[Pdns-users] pdns recursive lookup problem

Anton pdns at csg.cx
Wed Mar 25 17:05:27 UTC 2015 

Hello,

I've got stuck while setting up a pdns server. It is running on
10.3.0.8. Backend is MySQL.

I set up a root-zone (abc.) with some resource records. If I do "dig
@10.3.0.8 test.abc", the correct A record is returned.
Afterwards I tried to set up some delegation. In my abc root-zone I
added these records:

other.abc    NS    a.other.abc
a.other.abc    A    10.3.0.3

On 10.3.0.3 I am running ISC Bind. "dig @10.3.0.3 www.other.abc" returns
a valid A record:
> ; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> www.other.abc
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13954
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;www.other.abc.                 IN      A
>
> ;; ANSWER SECTION:
> www.other.abc.          10800   IN      A       10.3.0.4
>
> ;; AUTHORITY SECTION:
> other.abc.              10800   IN      NS      a.other.abc.
>
> ;; ADDITIONAL SECTION:
> a.other.abc.            10800   IN      A       10.3.0.3
>
> ;; Query time: 3 msec
> ;; SERVER: 10.3.0.3#53(10.3.0.3)
> ;; WHEN: Wed Mar 25 17:32:42 CET 2015
> ;; MSG SIZE  rcvd: 90



"dig @10.3.0.8 www.other.abc" returns:
> ; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> @10.3.0.8 www.other.abc
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1427
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 2800
> ;; QUESTION SECTION:
> ;www.other.abc.                 IN      A
>
> ;; AUTHORITY SECTION:
> other.abc.              86400   IN      NS      a.other.abc.
>
> ;; ADDITIONAL SECTION:
> a.other.abc.            86400   IN      A       10.3.0.3
>
> ;; Query time: 1 msec
> ;; SERVER: 10.3.0.8#53(10.3.0.8)
> ;; WHEN: Wed Mar 25 17:34:05 CET 2015
> ;; MSG SIZE  rcvd: 74

This is the behavior I want to have. I think, the problem is that no
A-record is returned, but the RA-flag is set. A resolver gets the
information, that no A-record exists, because 10.3.0.8 claims to search
recursively. If set the default DNS server on my client machine to
10.3.0.8, I cannot resolve www.other.abc. Ping returns unknown host. How
do I remove the RA-flag from this response?

I am using pdns-recursor, because I also want to be able to resolve
public domains (like .com) with my dns server.

pdns runs at 10.3.0.8:53, pdns-recursor runs at 127.0.0.1:53.

This is a snippet of my pdns.conf:
allow-recursion=10.0.0.0/8    (Should be ok, because I only want to use
DNS in my home network)
recursor=127.0.0.1


This is a snippet of my recursor.conf:
allow-from=127.0.0.1

I played with forward-zones and forward-zones-recurse, but it didn't
really work.

How do I make pdns resolve records recursively?
It would also be ok to disable all recursive functions and just refer to
the authoritative nameservers. It worked for my .abc root zone, but not
for public zones like .com, because pdns did not send authority information.

Thank you in advance
Anton

More information about the Pdns-users mailing list