[Pdns-users] NOERROR instead of NXDOMAIN. pgsql problem?
Peter van Dijk
peter.van.dijk at netherlabs.nl
Tue Nov 27 19:24:13 UTC 2012
Hello Sebastian,
On Nov 27, 2012, at 19:10 , Sebastian Heil wrote:
> That is how I expect the Query to be. But if I query one of the
> Superslaves in Front of this setup I get the following:
>
> ~$ dig non-existing.workstation.whnetz @dns1.idmz.whnetz
>
> ; <<>> DiG 9.6-ESV-R4 <<>> non-existing.workstation.whnetz @dns1.idmz.whnetz
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57659
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;non-existing.workstation.whnetz. IN A
>
> ;; Query time: 6 msec
> ;; SERVER: 10.99.1.2#53(10.99.1.2)
> ;; WHEN: Tue Nov 27 18:37:02 2012
> ;; MSG SIZE rcvd: 49
>
>
> Here I expect that I also get an NXDOMAIN output.
>
> Can you explain why there is no NXDOMAIN answer and/or no SOA for the zone?
> Or can you help me to debug this case further?
The lack of SOA suggests PowerDNS (on the slave) does not feel authoritative for the zone.
Without authority, it's not allowed to send NXDOMAIN.
So, the question is: does your slave feel any sense of authority? Does it answer positive
questions correctly? Does it still do so when you add +norec to your queries?
Furthermore, any logging appearing on the slave during a request (either for an
existing or a non-existing name) might be interesting. Also, any logging about the
zone transfer failing or succeeding, mostly on the slaves, would be useful to see.
One final note - 2.9.21.2 is pretty old. Newer versions, especially 3.0 and up, contain
hundreds of bug fixes in many areas. Please consider upgrading.
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
More information about the Pdns-users
mailing list