[Pdns-users] SERVFAIL on backend failure - is this possible?

[Vytenis A]

Hi Bert,

Thanks for a prompt reply.

This is currently on my local test VM, it's waay past midnight, I can
put it on resolvable domain tomorrow if this isn't helpful. Not sure
how to show you this exactly :)

I'm using latest pDNS, using official repo:

pdns-4.2.1-1pdns.el7.x86_64, CentOS 7.7.1908


Two backends:

# /etc/pdns/pdns.conf:

config-dir=/etc/pdns
setuid=pdns
setgid=pdns
log-dns-details=yes
log-dns-queries=yes
loglevel=6
launch=bind,remote
bind-config=/etc/pdns/bind-files/named.conf
remote-connection-string=http:url=http://invalidhostname:99999


Static bind backend contains one zone, which contains SOA and one 'IN
NS' record only.

http endpoint is serving TXT records exclusively, and all is well if
it's reachable: queries get resolved, nonexistent TXT records get
NXDOMAIN

But if http endpoint is invalidated (as in example above ^) - I get
NXDOMAIN. If I remove bind stuff out of pdns.conf - I get REFUSED,
which is somewhat the same as SERVFAIL afaik.

bind backend is used to keep SOA out of "remote" backend, not 100%
sure it's the best way. We could implement entire zone in http backend
as a last resort.

Thanks again!




On Wed, Feb 26, 2020 at 12:51 AM bert hubert <bert.hubert at powerdns.com> wrote:
>
> On Wed, Feb 26, 2020 at 12:35:21AM +0200, Vytenis A via Pdns-users wrote:
> > While trying to implement authoritative DNS server using "remote"
> > backend, I've stumbled into an issue when HTTP backend is unreachable
> > - PowerDNS is returning NXDOMAIN.
>
> Can you reproduce this for us so we can check? It is not supposed to ever
> happen. Please also let us know which version of PowerDNS you are using.
>
> > What I would like to achieve is return SERVFAIL in case my HTTP
> > endpoint is unavailable. Is this possible? Maybe Lua fallback backend
> > could assist here?
>
> This is what should be happening.
>
>         Bert
>


-- 
Vytenis