[Pdns-users] pdns-recursor 3.7.4 on Redhat Linux always returns SERVFAIL for AAAA lookups

David opendak at shaw.ca
Wed Aug 16 16:35:00 UTC 2017 

On 2017-08-16 10:29 AM, David wrote:
> On 2017-08-16 10:15 AM, Brian Candler wrote:
>> On 16/08/2017 17:11, Kenneth Marshall wrote:
>>> I am investigating a caching problem and the cause is that
>>> the 3.7.4 recursor returns a SERVFAIL error for a AAAA lookup.
>>> The AAAA record does not exist, but an A record does.
>>
>> It seems from your lua script that you are having problems with one
>> particular domain, not all domains.  Can you share what that domain is?
>> Is it possible that the authoritative server for that domain is not
>> correctly responding to AAAA queries?
>
> This can happen if you get a server that gets flagged as lame, which for
> AAAA records means either aa=0, and (I think) no data response at all
> (no SOA, etc). Lots of load balancers are bad for this, and you'll also
> have these issues with using forward-zones on that version as well.
>
> We had some sensitive clients to servfail's in this version too, and we
> did a postresolve to just... make them look correct (internal junk only).
>
> This example is almost exactly the same as some you'll find from years
> ago for fixing responses from outlook.com
>
>

Reference: 
https://mailman.powerdns.com/pipermail/pdns-announce/2014-December/000717.html

which includes the original script that does it based on domain name 
(not request IP like I have below).

>
>
> fixupshosts = {}
> function addToSet(set, key)
>      set[key] = true
> end
>
> function removeFromSet(set, key)
>       set[key] = nil
> end
>
> function setContains(set, key)
>          return set[key] ~= nil
> end
>
>
> addToSet(fixupshosts, "10.10.10.10");
>
> -- records contains the entire packet, ready for your modifying pleasure
> function postresolve ( remoteip, domain, qtype, records, origrcode )
> --      print ("postresolve called for: ", remoteip, getlocaladdress(),
> -- domain, qtype, origrcode, pdns.loglevels.Info)
>
>         if(qtype== pdns.AAAA and origrcode==pdns.SERVFAIL and
> setContains(fixupshosts, remoteip))
>          then
>                  setvariable()
>                  origrcode=0;
>          end
>          return origrcode, records
> end
>
>
>>
>> Or, can you replicate this problem with all third-party domain names
>> which have A but not AAAA records?
>>
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list