[Pdns-users] Dig: zone queries are not answered without the ANY flag

Nikolaos Milas nmilas at admin.noa.gr
Thu Dec 14 20:11:52 UTC 2017 

On 14/12/2017 5:23 μμ, Pieter Lexis wrote:

> It looks like you are using the authoritative server as a recursor for 
> selected clients. This never works the way it is expected (or should).

Hi Pieter,

Actually, we don't need recursion any more. (It's been left over from 
the past.)

So, I tried disabling recursion entirely and running the Authoritative 
Server alone.

However, the problem persists:

    [root at vdns pdns]# pdnsutil check-zone noa.gr
    Dec 14 21:55:26 Reading random entropy from '/dev/urandom'
    Dec 14 21:55:26 [LdapBackend] Ldap connection succeeded
    Dec 14 21:55:26 [LdapBackend] Ldap connection succeeded
    Dec 14 21:55:26 [bind-bkend2backend] Parsing 1 domain(s), will
    report when done
    Dec 14 21:55:26 [bind-bkend2backend] Done parsing domains, 0
    rejected, 1 new, 0 removed
    [Error] No NS record at zone apex in zone 'noa.gr'
    Checked 1 records of 'noa.gr', 1 errors, 0 warnings.

Am I doing something wrong? What is the cause of the problem now?

As a side note, can you please explain why running the dig query using 
the ANY keyword provides full results, while otherwise it does not?

Here is the current (new) setup:

    [root at vdns pdns]# cat /etc/pdns/pdns.conf
    setuid=pdns
    setgid=pdns

    webserver=yes
    webserver-address=194.177.195.162
    webserver-password=xxxxxxxxxxxx
    webserver-port=8081
    webserver-print-arguments=no
    launch=ldap:bkend1,bind:bkend2

    bind-bkend2-config=/etc/pdns/bind/named.conf
    bind-bkend2-check-interval=600

    ldap-bkend1-host=localhost
    ldap-bkend1-basedn=ou=dns,dc=noa,dc=gr
    ldap-bkend1-binddn=uid=dnsauth,ou=system,dc=noa,dc=gr
    ldap-bkend1-secret=xxxxxxxxxxxxx
    ldap-bkend1-method=simple
    default-ttl=86400
    local-address=127.0.0.1 194.177.195.162
    do-ipv6-additional-processing=yes
    local-ipv6=::1 2001:648:2011:15::162
    local-port=53

    allow-axfr-ips=192.168.0.0/16, 195.251.202.0/23, 195.251.204.0/24, \
       194.177.194.0/24, 194.177.195.0/24, 10.0.0.0/8, 194.177.210.211, \
       194.177.210.10, 83.212.5.18, 83.212.5.22, 2001:648:2011::/48, \
       2001:648:2ffc:111::2, 2001:648:2ffc:112::2, 127.0.0.1, ::1

    logging-facility=0
    loglevel=5
    cache-ttl=0
    log-dns-details=off

Nick

More information about the Pdns-users mailing list