[Pdns-users] strange servfail
Martin
domains at crystalline.nl
Mon Nov 2 11:38:39 UTC 2015
As far as I know this issue has been solved for now. The custom query
for the cryptokeys returned a few rows even for domains that were not in
the backend (we use one set of keys for all our domains so the query
didn't use a domain filter at all in the WHERE clause). I guess in the
older version of Powerdns we were running this wasn't a problem for
Powerdns but in this version it is. I modified the query and now it
correctly returns NXDOMAIN for the simple, non-custom-query backend. The
other issue is still open so I will continue discussion about that in
that thread. Thanks so far for your help.
Martin
On 01-11-2015 17:14, Aki Tuomi wrote:
> Can you show your custom queries?
>
> Aki
>
> On Sun, Nov 01, 2015 at 03:41:41PM +0100, Martin wrote:
>> Yes, but I have checked and double checked all custom queries, and
>> all fields in the SELECT clauses are in the correct order (correct =
>> order of fields as in the Powerdns source code queries). I have no
>> idea where that malformed type is coming from. When I disable the
>> backend with the custom queries everything is ok with this domain,
>> but like I said, I cannot figure out why Powerdns does what it does
>> when both backends are active.
>>
>> Martijn
>>
>>
>> On 30-10-2015 17:41, Aki Tuomi wrote:
>> >That, again, means that you have dns name in type column.
>> >
>> >On Thu, Oct 29, 2015 at 09:32:48PM +0100, Martin wrote:
>> >>No, except for the aforementioned ' unknown dns type
>> >>'hoofdluis.hoofdluis.nl' ' message which is probably why the queries
>> >>fail but I am unable to track down where this error is coming from.
>> >>I'm guessing Powerdns tries to build a query and decided something
>> >>is wrong, but since it is never actually executed in the database it
>> >>doesn't show up in the MySQL query logs.
>> >>
>> >>Martijn
>> >>
>> >>
>> >>On 29-10-2015 21:22, Aki Tuomi wrote:
>> >>>When you get SERVFAIL, do you see anything in
>> >>>
>> >>>/var/log/syslog or /var/log/messages
>> >>>
>> >>>Aki
>> >>>
>> >>>On Thu, Oct 29, 2015 at 09:11:16PM +0100, Martin wrote:
>> >>>>
>> >>>>
>> >>>>Hi,
>> >>>>
>> >>>>Sure, one of the domains that is giving me trouble is hoofdluis.nl
>> >>>>
>> >>>>- dnssec is disabled for this backend in Powerdns config
>> >>>>
>> >>>>- here's a few lines from the 'records' table:
>> >>>>
>> >>>>| id | domain_id | name | type | content | ttl | prio | change_date |
>> >>>>disabled | ordername | auth |
>> >>>>+-----+-----------+------------------------+------+------------------------------------------------------------------------+-------+------+-------------+----------+-----------+------+
>> >>>>| 349 | 38 | hoofdluis.nl | SOA | ns1.sonexo.eu info.sonexo.nl
>> >>>>2015102902 10800 3600 604800 3600 | 86400 | 0 | 1446148124 | 0 |
>> >>>>NULL |
>> >>>>1 |
>> >>>>| 350 | 38 | hoofdluis.nl | NS | ns1.sonexo.eu | 86400 | 0 |
>> >>>>1446122706
>> >>>>| 0 | NULL | 1 |
>> >>>>| 351 | 38 | hoofdluis.nl | NS | ns2.sonexo.com | 86400 | 0 |
>> >>>>1446122706
>> >>>>| 0 | NULL | 1 |
>> >>>>| 352 | 38 | www.hoofdluis.nl | A | 185.27.174.120 | 86400 | 0 |
>> >>>>1446122706 | 0 | NULL | 1 |
>> >>>>| 353 | 38 | hoofdluis.nl | A | 185.27.174.120 | 86400 | 0 |
>> >>>>1446122706
>> >>>>| 0 | NULL | 1 |
>> >>>>| 355 | 38 | localhost.hoofdluis.nl | A | 127.0.0.1 | 86400 | 0 |
>> >>>>1446122706 | 0 | NULL | 1 |
>> >>>>
>> >>>>- root at ns1:/etc/powerdns/pdns.d# pdnssec check-zone hoofdluis.nl
>> >>>>Checked 12 records of 'hoofdluis.nl', 0 errors, 0 warnings.
>> >>>>
>> >>>>I should probably add that we are running two backends, both MySQL on
>> >>>>the same server, spread out over two different databases. One
>> >>>>backend is
>> >>>>more advanced and uses custom queries and dnssec but has no records
>> >>>>whatsoever for any of the domains in the second backend, and
>> >>>>vice versa.
>> >>>>Advanced backend is queried first, regular one next. It'd be easy to
>> >>>>point to this as the source of the problem but I cannot find any clue
>> >>>>that it is causing problems since MySQL queries are ok and the first
>> >>>>(more advanced) backend does not return any data at all for the domain
>> >>>>hoofdluis.nl so the second backend is definitely in control.
>> >>>>
>> >>>>Martin
>> >>>>
>> >>>>On 29-10-2015 20:39, Aki Tuomi wrote:
>> >>>>
>> >>>>> Is it possible for you to provide actual data? Also,
>> >>>>> - have you turned on dnssec support? gmysql-dnssec=yes
>> >>>>> - can you provide the actual line(s) from mysql database
>> >>>>> - can you run pdnssec check-zone zone
>> >>>>>
>> >>>>> Aki
>> >>>>>
>> >>>>> On Thu, Oct 29, 2015 at 08:18:29PM +0100, Martin wrote:
>> >>>>> Hi, Thanks for your reply. I'm using Poweradmin and everything seems to be ok in the database, no mixup of types and content or anything. I forgot to add that if I query the authoritative nameserver for the domain directly, dig works as expected: dig a abc.example.com @ns1.mynsserver gives me the expected NXDOMAIN result. I have enabled MySQL query log and it appears that some queries are fired but somehow the requesting client is unable to determine who is authoritative or something. You see, when I use nslookup in debug mode this happens: ------------ QUESTIONS: abc.example.com, type = A, class = IN ANSWERS: AUTHORITY RECORDS: ADDITIONAL RECORDS: ------------ ** server can't find abc.example.com: SERVFAIL I would expect to at least get some authority records. Again, www.example.com [1]is working fine in nslookup & dig. Martin On 29-10-2015 18:12, bert hubert wrote: Hi Martin, You appear to have put domain names in the type field! The error messages say the type is
>> >>>>example.example.com. Bert On Oct 29, 2015 17:10, Martin
>> >>>><domains at crystalline.nl> wrote: Hi, I have setup a simple MySQL
>> >>>>backend for a domain with a few MX records, a couple of A
>> >>>>records, two NS records and a SOA record for the domain. All dig
>> >>>>commands are run from a completely unrelated server: dig a
>> >>>>www.example.com [1] [1] is working: it returns the right A
>> >>>>record dig a example.com is working: it returns the right A
>> >>>>record Now this is where things go wrong: dig a abc.example.com
>> >>>>returns a SERVFAIL but I am expecting a NXDOMAIN response
>> >>>>because there is no A record for abc.example.com I checked the
>> >>>>PowerDNS logs and this is there: Oct 29 16:44:45 ns1
>> >>>>pdns[27687]: Exception building answer packet (Unknown DNS type
>> >>>>'example.example.com') sending out servfail Oct 29 16:44:45 ns1
>> >>>>pdns[27687]: Exception building answer packet (Unknown DNS type
>> >>>>'example.example.com') sending out servfail Oct 29 16:44:45 ns1
>> >>>>pdns[27687]: Exception building answer packet (Unknown DNS type
>> >>>>'example.example.com') sending out servfail Oct 29 16:44:45 ns1
>> >>>>pdns[27687]: Exception building answ
>> >>>> er packet (Unknown DNS type 'example.example.com') sending out
>> >>>>servfail
>> >>>>Oct 29 16:44:45 ns1 pdns[27687]: Exception building answer packet
>> >>>>(Unknown DNS type 'example.example.com') sending out servfail Five
>> >>>>messages with unknow dns type 'domain.domain.tld'. I have tried an
>> >>>>online tool like http://www.kloth.net/services/dig.php [3] [2] as well
>> >>>>and it generates the same error in the logs but only once instead of
>> >>>>five times. Can anyone point me in the right direction? I'm
>> >>>>stumped. I'm
>> >>>>running the latest version on Debian. Thanks, Martin Links: ------ [1]
>> >>>>http://www.example.com [1] [2]
>> >>>>http://www.kloth.net/services/dig.php [3]
>> >>>>
>> >>>>
>> >>>>> _______________________________________________ Pdns-users mailing list Pdns-users at mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users [2]
>> >>>>
>> >>>>
>> >>>>Links:
>> >>>>------
>> >>>>[1] http://www.example.com
>> >>>>[2] http://mailman.powerdns.com/mailman/listinfo/pdns-users
>> >>>>[3] http://www.kloth.net/services/dig.php
>> >>>
>> >>>>_______________________________________________
>> >>>>Pdns-users mailing list
>> >>>>Pdns-users at mailman.powerdns.com
>> >>>>http://mailman.powerdns.com/mailman/listinfo/pdns-users
>> >>
>> >>_______________________________________________
>> >>Pdns-users mailing list
>> >>Pdns-users at mailman.powerdns.com
>> >>http://mailman.powerdns.com/mailman/listinfo/pdns-users
>> >>
>>
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>>
More information about the Pdns-users
mailing list