[Pdns-users] PDNS recursive problem - NXDOMAIN - CNAME resolving
Brian Candler
b.candler at pobox.com
Mon Nov 13 09:30:53 UTC 2017
On 13/11/2017 09:05, Mislav | SysAdmin wrote:
> Hi. I've noticed some problems with CNAME resolving on our pdns
> server. Here is the example:
>> $ nslookup mobile-universe.ch ns1.private.ch
>> Server: ns1.private.ch
>> Address: private#53
>>
>> Non-authoritative answer:
>> Name: mobile-universe.ch
>> Address: 18.194.35.161
>>
>> $ nslookup www.mobile-universe.ch ns1.private.ch
>> Server: ns1.private.ch
>> Address: private#53
>>
>> ** server can't find www.mobile-universe.ch: NXDOMAIN
So I'm guessing that "ns1.private.ch" is a made-up name, right? But
this is running pdns-recursor? Which version?
Resolving that name works for me using pdns-recursor 4.0.6-1pdns.xenial
under Ubuntu 16.04:
# dig @192.168.5.53 www.mobile-universe.ch a
; <<>> DiG 9.8.1-P1 <<>> @192.168.5.53 www.mobile-universe.ch a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26749
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.mobile-universe.ch. IN A
;; ANSWER SECTION:
www.mobile-universe.ch. 3600 IN CNAME
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com.
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. 60 IN A
52.58.17.141
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. 60 IN A
52.57.147.203
;; Query time: 504 msec
;; SERVER: 192.168.5.53#53(192.168.5.53)
;; WHEN: Mon Nov 13 09:21:37 2017
;; MSG SIZE rcvd: 142
So something must be different on your side, although I can't think why
you'd get NXDOMAIN rather than SRVFAIL.
I suggest you turn on tracing for the mobile-universe.ch and
eu-central-1.elb.amazonaws.com domains, clear the cache for those
domains, and then do the query again. See:
https://doc.powerdns.com/recursor/running.html#tracing-queries
https://doc.powerdns.com/recursor/running.html#cache-management
You could also tcpdump all the DNS traffic which it sends during that time.
FYI, here is where the authoritative servers are:
$ dig +trace www.mobile-universe.ch. a
...
mobile-universe.ch. 3600 IN NS ns1a.plentymarkets.eu.
mobile-universe.ch. 3600 IN NS ns2a.plentymarkets.eu.
;; Received 94 bytes from 130.59.31.41#53(130.59.31.41) in 115 ms
www.mobile-universe.ch. 3600 IN CNAME
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com.
com. 3600 IN SOA ns1.com. hostmaster.com. 3 86400
10800 3600000 172800
;; Received 161 bytes from 185.61.8.110#53(185.61.8.110) in 31 ms
$ dig +trace elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. a
...
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. 60 IN A
52.58.17.141
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. 60 IN A
52.57.147.203
eu-central-1.elb.amazonaws.com. 1800 IN NS ns-1326.awsdns-37.org.
eu-central-1.elb.amazonaws.com. 1800 IN NS ns-1689.awsdns-19.co.uk.
eu-central-1.elb.amazonaws.com. 1800 IN NS ns-417.awsdns-52.com.
eu-central-1.elb.amazonaws.com. 1800 IN NS ns-613.awsdns-12.net.
And all four AWS nameservers agree on the results: none is giving NXDOMAIN.
# for i in ns-1326.awsdns-37.org. ns-1689.awsdns-19.co.uk.
ns-417.awsdns-52.com. ns-613.awsdns-12.net.; do echo "=== $i ==="; dig
+short @$i elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. a; done
=== ns-1326.awsdns-37.org. ===
52.58.17.141
52.57.147.203
=== ns-1689.awsdns-19.co.uk. ===
52.57.147.203
52.58.17.141
=== ns-417.awsdns-52.com. ===
52.57.147.203
52.58.17.141
=== ns-613.awsdns-12.net. ===
52.58.17.141
52.57.147.203
Regards,
Brian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20171113/6c0949cf/attachment.html>
More information about the Pdns-users
mailing list