[Pdns-users] PDNS does not send info for reverse DNS

Bart-Jan van Hummel bvanhummel at openforest.nl
Mon Sep 29 12:11:42 UTC 2014 

> Sent: Friday, 26 September, 2014 5:58:05 PM 

> Realy strange. Ok let's try step by step. 
> Does your authoritative DNS Server work? Log-in into your DNS Server and 

> dig -p 5300 @127.0.0.1 -x 10.20.0.4 

The 10.20.0.4 is the DNS server, also running munki. 
I will also dig 10.20.0.2 / 10.20.1.2 / 10.20.2.2 I guess these are the ones you are really looking for right? 


DNS: 10.20.0.4 

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p 5300 @127.0.0.1 -x 10.20.0.4 
; (1 server found) 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57168 
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 

;; QUESTION SECTION: 
;4.0.20.10.in-addr.arpa. IN PTR 

;; ANSWER SECTION: 
4.0.20.10.in-addr.arpa. 86400 IN PTR munki.test.localnetwork. 

;; Query time: 0 msec 
;; SERVER: 127.0.0.1#5300(127.0.0.1) 
;; WHEN: Mon Sep 29 13:57:00 2014 
;; MSG SIZE rcvd: 75 

============================= 

dig -p 5300 @127.0.0.1 -x 10.20.0.4 

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p 5300 @127.0.0.1 -x 10.20.0.2 
; (1 server found) 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50834 
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 

;; QUESTION SECTION: 
;2.0.20.10.in-addr.arpa. IN PTR 

;; ANSWER SECTION: 
2.0.20.10.in-addr.arpa. 86400 IN PTR datacenter.test.openforest. 

;; Query time: 1 msec 
;; SERVER: 127.0.0.1#5300(127.0.0.1) 
;; WHEN: Mon Sep 29 13:57:45 2014 
;; MSG SIZE rcvd: 80 

============================= 

dig -p 5300 @127.0.0.1 -x 10.20.1.4 

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p 5300 @127.0.0.1 -x 10.20.1.2 
; (1 server found) 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20763 
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 

;; QUESTION SECTION: 
;2.1.20.10.in-addr.arpa. IN PTR 

;; ANSWER SECTION: 
2.1.20.10.in-addr.arpa. 86400 IN PTR locatie01.test.openforest. 

;; Query time: 2 msec 
;; SERVER: 127.0.0.1#5300(127.0.0.1) 
;; WHEN: Mon Sep 29 14:00:51 2014 
;; MSG SIZE rcvd: 79 

============================= 

dig -p 5300 @127.0.0.1 -x 10.20.2.4 

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -p 5300 @127.0.0.1 -x 10.20.2.2 
; (1 server found) 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36428 
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 

;; QUESTION SECTION: 
;2.2.20.10.in-addr.arpa. IN PTR 

;; ANSWER SECTION: 
2.2.20.10.in-addr.arpa. 86400 IN PTR locatie02.test.openforest. 

;; Query time: 3 msec 
;; SERVER: 127.0.0.1#5300(127.0.0.1) 
;; WHEN: Mon Sep 29 14:01:06 2014 
;; MSG SIZE rcvd: 79 

============================= 


> If this works, test your Recursor. Also on the same DNS Server, try 

dig @10.20.0.4 -x 10.20.0.4 

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @10.20.0.4 -x 10.20.0.4 
; (1 server found) 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3879 
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 

;; QUESTION SECTION: 
;4.0.20.10.in-addr.arpa. IN PTR 

;; ANSWER SECTION: 
4.0.20.10.in-addr.arpa. 86400 IN PTR munki.test.openforest. 

;; Query time: 5 msec 
;; SERVER: 10.20.0.4#53(10.20.0.4) 
;; WHEN: Mon Sep 29 14:03:07 2014 
;; MSG SIZE rcvd: 75 

============================= 

dig @10.20.0.4 -x 10.20.0.2 

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @10.20.0.4 -x 10.20.0.2 
; (1 server found) 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53303 
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 

;; QUESTION SECTION: 
;2.0.20.10.in-addr.arpa. IN PTR 

;; ANSWER SECTION: 
2.0.20.10.in-addr.arpa. 86400 IN PTR datacenter.test.openforest. 

;; Query time: 3 msec 
;; SERVER: 10.20.0.4#53(10.20.0.4) 
;; WHEN: Mon Sep 29 14:03:29 2014 
;; MSG SIZE rcvd: 80 

============================= 
dig @10.20.0.4 -x 10.20.1.2 

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @10.20.0.4 -x 10.20.1.2 
; (1 server found) 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51247 
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 

;; QUESTION SECTION: 
;2.1.20.10.in-addr.arpa. IN PTR 

;; ANSWER SECTION: 
2.1.20.10.in-addr.arpa. 86400 IN PTR locatie01.test.openforest. 

;; Query time: 5 msec 
;; SERVER: 10.20.0.4#53(10.20.0.4) 
;; WHEN: Mon Sep 29 14:03:49 2014 
;; MSG SIZE rcvd: 79 


============================= 
dig @10.20.0.4 -x 10.20.2.2 

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @10.20.0.4 -x 10.20.2.2 
; (1 server found) 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40902 
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 

;; QUESTION SECTION: 
;2.2.20.10.in-addr.arpa. IN PTR 

;; ANSWER SECTION: 
2.2.20.10.in-addr.arpa. 86400 IN PTR locatie02.test.openforest. 

;; Query time: 3 msec 
;; SERVER: 10.20.0.4#53(10.20.0.4) 
;; WHEN: Mon Sep 29 14:04:05 2014 
;; MSG SIZE rcvd: 79 
============================= 



> If this works, do the same on your clients: 

dig @10.20.0.4 -x 10.20.0.4 

; <<>> DiG 9.8.3-P1 <<>> @10.20.0.4 -x 10.20.0.4 
; (1 server found) 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10954 
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 

;; QUESTION SECTION: 
;4.0.20.10.in-addr.arpa. IN PTR 

;; ANSWER SECTION: 
4.0.20.10.in-addr.arpa. 86238 IN PTR munki.test.openforest. 

;; Query time: 6 msec 
;; SERVER: 10.20.0.4#53(10.20.0.4) 
;; WHEN: Mon Sep 29 14:05:52 2014 
;; MSG SIZE rcvd: 75 

============================= 
dig @10.20.0.4 -x 10.20.0.2 

; <<>> DiG 9.8.3-P1 <<>> @10.20.0.4 -x 10.20.0.2 
; (1 server found) 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24835 
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 

;; QUESTION SECTION: 
;2.0.20.10.in-addr.arpa. IN PTR 

;; ANSWER SECTION: 
2.0.20.10.in-addr.arpa. 86400 IN PTR datacenter.test.openforest. 

;; Query time: 5 msec 
;; SERVER: 10.20.0.4#53(10.20.0.4) 
;; WHEN: Mon Sep 29 14:06:36 2014 
;; MSG SIZE rcvd: 80 


============================= 
dig @10.20.0.4 -x 10.20.1.2 

; <<>> DiG 9.8.3-P1 <<>> @10.20.0.4 -x 10.20.1.2 
; (1 server found) 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61848 
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 

;; QUESTION SECTION: 
;2.1.20.10.in-addr.arpa. IN PTR 

;; ANSWER SECTION: 
2.1.20.10.in-addr.arpa. 86259 IN PTR locatie01.test.openforest. 

;; Query time: 2 msec 
;; SERVER: 10.20.0.4#53(10.20.0.4) 
;; WHEN: Mon Sep 29 14:06:13 2014 
;; MSG SIZE rcvd: 79 

============================= 
dig @10.20.0.4 -x 10.20.2.2 

; <<>> DiG 9.8.3-P1 <<>> @10.20.0.4 -x 10.20.2.2 
; (1 server found) 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9597 
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 
;; WARNING: Messages has 4 extra bytes at end 

;; QUESTION SECTION: 
;2.2.20.10.in-addr.arpa. IN PTR 

;; Query time: 0 msec 
;; SERVER: 10.20.0.4#53(10.20.0.4) 
;; WHEN: Mon Sep 29 14:07:06 2014 
;; MSG SIZE rcvd: 44 



Well these are the lines which strike me as odd: 

;; WARNING: Messages has 4 extra bytes at end 
;; Query time: 0 msec 
;; MSG SIZE rcvd: 44 

But then again I don't know what to do with it. ;) 





Am 26.09.2014 15:58, schrieb Bart-Jan van Hummel: 





> Maybe you didn't stopped it before you restarted? In this case config changes didn't apply to the (running) Recursor. 

Well I just did a service pdns-recursor restart 

So I did some more testing and I found something else: it doesn't change my problem, but it does make the problem worse ;-) 

In the pdns.conf I turned on the module-dir like this: 

to: 
module-dir=/usr/lib/powerdns 

Now the module dir does not have any modules in there. 
but it seems that turning this on will cause the DNS to stop answering on any reverse lookup of machines which are not in the main router. 

So these wil not have an answer section: 
~ root# dig @10.20.0.4 -x 10.20.1.4 
~ root# dig @10.20.0.4 -x 10.20.2.4 

And this will: 
~ root# dig @10.20.0.4 -x 10.20.0.4 
~ root# dig @10.20.0.4 -x 10.20.0.5 

I am asking in the 10.20.2.x network... 





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140929/4ee83923/attachment-0001.html>

More information about the Pdns-users mailing list