[Pdns-users] Debugging bogus NXDOMAIN replies

Willem de Groot willem at byte.nl
Mon Jun 30 15:15:49 UTC 2014


Hi pdns people! The following issue has kept me busy for many days to no
avail. Suggestions are much appreciated.

My pdns auth server answers 2M queries per day. At random times, but about
once or twice per day, an unexpected NXDOMAIN reply is sent out. The auth
log (loglevel 9) dutifully but sparingly reports:

Jun 30 14:31:49 dns2.c1.internal pdns[2100]: Authoritative NXDOMAIN to
10.1.2.222 for 'database25.c1.internal' (A)

This record certainly exists in the gmysql backend, as is demonstrated by
the thousands of successful lookups [1]. How would I debug this issue? Is
there perhaps a way to crank up logging for the gmysql module (queries and
replies)? I couldn't find any references to this record in the
mysql-slow.log, while other queries >1sec are logged there.

NB, there some suspects:

* pdns auth version is 2.9.22-8+squeeze1 (standard Debian)
* mysql db schema is still myisam, with 1M+ rows in the "records" table
(very infrequent updates though)

Because updating is quite a hassle, I'd like to do that as a last resort.
Plus, I can't stand not knowing where the failure is coming from ;)

TIA!
Willem

[1] As witnessed by tcpdump:

A good reply:
    10.1.2.222.53 > 10.1.2.222.9617: 62526*- q: A? dbint029896.c1.internal.
2/0/0 dbint029896.c1.internal. CNAME database25.c1.internal.,
database25.c1.internal. A 10.1.2.126 (82)

A bad reply (cname yes, a record no)
    10.1.2.222.53 > 10.1.2.222.12384: 28255 NXDomain*- q: A?
dbint029896.c1.internal. 1/1/0 dbint029896.c1.internal. CNAME
database25.c1.internal. ns: internal. SOA nsa.company.nl.
hostmaster.company.nl. 2009121500 10800 3600 604800 3600 (124)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140630/2f71a59b/attachment.html>


More information about the Pdns-users mailing list