[Pdns-users] pdns-recursor 3.7.4 on Redhat Linux always returns SERVFAIL for AAAA lookups

David opendak at shaw.ca
Wed Aug 16 16:29:08 UTC 2017 

On 2017-08-16 10:15 AM, Brian Candler wrote:
> On 16/08/2017 17:11, Kenneth Marshall wrote:
>> I am investigating a caching problem and the cause is that
>> the 3.7.4 recursor returns a SERVFAIL error for a AAAA lookup.
>> The AAAA record does not exist, but an A record does.
>
> It seems from your lua script that you are having problems with one
> particular domain, not all domains.  Can you share what that domain is?
> Is it possible that the authoritative server for that domain is not
> correctly responding to AAAA queries?

This can happen if you get a server that gets flagged as lame, which for 
AAAA records means either aa=0, and (I think) no data response at all 
(no SOA, etc). Lots of load balancers are bad for this, and you'll also 
have these issues with using forward-zones on that version as well.

We had some sensitive clients to servfail's in this version too, and we 
did a postresolve to just... make them look correct (internal junk only).

This example is almost exactly the same as some you'll find from years 
ago for fixing responses from outlook.com




fixupshosts = {}
function addToSet(set, key)
      set[key] = true
end

function removeFromSet(set, key)
       set[key] = nil
end

function setContains(set, key)
          return set[key] ~= nil
end


addToSet(fixupshosts, "10.10.10.10");

-- records contains the entire packet, ready for your modifying pleasure
function postresolve ( remoteip, domain, qtype, records, origrcode )
--      print ("postresolve called for: ", remoteip, getlocaladdress(),
-- domain, qtype, origrcode, pdns.loglevels.Info)

         if(qtype== pdns.AAAA and origrcode==pdns.SERVFAIL and 
setContains(fixupshosts, remoteip))
          then
                  setvariable()
                  origrcode=0;
          end
          return origrcode, records
end


>
> Or, can you replicate this problem with all third-party domain names
> which have A but not AAAA records?
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list