME | cleartunnel.net
|
| 17524 | nms.cleartunnel.net | A | 69.12.220.27
|
| 17524 | vpn.cleartunnel.net | NS |
ns1.vpn.cleartunnel.net |
| 17524 | ns1.vpn.cleartunnel.net | A | 69.12.220.27
|
| 17524 | cleartunnel.net | NS | b.auth-ns.sonic.net
|
| 17524 | cleartunnel.net | NS | c.auth-ns.sonic.net
Thank you for all your help so far.
>
> Thanks and regards
> Christian
>
>
>
> [1] http://doc.powerdns.com/configuring-db-connection.html#configuring-mysql
> [2] http://doc.powerdns.com/recursion.html#recursion-details
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
--
Grant Keller
More information about the Pdns-users
mailing list