[Pdns-users] Problem with recursor behind PDNS 3.3

ktm at rice.edu ktm at rice.edu
Mon Aug 12 19:43:54 UTC 2013 

Dear PDNS community,

I am looking into a problem with recursion with pdns-3.3 and
pdns-recursor-3.5.2. Our current system is pdns-2.9.22 and
pdns-recursor-3.3.1. The problem is looking up the IP address
based on a CNAME. Here are the dig results for the old and
new systems:

$ dig imap.mail.rice.edu @ns2.rice.edu

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 <<>> imap.mail.rice.edu @ns2.rice.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 517
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;imap.mail.rice.edu.		IN	A

;; ANSWER SECTION:
imap.mail.rice.edu.	1592	IN	CNAME	imap.netfu.rice.edu.
imap.netfu.rice.edu.	10	IN	A	128.42.204.112

;; Query time: 3 msec
;; SERVER: 128.42.178.32#53(128.42.178.32)
;; WHEN: Mon Aug 12 14:31:41 2013
;; MSG SIZE  rcvd: 77

$ dig imap.mail.rice.edu @newns2.rice.edu

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 <<>> imap.mail.rice.edu @newns2.rice.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18799
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;imap.mail.rice.edu.		IN	A

;; ANSWER SECTION:
imap.mail.rice.edu.	3600	IN	CNAME	imap.netfu.rice.edu.

;; AUTHORITY SECTION:
netfu.rice.edu.		3600	IN	NS	netscaler2.rice.edu.
netfu.rice.edu.		3600	IN	NS	netscaler3.rice.edu.

;; ADDITIONAL SECTION:
netscaler2.rice.edu.	3600	IN	A	128.42.206.5
netscaler3.rice.edu.	3600	IN	A	128.42.204.5

;; Query time: 4 msec
;; SERVER: 128.42.178.42#53(128.42.178.42)
;; WHEN: Mon Aug 12 14:31:54 2013
;; MSG SIZE  rcvd: 143

Here are the pertinent entries from the records table:

pdns=> select * from records where name = 'imap.mail.rice.edu';
    id    | domain_id |        name        | type  |       content       | ttl  | prio | change_date 
----------+-----------+--------------------+-------+---------------------+------+------+-------------
 93787060 |        71 | imap.mail.rice.edu | CNAME | imap.netfu.rice.edu | 3600 |    0 |  1187098853
(1 row)

pdns=> select * from records where name = 'netfu.rice.edu';
    id    | domain_id |      name      | type |       content       | ttl  | prio | change_date 
----------+-----------+----------------+------+---------------------+------+------+-------------
 97699071 |         1 | netfu.rice.edu | NS   | netscaler3.rice.edu | 3600 |    0 |  1324405987
 97698982 |         1 | netfu.rice.edu | NS   | netscaler2.rice.edu | 3600 |    0 |  1324564910
(2 rows)

Here is the result for querying the recursor directly:
map.mail.rice.edu -p 552 @localhost

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.5 <<>> imap.mail.rice.edu @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62232
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;imap.mail.rice.edu.		IN	A

;; ANSWER SECTION:
imap.mail.rice.edu.	1618	IN	CNAME	imap.netfu.rice.edu.
imap.netfu.rice.edu.	10	IN	A	128.42.204.112

;; Query time: 2 msec
;; SERVER: 127.0.0.1#552(127.0.0.1)
;; WHEN: Mon Aug 12 14:40:24 2013
;; MSG SIZE  rcvd: 77


Why isn't pdns-3.3 recursing the CNAME?

Regards,
Ken

More information about the Pdns-users mailing list