[Pdns-users] NS delegation problems
James Cornman
james+pdns at atlanticmetro.net
Wed Feb 4 12:10:50 UTC 2015
Hello,
I tried to search for the topic however I'm not sure of the proper phrasing
and thus didn't end up with clear findings.
I have several servers running powerdns..some authoritative only, on
version 3.3, and some on the latest as downloadable from the website..3.4.2
(auth) and 3.6.2 (recursor). Across all of them, I'm not able to get NS
records to external DNS servers to function. We're using gmysql backend
across the board. We've been doing authoritative on this group of systems
for a while, but have a legacy cluster of BIND servers that we're now
trying to consolidate to pdns but this problem has been a brick wall.
Our most common use case is delegating reverse DNS. There are records for
100.94.145.204.in-addr.arpa with type NS and content of ns1.customer.com,
however querying that yields no result. Previously in BIND, it works out of
the box but I cant find the magic options to let this work in PowerDNS.
Some examples are listed below, but here are some facts.
- There is an SOA record for the zone 94.145.204.in-addr.arpa
- There are NS records for the zone 94.145.204.in-addr.arpa
- There is an NS record for 100.94.145.204.in-addr.arpa
- The NS server in the content field is not hosted by our DNS servers.
- I've tried toggling the out-of-zone-additional-processing,
send-root-referral fields
- Same behavior on auth only servers vs auth + recursor servers
- Have tried setting up a zone with SOA/NS records, and A record for the
customer's DNS server,
PDNS: Not working. No answer returned.
[james at eng:~] % dig @10.250.50.237 100.94.145.204.in-addr.arpa ptr
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @10.250.50.237
100.94.145.204.in-addr.arpa
ptr
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40501
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;100.94.145.204.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
100.94.145.204.in-addr.arpa. 3600 IN NS ns17.bitronictech.net.
;; Query time: 3 msec
;; SERVER: 10.250.50.237#53(10.250.50.237)
;; WHEN: Tue Feb 3 15:48:47 2015
;; MSG SIZE rcvd: 80
Querying from the same server direct to the customers DNS server works fine:
[james at eng:~] % dig @ns17.bitronictech.net 100.94.145.204.in-addr.arpa ptr
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>>
@ns17.bitronictech.net 100.94.145.204.in-addr.arpa
ptr
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29030
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;100.94.145.204.in-addr.arpa. IN PTR
;; ANSWER SECTION:
100.94.145.204.in-addr.arpa. 7200 IN PTR lopfar.net.
;; Query time: 2 msec
;; SERVER: 204.145.94.184#53(204.145.94.184)
;; WHEN: Tue Feb 3 15:56:34 2015
;; MSG SIZE rcvd: 69
BIND. Works fine.
[james at eng:~] % dig @208.78.27.4 100.94.145.204.in-addr.arpa ptr
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @208.78.27.4
100.94.145.204.in-addr.arpa
ptr
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2875
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;100.94.145.204.in-addr.arpa. IN PTR
;; ANSWER SECTION:
100.94.145.204.in-addr.arpa. 7200 IN PTR lopfar.net.
;; AUTHORITY SECTION:
100.94.145.204.in-addr.arpa. 3600 IN NS ns17.bitronictech.net.
;; ADDITIONAL SECTION:
ns17.bitronictech.net. 5046 IN A 204.145.94.184
;; Query time: 3 msec
;; SERVER: 208.78.27.4#53(208.78.27.4)
;; WHEN: Tue Feb 3 15:48:
Any thoughts or leads are appreciated. Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20150204/29d9c005/attachment.html>
More information about the Pdns-users
mailing list