[Pdns-users] NS delegation problems

Stefan Schmidt zaphodb at zaphods.net
Wed Feb 4 12:41:42 UTC 2015 

On 2015-02-04 13:10, James Cornman wrote:
> Hello,

Hi James,

> - There is an SOA record for the zone 94.145.204.in-addr.arpa
> - There are NS records for the zone 94.145.204.in-addr.arpa
> - There is an NS record for 100.94.145.204.in-addr.arpa
> - The NS server in the content field is not hosted by our DNS servers.
> - I've tried toggling the out-of-zone-additional-processing,
> send-root-referral fields
> - Same behavior on auth only servers vs auth + recursor servers
> - Have tried setting up a zone with SOA/NS records, and A record for
> the customer's DNS server, 
> PDNS: Not working. No answer returned.

Below it seems that it answers just fine though.

> [james at eng:~] % dig @10.250.50.237 [2] 100.94.145.204.in-addr.arpa
> ptr 
> 
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @10.250.50.237
> [2] 100.94.145.204.in-addr.arpa ptr
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40501
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;100.94.145.204.in-addr.arpa.   IN      PTR
> 
> ;; AUTHORITY SECTION:
> 100.94.145.204.in-addr.arpa. 3600 IN    NS    
>  ns17.bitronictech.net.
> 
> ;; Query time: 3 msec
> ;; SERVER: 10.250.50.237#53(10.250.50.237)
> ;; WHEN: Tue Feb  3 15:48:47 2015
> ;; MSG SIZE  rcvd: 80

This does not seem wrong.


> BIND. Works fine. 
> 
> [james at eng:~] % dig @208.78.27.4 [5] 100.94.145.204.in-addr.arpa ptr
>   
> 
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @208.78.27.4
> [5] 100.94.145.204.in-addr.arpa ptr
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2875
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
> 
> ;; QUESTION SECTION:
> ;100.94.145.204.in-addr.arpa.   IN      PTR
> 
> ;; ANSWER SECTION:
> 100.94.145.204.in-addr.arpa. 7200 IN    PTR     lopfar.net.
> 
> ;; AUTHORITY SECTION:
> 100.94.145.204.in-addr.arpa. 3600 IN    NS    
>  ns17.bitronictech.net.
> 
> ;; ADDITIONAL SECTION:
> ns17.bitronictech.net.  5046    IN      A      
> 204.145.94.184
> 
> ;; Query time: 3 msec
> ;; SERVER: 208.78.27.4#53(208.78.27.4)
> ;; WHEN: Tue Feb  3 15:48:

Here you ask with the "rd" aka recursion desired flag and it appears 
that your BIND Server is indeed configured to recurse for you and go ask 
ns17.bitronictech.net about the PTR for 100.94.145.204.in-addr.arpa. 
This is now recursive DNS works, however it is not how authoritative DNS 
works. BIND just happens to do both at the same time.

Did you try setting up a recursive nameserver to ask your PowerDNS auth 
Server at 10.250.50.237 for 94.145.204.in-addr.arpa and then query it 
for the PTR of 100.94.145.204.in-addr.arpa?


best regards,

  Stefan

More information about the Pdns-users mailing list