[Pdns-users] pdns-recursor 3.7.4 on Redhat Linux always returns SERVFAIL for AAAA lookups

Kenneth Marshall ktm at rice.edu
Wed Aug 16 20:05:11 UTC 2017 

On Wed, Aug 16, 2017 at 05:15:41PM +0100, Brian Candler wrote:
> On 16/08/2017 17:11, Kenneth Marshall wrote:
> >I am investigating a caching problem and the cause is that
> >the 3.7.4 recursor returns a SERVFAIL error for a AAAA lookup.
> >The AAAA record does not exist, but an A record does.
> 
> It seems from your lua script that you are having problems with one
> particular domain, not all domains.  Can you share what that domain
> is?  Is it possible that the authoritative server for that domain is
> not correctly responding to AAAA queries?
> 
> Or, can you replicate this problem with all third-party domain names
> which have A but not AAAA records?
> 
Hi,

Here is what dig says to the nameserver:

dig -t AAAA file-open.rice.edu @open-ssip.rice.edu

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> -t AAAA file-open.rice.edu @open-ssip.rice.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7867
;; flags: qr aa ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;file-open.rice.edu.		IN	AAAA

;; AUTHORITY SECTION:
file-open.rice.edu.	3600	IN	NS	open-ssip.rice.edu.

;; ADDITIONAL SECTION:
open-ssip.rice.edu.	3600	IN	A	10.130.96.5

;; Query time: 1 msec
;; SERVER: 10.130.96.5#53(10.130.96.5)
;; WHEN: Wed Aug 16 14:58:56 CDT 2017
;; MSG SIZE  rcvd: 102


And here is the result from the recursor:

dig -t AAAA file-open.rice.edu @localhost

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> -t AAAA file-open.rice.edu @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45440
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;file-open.rice.edu.		IN	AAAA

;; AUTHORITY SECTION:
rice.edu.		3600	IN	SOA	ns1.rice.edu. hostmaster.rice.edu. 2017169724 14400 3600 1200000 3600

;; Query time: 49 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Aug 16 15:01:45 CDT 2017
;; MSG SIZE  rcvd: 87

I have the following in the recursor.conf:

forward-zones=+file-open.rice.edu=10.130.96.5

The NXDOMAIN error is cached on the client so it blocks any attempt to
lookup the A record, which does exist. Returning the empty result caches
the fact that the AAAA does not exist but there are other records.

Regards,
Ken

More information about the Pdns-users mailing list