[Pdns-users] PowerDNS and CNAMEs

Rune Sørensen rune at falcon.io
Fri Jul 21 17:07:03 UTC 2017 

I'm running pdns-server, as you guessed. I only enabled recursion, because
nslook complained when I hadn't enabled it.
Would it be better to try to set up a recursor in front of pdns-server, and
then disable recursion on the server?

On Fri, 21 Jul 2017 at 16:48, Brian Candler <b.candler at pobox.com> wrote:

> On 21/07/2017 15:21, Rune Sørensen wrote:
> > OK, dig outputs using the actual domain.
> The server 10.255.0.3 that you are running dig against: is it running
> pdns-server (the authoritative server), or pdns-recursor?
>
> If it's pdns-server, then I would not expect it to return any results
> for a domain other than those it's authoritative for. That's unless you
> have set the "recursor" option - have you done so?
>
> https://doc.powerdns.com/md/authoritative/recursion/
>
> If it's pdns-recursor, then it should always send queries to the
> authoritative nameservers listed in NS records for the domains in
> question (i.e. cloudflare in this case), unless you have configured
> forward-zones.
>
> It seems to me that you are running the authoritative server.  The only
> oddball I can see is your case 3. Something, somewhere, is doing a
> recursive lookup to get the A records for bbc.co.uk.
>
> I don't think it's cloudflare:
>
> $ dig @alan.ns.cloudflare.com. test3.flcn.io. cname
>
> ; <<>> DiG 9.8.3-P1 <<>> @alan.ns.cloudflare.com. test3.flcn.io. cname
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10682
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;test3.flcn.io.            IN    CNAME
>
> ;; ANSWER SECTION:
> test3.flcn.io.        300    IN    CNAME    bbc.co.uk.
>
> ;; Query time: 29 msec
> ;; SERVER: 2400:cb00:2049:1::adf5:3b39#53(2400:cb00:2049:1::adf5:3b39)
> ;; WHEN: Fri Jul 21 15:41:16 2017
> ;; MSG SIZE  rcvd: 54
>
> $ dig @alan.ns.cloudflare.com. test3.flcn.io. a
>
> ; <<>> DiG 9.8.3-P1 <<>> @alan.ns.cloudflare.com. test3.flcn.io. a
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21446
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;test3.flcn.io.            IN    A
>
> ;; ANSWER SECTION:
> test3.flcn.io.        300    IN    CNAME    bbc.co.uk.
>
> ;; Query time: 26 msec
> ;; SERVER: 2400:cb00:2049:1::adf5:3b39#53(2400:cb00:2049:1::adf5:3b39)
> ;; WHEN: Fri Jul 21 15:41:19 2017
> ;; MSG SIZE  rcvd: 54
>
> So presumably it is at your side.  If you have recursion enabled in
> pdns-server, then I think you should move away from it - it has been
> removed in pdns-server 4.1.0 anyway.
>
> Regards,
>
> Brian.
>
-- 
*Rune Tor Sørensen*
Site Reliability Engineer
+45 3172 2097 <javascript:void(0);>
LinkedIn <https://www.linkedin.com/in/runets> Twitter
<https://twitter.com/Areian>
*Copenhagen*
Falcon.io Aps
H.C. Andersens Blvd. 27
1553 Copenhagen
CVR no.: 33362226
[image: Falcon.io]
<https://www.falcon.io/?utm_source=Employee%20emails&utm_medium=email&utm_content=Rune%20Tor%20S%C3%B8rensen&utm_campaign=Mail%20signature>
Meet Your Customers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20170721/7d33c998/attachment.html>

More information about the Pdns-users mailing list