[Pdns-users] Fwd: pdns authoritative SERVERFAIL

Federico Olivieri lvrfrc87 at gmail.com
Wed Feb 15 15:17:56 UTC 2017


Hi everybody,

I have started to look into PDNS Authoritative and i have manage to install
it with MYSQL support.
My actual set-up is the following

dnsdist:53 --> authoritative:5353 --> recursor:5300

As you can imagine, dnsdist is the fronted that handles the queries to the
authoritative and, in case of recursion required the query is handled to
recursor.

So, let's forget for a second about the front-end balance and be focused on
authoritative. I have few test records created on MYSQL and pdns
authoritative and recursor running. The authoritative looks like is
connected to mysql and the authoritative is allowed to do recursion

However if I dig the authoritative for the record created into mysql, as
well as for a recursive query, I get SERVFAIL. If i query the recursor
directly everything is fine

Any idea why? If this set-up is gonna work I am gonna have a lot for pdns
installation in the coming month :)

Please, be aware, I am just a poor network engineer with crappy sysadmin
skills, so please have mercy of me!

Thanks for your time

Federico


*mysql> SHOW TABLES;*
*+--------------------+*
*| Tables_in_powerdns |*
*+--------------------+*
*| domains            |*
*| migrations         |*
*| perm_items         |*
*| perm_templ         |*
*| perm_templ_items   |*
*| records            |*
*| records_zone_templ |*
*| supermasters       |*
*| users              |*
*| zone_templ         |*
*| zone_templ_records |*
*| zones              |*
*+--------------------+*
*12 rows in set (0.00 sec)*

*mysql> select * from records;*
*+----+-----------+-----------------------+------+--------------------------------------+-------+------+-------------+*
*| id | domain_id | name                  | type | content
             | ttl   | prio | change_date |*
*+----+-----------+-----------------------+------+--------------------------------------+-------+------+-------------+*
*|  1 |         1 | example.com <http://example.com>           | SOA  |
2017021507 <(201)%20702-1507> 28800 7200 604800 86400 | 86400 |    0 |
 1487169093 |*
*|  2 |         1 | example.com <http://example.com>           | NS   |
ns1.example.com <http://ns1.example.com>                      | 86400 |
 0 |  1487169202 |*
*|  3 |         1 | example.com <http://example.com>           | NS   |
ns2.example.com <http://ns2.example.com>                      | 86400 |
 0 |  1487169292 |*
*|  4 |         1 | www.example.com <http://www.example.com>       | A    |
1.2.3.4                              | 86400 |    0 |  1487169355 |*
*|  5 |         1 | example.com <http://example.com>           | MX   |
mail.example.com <http://mail.example.com>                     | 86400 |
10 |  1487169386 |*
*|  6 |         1 | localhost.example.com <http://localhost.example.com> |
A    | 127.0.0.1                            | 86400 |    0 |  1487169399 |*
*|  7 |         1 | mail.example.com <http://mail.example.com>      | A
 | 1.2.3.4                              | 86400 |    0 |  1487169412 |*
*|  8 |         1 | example.com <http://example.com>           | A    |
1.2.3.4                              | 86400 |    0 |  1487169448 |*
*|  9 |         2 | in-addr.arpa          | SOA  |   2017021501
<(201)%20702-1501> 28800 7200 604800 86400 | 86400 |    0 |  1487169517 |*
*| 10 |         2 | 4.3.2.1.in-addr.arpa  | PTR  | server1.example.com
<http://server1.example.com>                  | 86400 |    0 |  1487169570
|*
*+----+-----------+-----------------------+------+--------------------------------------+-------+------+-------------+*
*10 rows in set (0.00 sec)*

*mysql> \q*
############################################################
##################
*udp        0      0 192.168.1.11:5300 <http://192.168.1.11:5300>
0.0.0.0:*                           5563/pdns_recursor*
*udp        0      0 192.168.1.11:5353 <http://192.168.1.11:5353>
0.0.0.0:*                           5756/pdns_server*
*##############################################################################*
*Feb 15 14:57:19 UKLNDLABDMZ pdns_server[5756]: Feb 15 14:57:19 Using
64-bits mode. Built using gcc 4.9.2 on Jan 17 2017 09:06:50 by
root at 29066efb5693.*
*Feb 15 14:57:19 UKLNDLABDMZ pdns_server[5756]: Feb 15 14:57:19 PowerDNS
comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it according to the terms of...GPL version 2.*
*Feb 15 14:57:19 UKLNDLABDMZ pdns_server[5756]: Feb 15 14:57:19 DNS Proxy
launched, local port 22717, remote 192.168.1.11:5300
<http://192.168.1.11:5300>*
*Feb 15 14:57:19 UKLNDLABDMZ pdns_server[5756]: Feb 15 14:57:19 Polled
security status of version 4.0.3 at startup, no known issues reported: OK*
*Feb 15 14:57:19 UKLNDLABDMZ pdns_server[5756]: Feb 15 14:57:19 Creating
backend connection for TCP*
*Feb 15 14:57:19 UKLNDLABDMZ pdns_server[5756]: Feb 15 14:57:19
[bindbackend] Parsing 0 domain(s), will report when done*
*Feb 15 14:57:19 UKLNDLABDMZ pdns_server[5756]: Feb 15 14:57:19
[bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed*
*Feb 15 14:57:19 UKLNDLABDMZ pdns_server[5756]: Feb 15 14:57:19 About to
create 3 backend threads for UDP*
*Feb 15 14:57:19 UKLNDLABDMZ systemd[1]: Started PowerDNS Authoritative
Server.*
*Feb 15 14:57:19 UKLNDLABDMZ pdns_server[5756]: Feb 15 14:57:19 Done
launching threads, ready to distribute questio*
*###########################################################################*









*root at UKLNDLABDMZ:~ # cat /etc/powerdns/pdns.conf | grep recurs#
allow-recursion List of subnets that are allowed to
recurseallow-recursion=0.0.0.0/0 <http://0.0.0.0/0># recursive-cache-ttl
Seconds to store packets for recursive queries in the PacketCache#
recursive-cache-ttl=10# recursor If recursion is desired, IP address of a
recursing nameserverrecursor=192.168.1.11:5300
<http://192.168.1.11:5300>###########################################################################root at UKLNDLABDMZ:~
# dig @192.168.1.11 <http://192.168.1.11> -p 5300 www.google.com
<http://www.google.com>; <<>> DiG 9.9.5-9+deb8u9-Debian <<>> @192.168.1.11
<http://192.168.1.11> -p 5300 www.google.com <http://www.google.com>; (1
server found);; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode:
QUERY, status: NOERROR, id: 30877;; flags: qr rd ra; QUERY: 1, ANSWER: 1,
AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:;
udp: 4096;; QUESTION SECTION:;www.google.com <http://www.google.com>. IN
A;; ANSWER SECTION:www.google.com <http://www.google.com>. 300 IN A
216.58.211.164;; Query time: 16 msec;; SERVER:
192.168.1.11#5300(192.168.1.11);; WHEN: Wed Feb 15 15:14:41 GMT 2017;; MSG
SIZE  rcvd: 59root at UKLNDLABDMZ:~ # dig @192.168.1.11 <http://192.168.1.11>
-p 5353 www.example.com <http://www.example.com>; <<>> DiG
9.9.5-9+deb8u9-Debian <<>> @192.168.1.11 <http://192.168.1.11> -p 5353
www.example.com <http://www.example.com>; (1 server found);; global
options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL,
id: 14867;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL:
1;; WARNING: recursion requested but not available;; OPT PSEUDOSECTION:;
EDNS: version: 0, flags:; udp: 1680;; QUESTION SECTION:;www.example.com
<http://www.example.com>. IN A;; Query time: 3 msec;; SERVER:
192.168.1.11#5353(192.168.1.11);; WHEN: Wed Feb 15 15:14:51 GMT 2017;; MSG
SIZE  rcvd: 44*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20170215/5901b597/attachment.html>


More information about the Pdns-users mailing list