[Pdns-users] PowerDNS Delegation (SmartConnect Isilon)

Michael Loftis mloftis at wgops.com
Fri Dec 13 18:08:34 UTC 2013


No you definitely do not want to add an A record for
labisilon.lab.domain.com to the powerdns server, that would cause it
to always serve the A record.  From the response information I take it
the powerdns server isn't your recursive resolver (IE it's not whats
in the /etc/resolv.conf or equivalent for your platform) - but from
the output you've shown me the first half of the delegation is fine.
The second half of the delegation must also exist or BIND in
particular won't count it as valid (though the validation is lazy so
you'll sometimes get an answer, but most of the time not) -- and hte
second half is the matching NS record on the isilon, and the SOA
(though the SOA is less important) -- you'll want to do the same dig
@x.x.x.x NS labisilon.lab.domain.com and dig @x.x.x.x A
labisilon.lab.domain.com - this is all part of diagnosing what
actually *is* happening with this delegation. If the NS records aren't
being returned from the isilon or the A or SOA isn't I can't really
help you out there if those aren't there as I've never used the
smartconnect product though there's a small chance I can get some
information since we used their storage boxes at my present day job
years back before I started (We literally have a couple racks worth of
them sitting around after being decommissioned).


... reading a bit in...is securustech.net the actual domain?  It has
wild cards which would be causing all manner of hell for you, if the A
record you're getting back is the same as I'm seeing from the outside
- 69.43.161.163 - then that would explain your problems.  Your
recursive resolver is getting the wildcard answers from your outside
nameservers.

On Fri, Dec 13, 2013 at 8:23 AM, Drew Decker <drewrockshard at gmail.com> wrote:
> Same output -
>
> dig @psl-pdns01 A pslisilon.lab.securustech.net
>
> ; <<>> DiG 9.8.3-P1 <<>> @pdns01 A labisilon.lab.domain.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24930
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;labisilon.lab.domain.com. IN A
>
> ;; AUTHORITY SECTION:
> labisilon.lab.domain.com 900 IN NS lab-isilon.lab.domain.com.
>
> ;; ADDITIONAL SECTION:
> lab-isilon.lab.domain.com. 900 IN A x.x.x.x
>
> ;; Query time: 2 msec
>
> Do I need to specifically add an “A” record of labisilon.lab.domain.com ->
> x.x.x.x?
> --
> Drew Decker
> Sent with Airmail
>
> On December 13, 2013 at 10:18:10 AM, Michael Loftis (mloftis at wgops.com)
> wrote:
>
> labisilon.lab.example.com



-- 

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler




More information about the Pdns-users mailing list