[Pdns-users] Dig: zone queries are not answered without the ANY flag

Nikolaos Milas nmilas at admin.noa.gr
Wed Dec 13 17:17:59 UTC 2017 

On 13/12/2017 10:53 πμ, Pieter Lexis wrote:

> ...
> How is your set up? Please share your pdns.conf and recursor.conf.
>
> Also, can you show the output of `pdnsutil check-zone noa.gr`?
> ...

Hi Pieter,

Thank you for your reply.

I list the details you requested below.

I have also included our reverse zones. As you can see, they all appear 
as not having NS records!

As we have not changed our setup at all for years, and we have not had 
any such (or other) problems during all these years, I tend to suspect 
some LDAP backend -related bug, introduced in some recent version.

Finally, for your reference, I am including the LDAP DIT (tree) down to 
the noa.gr SOA entry.

I am available to provide any other info you may require to troubleshoot 
the issue.

Please advise.

---------------------------------------------------------------------------------------

[root at vdns ~]# cat /etc/pdns/pdns.conf
setuid=pdns
setgid=pdns
allow-recursion=0.0.0.0/0, ::/0
webserver=yes
webserver-address=194.177.195.162
webserver-password=xxxxxxxxxxxx
webserver-port=8081
webserver-print-arguments=no

launch=ldap:bkend1,bind:bkend2

bind-bkend2-config=/etc/pdns/bind/named.conf
bind-bkend2-check-interval=600

ldap-bkend1-host=localhost
ldap-bkend1-basedn=ou=dns,dc=noa,dc=gr
ldap-bkend1-binddn=uid=dnsauth,ou=system,dc=noa,dc=gr
ldap-bkend1-secret=xxxxxxxxxxxxxxx
ldap-bkend1-method=simple
default-ttl=86400
local-address=127.0.0.1 194.177.195.162
do-ipv6-additional-processing=yes
local-ipv6=::1 2001:648:2011:15::162
local-port=53

allow-axfr-ips=192.168.0.0/16, 195.251.202.0/23, 195.251.204.0/24, \
  194.177.194.0/24, 194.177.195.0/24, 10.0.0.0/8, 194.177.210.211, \
   194.177.210.10, 83.212.5.18, 83.212.5.22, 2001:648:2011::/48, \
   2001:648:2ffc:111::2, 2001:648:2ffc:112::2, 127.0.0.1, ::1

allow-recursion=127.0.0.1, ::1, 192.168.0.0/16, 195.251.202.0/23, 
195.251.204.0/24, \
  194.177.194.0/24, 194.177.195.0/24, 10.0.0.0/8, 83.212.5.18, \
  83.212.5.22, 194.177.210.210, 194.177.194.99, 2001:648:2011::/48

logging-facility=0
loglevel=5
cache-ttl=0
log-dns-details=off

recursor=127.0.0.1:5300

---------------------------------------------------------------------------------------

[root at vdns ~]# cat /etc/pdns-recursor/recursor.conf
setuid=pdns-recursor
setgid=pdns-recursor

local-address=127.0.0.1,194.177.195.162,[::1],[2001:648:2011:15::162]
allow-from=0.0.0.0/0,::/0
query-local-address6=2001:648:2011:15::162
local-port=5300
quiet=yes
logging-facility=0
log-common-errors=off

max-cache-entries=0
max-negative-ttl=3600

---------------------------------------------------------------------------------------

[root at vdns ~]# pdnsutil check-zone noa.gr
Dec 13 19:00:27 Reading random entropy from '/dev/urandom'
Dec 13 19:00:27 [LdapBackend] Ldap connection succeeded
Dec 13 19:00:27 [LdapBackend] Ldap connection succeeded
Dec 13 19:00:27 [bind-bkend2backend] Parsing 1 domain(s), will report 
when done
Dec 13 19:00:27 [bind-bkend2backend] Done parsing domains, 0 rejected, 1 
new, 0 removed
[Error] No NS record at zone apex in zone 'noa.gr'
Checked 1 records of 'noa.gr', 1 errors, 0 warnings.
[root at vdns ~]#
[root at vdns ~]# pdnsutil check-zone 203.251.195.in-addr.arpa
Dec 13 19:01:20 Reading random entropy from '/dev/urandom'
Dec 13 19:01:20 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:20 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:20 [bind-bkend2backend] Parsing 1 domain(s), will report 
when done
Dec 13 19:01:20 [bind-bkend2backend] Done parsing domains, 0 rejected, 1 
new, 0 removed
[Error] No NS record at zone apex in zone '203.251.195.in-addr.arpa'
Checked 1 records of '203.251.195.in-addr.arpa', 1 errors, 0 warnings.
[root at vdns ~]#
[root at vdns ~]# pdnsutil check-zone 204.251.195.in-addr.arpa
Dec 13 19:01:33 Reading random entropy from '/dev/urandom'
Dec 13 19:01:33 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:33 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:33 [bind-bkend2backend] Parsing 1 domain(s), will report 
when done
Dec 13 19:01:33 [bind-bkend2backend] Done parsing domains, 0 rejected, 1 
new, 0 removed
[Error] No NS record at zone apex in zone '204.251.195.in-addr.arpa'
Checked 1 records of '204.251.195.in-addr.arpa', 1 errors, 0 warnings.
[root at vdns ~]#
[root at vdns ~]# pdnsutil check-zone 202.251.195.in-addr.arpa
Dec 13 19:01:39 Reading random entropy from '/dev/urandom'
Dec 13 19:01:39 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:39 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:39 [bind-bkend2backend] Parsing 1 domain(s), will report 
when done
Dec 13 19:01:39 [bind-bkend2backend] Done parsing domains, 0 rejected, 1 
new, 0 removed
[Error] No NS record at zone apex in zone '202.251.195.in-addr.arpa'
Checked 1 records of '202.251.195.in-addr.arpa', 1 errors, 0 warnings.
[root at vdns ~]#
[root at vdns ~]# pdnsutil check-zone 194.177.194.in-addr.arpa
Dec 13 19:01:59 Reading random entropy from '/dev/urandom'
Dec 13 19:01:59 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:59 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:59 [bind-bkend2backend] Parsing 1 domain(s), will report 
when done
Dec 13 19:01:59 [bind-bkend2backend] Done parsing domains, 0 rejected, 1 
new, 0 removed
[Error] No NS record at zone apex in zone '194.177.194.in-addr.arpa'
Checked 1 records of '194.177.194.in-addr.arpa', 1 errors, 0 warnings.
[root at vdns ~]#
[root at vdns ~]# pdnsutil check-zone 195.177.194.in-addr.arpa
Dec 13 19:02:06 Reading random entropy from '/dev/urandom'
Dec 13 19:02:06 [LdapBackend] Ldap connection succeeded
Dec 13 19:02:06 [LdapBackend] Ldap connection succeeded
Dec 13 19:02:06 [bind-bkend2backend] Parsing 1 domain(s), will report 
when done
Dec 13 19:02:06 [bind-bkend2backend] Done parsing domains, 0 rejected, 1 
new, 0 removed
[Error] No NS record at zone apex in zone '195.177.194.in-addr.arpa'
Checked 1 records of '195.177.194.in-addr.arpa', 1 errors, 0 warnings.

---------------------------------------------------------------------------------------

dn: dc=noa,dc=gr
dc: noa
description: National Observatory of Athens
objectClass: dcObject
objectClass: organization
o: NOA
o;lang-el:: zpXOkc6R
o;lang-en: NOA

dn: ou=dns,dc=noa,dc=gr
objectClass: top
objectClass: organizationalUnit
ou: dns

dn: dc=noa.gr,ou=dns,dc=noa,dc=gr
objectClass: dNSDomain2
objectClass: domainRelatedObject
dc: noa.gr
associatedDomain: noa.gr
nSRecord: vdns.noa.gr
nSRecord: dns2.noa.gr
nSRecord: sns0.grnet.gr
nSRecord: sns1.grnet.gr
mXRecord: 20 mailgw1.noa.gr
mXRecord: 10 mailgw3.noa.gr
tXTRecord: "MS=ms14959969"
sOARecord: vdns.noa.gr sysadmin at noa.gr 2017120501 7200 180 1209600 3600

---------------------------------------------------------------------------------------

Thanks,
Nick

More information about the Pdns-users mailing list