[Pdns-users] exception building answer packet
Steve Atkins
steve at blighty.com
Fri Mar 25 02:54:33 UTC 2016
I'm using a postgresql backend, and I have several zones configured to use dnssec.
Queries for resource records that exist work perfectly. The verisign online checker says my dnssec is good.
If I query for a resource record that doesn't exist without using dnssec - either one where there are no RRs with a matching name or one where there are RRs with a matching name but none also have a matching type - I get the expected NXDOMAIN or NOERROR result.
If I run the same query with dnssec then I get a servfail.
With log level 9, and log-dns-details and log-dns-queries on, I get this in the log:
Mar 24 19:35:49 ns pdns[30538]: Remote 184.105.179.144 wants 'foo.blighty.com|A', do = 1, bufsize = 1680: packetcache MISS
Mar 24 19:35:49 ns pdns[30538]: Exception building answer packet (Unknown DNS type '.blighty.com') sending out servfail
I see this with version 3.4.6 and 3.4.8. It looks like someone else had a similar issue here: https://mailman.powerdns.com/pipermail/pdns-users/2015-October/011747.html
It's a new installation, but the data has been around for a few years. There are no custom SQL queries.
There is no record in the database with type '.blighty.com' - all non-null types are expected A, TXT, PTR, etc. There are some records where the type is null, though.
Clearly it's getting garbage from the database, but only when building a dnssec response where there are no matching RRs.
Before I set up a testbed server to work out what's going on, does any of this ring any bells with anyone?
Cheers,
Steve
More information about the Pdns-users
mailing list