[Pdns-users] NOERROR instead of NXDOMAIN. pgsql problem?

Sebastian Heil sebi+pdns at wh-netz.de
Tue Nov 27 18:10:26 UTC 2012 

Dear Mailinglist,

my problem is that if I query a non-existing DNS-record I get an empty
NOERROR answer instead of a NXDOMAIN.

My Setup is a hidden Supermaster with powerdns 2.9.21.2 and the BIND
Backend.
And I have two superslaves which each are using an own pgsql database
and are configured to be the only visible DNS servers.
All of them are running on a Debian System and the default config files
are merely changed but I appended them on the end. [1]

If I query the hidden Supermaster everythings works as expected:

~$ dig non-existing.workstation.whnetz @dns-hidden

; <<>> DiG 9.6-ESV-R4 <<>> non-existing.workstation.whnetz @dns-hidden
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59826
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;non-existing.workstation.whnetz. IN    A

;; AUTHORITY SECTION:
workstation.whnetz.     3600    IN      SOA     dns1.idmz.whnetz.
hostmaster.wh-netz.de. 2012100220 3600 900 604800 28800

;; Query time: 2428 msec
;; SERVER: 10.99.1.3#53(10.99.1.3)
;; WHEN: Tue Nov 27 18:37:01 2012
;; MSG SIZE  rcvd: 123


That is how I expect the Query to be. But if I query one of the
Superslaves in Front of this setup I get the following:

~$ dig non-existing.workstation.whnetz @dns1.idmz.whnetz

; <<>> DiG 9.6-ESV-R4 <<>> non-existing.workstation.whnetz @dns1.idmz.whnetz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57659
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;non-existing.workstation.whnetz. IN    A

;; Query time: 6 msec
;; SERVER: 10.99.1.2#53(10.99.1.2)
;; WHEN: Tue Nov 27 18:37:02 2012
;; MSG SIZE  rcvd: 49


Here I expect that I also get an NXDOMAIN output.


They are both in sync. I.e. the AXFR for the domain looks the same on
every server.


Can you explain why there is no NXDOMAIN answer and/or no SOA for the zone?
Or can you help me to debug this case further?


Best Regars,
Sebastian Heil


[1]
* Hidden Master:
launch=bind
bind-config=/etc/powerdns/bind-config/named.conf
bind-check-interval=300
local-address=10.99.1.3
query-local-address=10.99.1.3
master=yes
allow-axfr-ips=127.0.0.1 10.99.1.2 10.99.1.3 10.99.1.6 10.99.1.5 10.99.1.6
disable-axfr=no


* Slave:
launch=gpgsql
gpgsql-dbname=dns
gpgsql-host=127.0.0.1
gpgsql-port=5432
gpgsql-password=[...]
gpgsql-user=powerdns
local-address=10.99.1.2
query-local-address=10.99.1.2
slave=yes
allow-axfr-ips=127.0.0.1 10.99.1.2 10.99.1.3 10.99.1.6 10.99.1.5 10.99.1.6
disable-axfr=no

More information about the Pdns-users mailing list