[Pdns-users] Resolving Domain

Brian Candler b.candler at pobox.com
Tue Sep 18 06:56:35 UTC 2018 

On 18/09/2018 03:14, Nur Tantio Pratomo wrote:
> i haven't enable logging yet when the error occurs
>
> 202.91.8.101 with nameserver oceanic.te.net.id <http://oceanic.te.net.id>
> 180.214.246.58 with nameserver lloyd.te.net.id <http://lloyd.te.net.id>
>
> i use mysql backend and this is my config
>
> launch=gmysql
> gmysql-host=127.0.0.1
> gmysql-user=powerdns_user
> gmysql-password=xxxxx
> gmysql-dbname=powerdns
> setuid=pdns
> setgid=pdns
> do-ipv6-additional-processing=yes
> local-address=202.91.8.101
> local-ipv6=2402:f080:0:4::101

It's certainly behaving problematically, returning SERVFAIL for these 
domains.  tcpdump shows a UDP exchange followed by two TCP exchanges.

$ dig @202.91.8.101 radininten2-airport.org any
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.8.3-P1 <<>> @202.91.8.101 radininten2-airport.org any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19370
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;radininten2-airport.org.       IN      ANY

;; Query time: 261 msec
;; SERVER: 202.91.8.101#53(202.91.8.101)
;; WHEN: Tue Sep 18 07:22:20 2018
;; MSG SIZE  rcvd: 41

$ dig @180.214.246.58 radininten2-airport.org any
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.8.3-P1 <<>> @180.214.246.58 radininten2-airport.org any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39845
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;radininten2-airport.org.       IN      ANY

;; Query time: 234 msec
;; SERVER: 180.214.246.58#53(180.214.246.58)
;; WHEN: Tue Sep 18 07:22:43 2018
;; MSG SIZE  rcvd: 41

Since this problem is reproducible, I'd suggest your next step is to 
turn on logging in powerdns, and if that doesn't show the problem, 
enable query logging in mysql as well.

Check your schemas (SHOW CREATE TABLE ...), and manually check all your 
records for the affected domain.  Presumably you haven't overridden any 
of the queries. You could try issuing one of the queries manually to see 
what it returns, e.g.

gmysql-basic-query=SELECT content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE disabled=0 and type=? and name=?

Regards,

Brian.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20180918/dcf5aeb9/attachment-0001.html>

More information about the Pdns-users mailing list