[Pdns-users] Issue with recursive lookups in pdns 3

Grant Keller gkeller at corp.sonic.net
Fri Oct 28 01:02:05 UTC 2011 

On 10/09/2011 09:25 AM, Christian Affolter wrote:
> Hi
>
>> The problem, and I realise that I did not mention this before, is that
>> these servers are mixed auth and recursive. What I am seeing with these
>> queries is that pdns 3.0 is only returning the authoritative answer,
>> while pdns 2.9 returns the recursive information.

So I have been playing with this a lot lately, and I have narrowed the 
problem down to domains that are delegated to other name servers. If I 
ask for a record that does not exist in the database, the authoritative 
name server returns the information it has a record in the database on, 
but does not pass the query on to the recurser.

pdns 3.0:

dig A gimpelevich.san-francisco.ca.us @granttest.noc.sonic.net

; <<>> DiG 9.7.3 <<>> A gimpelevich.san-francisco.ca.us @granttest
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49527
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 0

;; QUESTION SECTION:
;gimpelevich.san-francisco.ca.us. IN	A

;; AUTHORITY SECTION:
gimpelevich.san-francisco.ca.us. 259200	IN NS	ns1.he.net.
gimpelevich.san-francisco.ca.us. 259200	IN NS	ns2.he.net.
gimpelevich.san-francisco.ca.us. 259200	IN NS	ns3.he.net.
gimpelevich.san-francisco.ca.us. 259200	IN NS	ns4.he.net.
gimpelevich.san-francisco.ca.us. 259200	IN NS	ns5.he.net.

;; Query time: 1 msec
;; SERVER: 76.191.254.131#53(76.191.254.131)
;; WHEN: Thu Oct 27 17:44:03 2011
;; MSG SIZE  rcvd: 145

while on pdns 2.99:

dig A gimpelevich.san-francisco.ca.us @c.ns.sr.sonic.net

; <<>> DiG 9.7.3 <<>> A gimpelevich.san-francisco.ca.us @c.ns.sr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4546
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;gimpelevich.san-francisco.ca.us. IN	A

;; ANSWER SECTION:
gimpelevich.san-francisco.ca.us. 84252 IN A	66.218.55.33

;; Query time: 1 msec
;; SERVER: 64.142.56.28#53(64.142.56.28)
;; WHEN: Thu Oct 27 17:59:07 2011
;; MSG SIZE  rcvd: 65


I have identical configs on both servers. They are both auth+recursive 
servers. Does anybody know why this is? I am looking forward to using 
DNSSEC in pdns 3.0, but we have a lot of delegated domains and this 
behaviour breaks these domains in our name server.


-- 
Grant Keller

More information about the Pdns-users mailing list