[Pdns-users] recursor is giving conflicting results for /etc/hosts entries

Mike mike+lists at yourtownonline.com
Sat Jan 4 11:16:36 UTC 2020 

Hello,

    I have powerdns recursor  4.2.1 under ubuntu 16/lts, from the
powerdns repo.

    I am trying to override some dns names and thought I would try
exporting /etc/hosts in order to manufacture certain names in my
resolver for the benefit of certain clients that need these. The first
query for the manufactured name succeeds, but subsequent queries attempt
to resolve in the normal way ignoring the entry from /etc/hosts.

    1) I have the entries in /etc/hosts such as '172.16.1.1
manufactured.example.com'

    2  I have 'export-etc-hosts=on' in my config

# Powerdns 4.2 config file for host rslvall-sub-a

allow-from-file=/etc/powerdns/allowed-query-networks
dont-query=
local-address=<snip>
local-port=53
max-negative-ttl=300
query-local-address=<snip>
query-local-address6=<snip>
quiet=yes
serve-rfc1918=yes
server-id=rslvall-sub-a
setgid=pdns
setuid=pdns
dnssec=validate
reuseport=yes
threads=2
export-etc-hosts=on

    3) In syslog I can clearly see 'Inserting forward zone
'manufactured.example.com' based on hosts file


    After restarting pdns-recursor, three back to back dig outputs, the
first of which works:

dig -t a manufactured.example.com @w.x.y.z

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> -t a manufactured.example.com
@w.x.y.z
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23159
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;manufactured.example.com.      IN      A

;; ANSWER SECTION:
manufactured.example.com. 86400 IN      A       172.16.1.1

;; Query time: 82 msec
;; SERVER: w.x.y.z#53(w.x.y.z)
;; WHEN: Sat Jan 04 03:06:21 PST 2020
;; MSG SIZE  rcvd: 69

mike at et:~$ dig -t a manufactured.example.com @w.x.y.z

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> -t a manufactured.example.com
@w.x.y.z
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61484
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;manufactured.example.com.      IN      A

;; AUTHORITY SECTION:
example.com.            298     IN      SOA     ns.icann.org.
noc.dns.icann.org. 2019121308 7200 3600 1209600 3600

;; Query time: 40 msec
;; SERVER: w.x.y.z#53(w.x.y.z)
;; WHEN: Sat Jan 04 03:06:23 PST 2020
;; MSG SIZE  rcvd: 109

mike at et:~$ dig -t a manufactured.example.com @w.x.y.z

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> -t a manufactured.example.com
@w.x.y.z
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4961
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;manufactured.example.com.      IN      A

;; AUTHORITY SECTION:
example.com.            289     IN      SOA     ns.icann.org.
noc.dns.icann.org. 2019121308 7200 3600 1209600 3600

;; Query time: 39 msec
;; SERVER: w.x.y.z#53(w.x.y.z)
;; WHEN: Sat Jan 04 03:06:32 PST 2020
;; MSG SIZE  rcvd: 109

  


    My expectation is that /etc/hosts will override everything else and
no recursive resolution will be attempted, but clearly that isn't
exactly the case.


Thank you.

More information about the Pdns-users mailing list