[Pdns-users] PowerDNS Authoritative NXDOMAIN Handling

Klaus Darilion klaus.mailinglists at pernau.at
Mon Sep 26 14:01:52 UTC 2011



Am 22.09.2011 12:14, schrieb BH:
> Hi all,
> 
> On my PowerDNS installation, I have noticed that queries for domains
> that it is not authoritative for result in the following response
> (depending on the root referral option):
> 
> ; <<>> DiG 9.7.3 <<>> @10.1.1.1 ANY sfdsdsg.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9197
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
> ;; WARNING: recursion requested but not available
> 
> The main part I am interested in is the "status" that shows NOERROR.

Because there is no error ;-)

> 
> If a domain is valid, the same status (NOERROR) is returned. If I

But different flags. In first case, the authoritative answer (AA) flag
is missing.

> compare that to mind bind installation, I get different results, a
> REFUSED status:
> 
> ; <<>> DiG 9.7.3 <<>> @192.168.1.207 ANY sfdsdsg.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 48767
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available

Yes, bind behaves different.


Maybe "send-root-referral" may help in your case.

regards
klaus

> I am wondering if there is any way to change the behaviour for domains
> that the server does not host? The reason behind this is I am seeing a
> large amount of DNS queries for the same domains that do not exist on
> the servers with the same queries happening over and over again. As far
> as I can tell, this is happening due to the response not being cached on
> the caching name servers (there are only a couple that are causing the
> issue) because of NOERROR. In this case the offender is a couple of
> OpenDNS resolvers.
> 
> Does anyone have any other suggestions to what could be done to stop
> this happening?
> 
> Thanks
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



More information about the Pdns-users mailing list