[Pdns-users] CNAME lookup failure PDNS 2.9.22/PDNS Recursor 3.3.1
Peter van Dijk
peter.van.dijk at netherlabs.nl
Wed Mar 21 10:22:17 UTC 2012
Hello Ken,
On Mar 20, 2012, at 19:10 , ktm at rice.edu wrote:
> I am investigating a CNAME resolution problem using
> PDNS Recursor 3.3.1. Here is the lookup that fails:
>
>> nslookup blog.mythandsymbol.com
> Server: 127.0.0.1
> Address: 127.0.0.1#53
>
> ** server can't find blog.mythandsymbol.com: NXDOMAIN
Recursor is returning NXDOMAIN because that's what ns1-3.dreamhost.com, the auths for mythandsymbol.com, are returning:
$ dig +norec a blog.mythandsymbol.com @ns1.dreamhost.com
; <<>> DiG 9.7.0-P1 <<>> +norec a blog.mythandsymbol.com @ns1.dreamhost.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40440
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;blog.mythandsymbol.com. IN A
;; ANSWER SECTION:
blog.mythandsymbol.com. 14400 IN CNAME domains.tumblr.com.
;; AUTHORITY SECTION:
tumblr.com. 14400 IN SOA ns1.dreamhost.com. hostmaster.dreamhost.com. 2011092301 21293 1800 1814400 14400
;; Query time: 168 msec
;; SERVER: 66.33.206.206#53(66.33.206.206)
;; WHEN: Wed Mar 21 11:20:51 2012
;; MSG SIZE rcvd: 130
They are returning NXDOMAIN because somebody configured tumblr.com as a zone in their name server, without adding a 'domains' name in it. Recursor 3.4-pre and newer (and perhaps 3.3) compensate for this misconfiguration, older versions do not.
I suggest contacting dream host to have them get rid of tumblr.com; I also suggest upgrading your recursor because there are many more misconfigured domains like this one out there.
Kind regards,
Peter van Dijk
More information about the Pdns-users
mailing list