[Pdns-users] FQDN vs "shortcut" host lookups

Jason Frisvold xenophage at godshell.com
Tue Jan 6 19:02:31 UTC 2015

Hi all,

	I'm looking for some information/recommendations about how to handle
subdomains in pdns.  I'm experiencing some odd behavior which appears as
though it might be correct, but had previously worked when we ran bind
as our resolver.

	Some quick background.  We had several bind servers running as both
authoritative and recursive nameservers.  My understanding is that since
all of the servers were authoritative, they answered queries for local
domains directly without having to hit the root nameservers.  With the
new pdns recursors, I just let recursion happen and a query for the
local domain goes through the motions just like any other domain.  I'm
aware I can forward if needed, I just haven't bothered yet.

	I believe "normal" DNS operations are working.  I am hitting an odd
case that isn't, though.  If I shortcut DNS by not appending the domain,
it only works for the primary domain.  (If there's a technical term for
this, I'd love to know what it is)

	For example, my primary domain is example.com and I have two
subdomains, dev.example.com and stage.example.com.  If I perform a query
on the primary domain, it works fine, even with just the hostname:

$ host www.example.com
www.example.com has address

$ host www
www.example.com has address

	For the subdomains, though, only a FQDN lookup works :

$ host www.stage.example.com
www.stage.example.com has address

$ host www.stage
Host www.stage not found: 3(NXDOMAIN)

	And the dev subdomain is even more interesting :

$ host www.dev.example.com
www.dev.example.com has address

$ host www.dev
www.dev has address
www.dev mail is handled by 10 your-dns-needs-immediate-attention.dev.

	Though I believe the dev response may be a result of the root
nameservers having an entry for a "dev" tld, apparently owned by Google.

	Regardless, my understanding here is that the presence of a dot in the
lookup means that host is sending the request to the recursor without
appending the domain.  If I add "options ndots:2" to my
/etc/resolv.conf, then everything works as I would expect.

	But it appears that bind was doing something to handle these cases
without having to make client changes.  Is this possible with pdns?  Or
am I missing something important here?


Jason 'XenoPhage' Frisvold
xenophage at godshell.com

"Any sufficiently advanced magic is indistinguishable from technology.\"
- Niven's Inverse of Clarke's Third Law

More information about the Pdns-users mailing list