[Pdns-users] How to send NXDOMAIN using pipe backend?
Aki Tuomi
cmouse at youzen.ext.b2.fi
Sat Jun 20 13:23:31 UTC 2015
On Sat, Jun 20, 2015 at 12:05:06AM -0700, indranil.db wrote:
> Thanks Aki.
> But since 3.0, pipe-regex should have SOA as well. The regex mentioned in
> the documentation link
> https://doc.powerdns.com/md/authoritative/backend-pipe/ needs to be updated.
> If SOA is not present then the query does not reach to the backend.
> However NS qType can be omitted by the regex.
> So is there anyway at the first SOA query from PDNS, backend can send a
> response that will be treated as NXDOMAIN and that way PDNS stops querying
> to the backend further?
>
> -- IB
The problem is that PowerDNS cannot know. It has to check them, since
if you have record like ib.in.example.com and SOA is in example.com, it has to
ask
ib.in.example.com IN SOA?
you need to reply END
in.example.com IN SOA?
you need to reply END
example.com IN SOA?
you need to reply with SOA
I can see your point though, but the performance hit is not THAT bad. In your
script you can probably shortcut it quite fast, by looking at qname like this
(perl example)
if ($qname!~/\Qexample.com\B$/) {
print "END\n";
next
}
Aki
More information about the Pdns-users
mailing list