[Pdns-users] Dig: zone queries are not answered without the ANY flag

Pieter Lexis pieter.lexis at powerdns.com
Thu Dec 14 15:23:46 UTC 2017

Hi Nikolaos,

On Wed, 13 Dec 2017 19:17:59 +0200
Nikolaos Milas <nmilas at admin.noa.gr> wrote:

> I list the details you requested below.
> I have also included our reverse zones. As you can see, they all appear 
> as not having NS records!
> As we have not changed our setup at all for years, and we have not had 
> any such (or other) problems during all these years, I tend to suspect 
> some LDAP backend -related bug, introduced in some recent version.
> Finally, for your reference, I am including the LDAP DIT (tree) down to 
> the noa.gr SOA entry.
> I am available to provide any other info you may require to troubleshoot 
> the issue.
> Please advise.
> [.....]

It looks like you are using the authoritative server as a recursor for selected clients.
This never works the way it is expected (or should).

This is the reason this functionality is removed from the Authoritative Server 4.1.
To keep this kind of set up, we have written a migration guide[1] that covers your use case as well.
Note that you can keep running your current versions without having to upgrade to 4.1 (but is highly recommended).

Unfortunately, the only real way to fix this issue is to do this migration or move your clients to a full recursor (seperating the auth services from the recursor).

I hope this helps,

Best regards,


1 - https://doc.powerdns.com/authoritative/guides/recursion.html#scenario-2-authoritative-server-as-recursor-for-clients-and-serving-public-domains

Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com

More information about the Pdns-users mailing list