[Pdns-users] Problem with how PowerDNS answers when not authoritative.

bert hubert bert.hubert at netherlabs.nl
Wed Mar 6 13:00:50 UTC 2013


On Wed, Mar 06, 2013 at 01:48:01PM +0100, Fredrik Dahlberg wrote:
> Hello,
> 
> I have a situation where PowerDNS Authoritative server answers queries
> differently from how BIND does it, when it is not authoritative for a zone.
> 
> PowerDNS (3.2):
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59699
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available

This is weird, and unlikely to be the whole story. PowerDNS will supply
different answers based on the 'send-root-referral' setting. This may help you, 

send-root-referral | --send-root-referral=yes | --send-root-referral=no |
--send-root-referral=lean
If set, PowerDNS will send out old-fashioned root-referrals when queried for
domains for which it is not authoritative. Wastes some bandwidth but may
solve incoming query floods if domains are delegated to you for which you
are not authoritative, but which are queried by broken recursors. Available
since version 2.9.19.

Since version 2.9.21, it is possible to specify 'lean' root referrals, which
waste less bandwidth.


> The problem is that resolvers seem to treat this as a final answer, and
> won't proceed to the next server.

You might want to double check if you don't have a '.' or '' zone in your
database which might be confusing PowerDNS.

	Bert




More information about the Pdns-users mailing list