[Pdns-users] strange servfail

Martin domains at crystalline.nl
Thu Oct 29 20:11:16 UTC 2015 

 

Hi, 

Sure, one of the domains that is giving me trouble is hoofdluis.nl 

- dnssec is disabled for this backend in Powerdns config 

- here's a few lines from the 'records' table: 

| id | domain_id | name | type | content | ttl | prio | change_date |
disabled | ordername | auth |
+-----+-----------+------------------------+------+------------------------------------------------------------------------+-------+------+-------------+----------+-----------+------+
| 349 | 38 | hoofdluis.nl | SOA | ns1.sonexo.eu info.sonexo.nl
2015102902 10800 3600 604800 3600 | 86400 | 0 | 1446148124 | 0 | NULL |
1 |
| 350 | 38 | hoofdluis.nl | NS | ns1.sonexo.eu | 86400 | 0 | 1446122706
| 0 | NULL | 1 |
| 351 | 38 | hoofdluis.nl | NS | ns2.sonexo.com | 86400 | 0 | 1446122706
| 0 | NULL | 1 |
| 352 | 38 | www.hoofdluis.nl | A | 185.27.174.120 | 86400 | 0 |
1446122706 | 0 | NULL | 1 |
| 353 | 38 | hoofdluis.nl | A | 185.27.174.120 | 86400 | 0 | 1446122706
| 0 | NULL | 1 |
| 355 | 38 | localhost.hoofdluis.nl | A | 127.0.0.1 | 86400 | 0 |
1446122706 | 0 | NULL | 1 |

- root at ns1:/etc/powerdns/pdns.d# pdnssec check-zone hoofdluis.nl
Checked 12 records of 'hoofdluis.nl', 0 errors, 0 warnings.

I should probably add that we are running two backends, both MySQL on
the same server, spread out over two different databases. One backend is
more advanced and uses custom queries and dnssec but has no records
whatsoever for any of the domains in the second backend, and vice versa.
Advanced backend is queried first, regular one next. It'd be easy to
point to this as the source of the problem but I cannot find any clue
that it is causing problems since MySQL queries are ok and the first
(more advanced) backend does not return any data at all for the domain
hoofdluis.nl so the second backend is definitely in control. 

Martin 

On 29-10-2015 20:39, Aki Tuomi wrote: 

> Is it possible for you to provide actual data? Also,
> - have you turned on dnssec support? gmysql-dnssec=yes
> - can you provide the actual line(s) from mysql database
> - can you run pdnssec check-zone zone
> 
> Aki
> 
> On Thu, Oct 29, 2015 at 08:18:29PM +0100, Martin wrote:
> Hi, Thanks for your reply. I'm using Poweradmin and everything seems to be ok in the database, no mixup of types and content or anything. I forgot to add that if I query the authoritative nameserver for the domain directly, dig works as expected: dig a abc.example.com @ns1.mynsserver gives me the expected NXDOMAIN result. I have enabled MySQL query log and it appears that some queries are fired but somehow the requesting client is unable to determine who is authoritative or something. You see, when I use nslookup in debug mode this happens: ------------ QUESTIONS: abc.example.com, type = A, class = IN ANSWERS: AUTHORITY RECORDS: ADDITIONAL RECORDS: ------------ ** server can't find abc.example.com: SERVFAIL I would expect to at least get some authority records. Again, www.example.com [1]is working fine in nslookup & dig. Martin On 29-10-2015 18:12, bert hubert wrote: Hi Martin, You appear to have put domain names in the type field! The error messages say the type is
example.example.com. Bert On Oct 29, 2015 17:10, Martin <domains at crystalline.nl> wrote: Hi, I have setup a simple MySQL backend for a domain with a few MX records, a couple of A records, two NS records and a SOA record for the domain. All dig commands are run from a completely unrelated server: dig a www.example.com [1] [1] is working: it returns the right A record dig a example.com is working: it returns the right A record Now this is where things go wrong: dig a abc.example.com returns a SERVFAIL but I am expecting a NXDOMAIN response because there is no A record for abc.example.com I checked the PowerDNS logs and this is there: Oct 29 16:44:45 ns1 pdns[27687]: Exception building answer packet (Unknown DNS type 'example.example.com') sending out servfail Oct 29 16:44:45 ns1 pdns[27687]: Exception building answer packet (Unknown DNS type 'example.example.com') sending out servfail Oct 29 16:44:45 ns1 pdns[27687]: Exception building answer packet (Unknown DNS type
'example.example.com') sending out servfail Oct 29 16:44:45 ns1 pdns[27687]: Exception building answ
 er packet (Unknown DNS type 'example.example.com') sending out servfail
Oct 29 16:44:45 ns1 pdns[27687]: Exception building answer packet
(Unknown DNS type 'example.example.com') sending out servfail Five
messages with unknow dns type 'domain.domain.tld'. I have tried an
online tool like http://www.kloth.net/services/dig.php [3] [2] as well
and it generates the same error in the logs but only once instead of
five times. Can anyone point me in the right direction? I'm stumped. I'm
running the latest version on Debian. Thanks, Martin Links: ------ [1]
http://www.example.com [1] [2] http://www.kloth.net/services/dig.php [3]


> _______________________________________________ Pdns-users mailing list Pdns-users at mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users [2]
 

Links:
------
[1] http://www.example.com
[2] http://mailman.powerdns.com/mailman/listinfo/pdns-users
[3] http://www.kloth.net/services/dig.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20151029/bb6cc636/attachment-0001.html>

More information about the Pdns-users mailing list