[Pdns-users] PDNS recursive problem - NXDOMAIN - CNAME resolving

Brian Candler b.candler at pobox.com
Mon Nov 13 09:30:53 UTC 2017


On 13/11/2017 09:05, Mislav | SysAdmin wrote:
> Hi. I've noticed some problems with CNAME resolving on our pdns 
> server. Here is the example:
>> $ nslookup mobile-universe.ch ns1.private.ch
>> Server:        ns1.private.ch
>> Address:    private#53
>>
>> Non-authoritative answer:
>> Name:    mobile-universe.ch
>> Address: 18.194.35.161
>>
>> $ nslookup www.mobile-universe.ch ns1.private.ch
>> Server:        ns1.private.ch
>> Address:    private#53
>>
>> ** server can't find www.mobile-universe.ch: NXDOMAIN 

So I'm guessing that "ns1.private.ch" is a made-up name, right?  But 
this is running pdns-recursor?  Which version?

Resolving that name works for me using pdns-recursor 4.0.6-1pdns.xenial 
under Ubuntu 16.04:

# dig @192.168.5.53 www.mobile-universe.ch a

; <<>> DiG 9.8.1-P1 <<>> @192.168.5.53 www.mobile-universe.ch a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26749
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.mobile-universe.ch.        IN    A

;; ANSWER SECTION:
www.mobile-universe.ch.    3600    IN    CNAME 
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com.
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. 60 IN    A 
52.58.17.141
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. 60 IN    A 
52.57.147.203

;; Query time: 504 msec
;; SERVER: 192.168.5.53#53(192.168.5.53)
;; WHEN: Mon Nov 13 09:21:37 2017
;; MSG SIZE  rcvd: 142


So something must be different on your side, although I can't think why 
you'd get NXDOMAIN rather than SRVFAIL.

I suggest you turn on tracing for the mobile-universe.ch and 
eu-central-1.elb.amazonaws.com domains, clear the cache for those 
domains, and then do the query again. See:

https://doc.powerdns.com/recursor/running.html#tracing-queries
https://doc.powerdns.com/recursor/running.html#cache-management

You could also tcpdump all the DNS traffic which it sends during that time.

FYI, here is where the authoritative servers are:

$ dig +trace www.mobile-universe.ch. a

...

mobile-universe.ch.    3600    IN    NS ns1a.plentymarkets.eu.
mobile-universe.ch.    3600    IN    NS ns2a.plentymarkets.eu.
;; Received 94 bytes from 130.59.31.41#53(130.59.31.41) in 115 ms

www.mobile-universe.ch.    3600    IN    CNAME 
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com.
com.            3600    IN    SOA    ns1.com. hostmaster.com. 3 86400 
10800 3600000 172800
;; Received 161 bytes from 185.61.8.110#53(185.61.8.110) in 31 ms


$ dig +trace elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. a

...

elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. 60 IN    A 
52.58.17.141
elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. 60 IN    A 
52.57.147.203
eu-central-1.elb.amazonaws.com.    1800 IN    NS ns-1326.awsdns-37.org.
eu-central-1.elb.amazonaws.com.    1800 IN    NS ns-1689.awsdns-19.co.uk.
eu-central-1.elb.amazonaws.com.    1800 IN    NS ns-417.awsdns-52.com.
eu-central-1.elb.amazonaws.com.    1800 IN    NS ns-613.awsdns-12.net.

And all four AWS nameservers agree on the results: none is giving NXDOMAIN.

# for i in ns-1326.awsdns-37.org. ns-1689.awsdns-19.co.uk. 
ns-417.awsdns-52.com. ns-613.awsdns-12.net.; do echo "=== $i ==="; dig 
+short @$i elb-front-92-10-617833872.eu-central-1.elb.amazonaws.com. a; done
=== ns-1326.awsdns-37.org. ===
52.58.17.141
52.57.147.203
=== ns-1689.awsdns-19.co.uk. ===
52.57.147.203
52.58.17.141
=== ns-417.awsdns-52.com. ===
52.57.147.203
52.58.17.141
=== ns-613.awsdns-12.net. ===
52.58.17.141
52.57.147.203

Regards,

Brian.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20171113/6c0949cf/attachment.html>


More information about the Pdns-users mailing list