[Pdns-users] SERVFAIL on backend failure - is this possible?
Aki Tuomi
cmouse at cmouse.fi
Wed Feb 26 07:23:03 UTC 2020
Hi!
It is not really supported to split domains like this. You need to host
the entire domain in remote backend.
Aki
On 26.2.2020 2.00, Vytenis A via Pdns-users wrote:
> Hi Bert,
>
> Thanks for a prompt reply.
>
> This is currently on my local test VM, it's waay past midnight, I can
> put it on resolvable domain tomorrow if this isn't helpful. Not sure
> how to show you this exactly :)
>
> I'm using latest pDNS, using official repo:
>
> pdns-4.2.1-1pdns.el7.x86_64, CentOS 7.7.1908
>
>
> Two backends:
>
> # /etc/pdns/pdns.conf:
>
> config-dir=/etc/pdns
> setuid=pdns
> setgid=pdns
> log-dns-details=yes
> log-dns-queries=yes
> loglevel=6
> launch=bind,remote
> bind-config=/etc/pdns/bind-files/named.conf
> remote-connection-string=http:url=http://invalidhostname:99999
>
>
> Static bind backend contains one zone, which contains SOA and one 'IN
> NS' record only.
>
> http endpoint is serving TXT records exclusively, and all is well if
> it's reachable: queries get resolved, nonexistent TXT records get
> NXDOMAIN
>
> But if http endpoint is invalidated (as in example above ^) - I get
> NXDOMAIN. If I remove bind stuff out of pdns.conf - I get REFUSED,
> which is somewhat the same as SERVFAIL afaik.
>
> bind backend is used to keep SOA out of "remote" backend, not 100%
> sure it's the best way. We could implement entire zone in http backend
> as a last resort.
>
> Thanks again!
>
>
>
>
> On Wed, Feb 26, 2020 at 12:51 AM bert hubert <bert.hubert at powerdns.com> wrote:
>> On Wed, Feb 26, 2020 at 12:35:21AM +0200, Vytenis A via Pdns-users wrote:
>>> While trying to implement authoritative DNS server using "remote"
>>> backend, I've stumbled into an issue when HTTP backend is unreachable
>>> - PowerDNS is returning NXDOMAIN.
>> Can you reproduce this for us so we can check? It is not supposed to ever
>> happen. Please also let us know which version of PowerDNS you are using.
>>
>>> What I would like to achieve is return SERVFAIL in case my HTTP
>>> endpoint is unavailable. Is this possible? Maybe Lua fallback backend
>>> could assist here?
>> This is what should be happening.
>>
>> Bert
>>
>
More information about the Pdns-users
mailing list