[Pdns-users] Glue-Records in PowerDNS 3.x

Hawara hawara at gmail.com
Thu Dec 20 07:48:13 UTC 2012 

Hi!

It seems we have a similar error after updating to 3.1 from 2.9, but
strangely, it doesn`t happen every time.
Here are some examples:

SELECT * FROM records WHERE name LIKE '%p1.dudu.ru';
     id     | domain_id |      name      | type |    content     | ttl
| prio | change_date
------------+-----------+----------------+------+----------------+-----+------+-------------
 9184813205 |   1263563 | p1.dudu.ru     | NS   | ns0.p1.dudu.ru | 900
|    0 |
 9184813206 |   1263563 | p1.dudu.ru     | NS   | ns1.p1.dudu.ru | 900
|    0 |
 9184813224 |   1263563 | ns0.p1.dudu.ru | A    | 62.213.111.89  | 900
|    0 |
 9184813228 |   1263563 | ns1.p1.dudu.ru | A    | 217.23.137.80  | 900
|    0 |

This set of records works:

$ dig @ns.masterhost.ru A ns0.p1.dudu.ru

; <<>> DiG 9.8.3-P2 <<>> @ns.masterhost.ru A ns0.p1.dudu.ru
; (5 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61799
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ns0.p1.dudu.ru.                        IN      A

;; AUTHORITY SECTION:
p1.dudu.ru.             900     IN      NS      ns0.p1.dudu.ru.
p1.dudu.ru.             900     IN      NS      ns1.p1.dudu.ru.

;; ADDITIONAL SECTION:
ns0.p1.dudu.ru.         900     IN      A       62.213.111.89
ns1.p1.dudu.ru.         900     IN      A       217.23.137.80


But this set of records doesn`t:

# select * from records where name  LIKE '%vh.silverplate.ru';
     id      | domain_id |         name          | type |
content         | ttl | prio | change_date
-------------+-----------+-----------------------+------+------------------------+-----+------+-------------
 11712848524 |    805373 | vh.silverplate.ru     | NS   |
ns1.vh.silverplate.ru. | 900 |    0 |
 11712848978 |    805373 | ns1.vh.silverplate.ru | A    | 5.9.116.116
          | 900 |    0 |
(2 rows)

$ dig @ns.masterhost.ru ns1.vh.silverplate.ru

; <<>> DiG 9.8.3-P2 <<>> @ns.masterhost.ru ns1.vh.silverplate.ru
; (5 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13597
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ns1.vh.silverplate.ru.         IN      A

;; AUTHORITY SECTION:
vh.silverplate.ru.      900     IN      NS      ns1.vh.silverplate.ru.


Those records worked on 2.9. And now it`s not giving an A record for subdomain.

Hope this helps narrow it down.

On Thu, Dec 13, 2012 at 11:53 AM, Peter van Dijk
<peter.van.dijk at netherlabs.nl> wrote:
> Hello Marten,
>
> On Dec 13, 2012, at 1:35 , Marten Lehmann wrote:
>
>> Hello,
>>
>> we recently upgraded from PowerDNS 2.9.21 to 3.1 and noticed a different handling of subdomains within subdomains, that contain NS-records.
>
> There have been changes in that area, indeed - especially when running with -dnssec in pdns.conf.
>
>> Let me show an example for the zone domain.com, which has an entry in the domains table (its a NATIVE zone) and its records in the records table related by the domain_id.
>>
>> domain.com A 1.2.3.4
>> www.domain.com A 2.3.4.5
>> sub.domain.com NS whatever.com
>> www.sub.domain.com A 3.4.5.6
>>
>> domain.com and www.domain.com resolve as expected in both releases. When queried for www.sub.domain.com, in release 2.9.21 PowerDNS responds with 3.4.5.6 . In version 3.1 it doesn't find a A record.
>
> Yes, this is correct. 2.9.21 would return the A, but 3.1 should return the delegation instead (at least, if -dnssec is set).
>
>> Interestingly, in 3.1 it responds with a SOA record for sub.domain.com, meaning that by just having inserted an NS-record for a sub.domain.com, PowerDNS creates a virtual SOA record (there is no SOA-record in the records table for sub.domain.com) and doesn't look for www.sub.domain.com in the same zone any longer. It probably fails because it tries to lookup sub.domain.com again in the domains table but doesn't find a record (we didn't create a separate zone for it) so it doesn't resolve at all instead of using the record within the domain.com zone.
>
> 3.1 should not synthesize SOA records. Can you show actual output? We prefer it if you use real domain names, by the way. Feel free to insert domain.com into your database/backend if you must - just don't edit the output.
>
> Actual backend data would also be useful to see.
>
> Kind regards,
> --
> Peter van Dijk
> Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list