[Pdns-users] Servfail spikes on PowerDNS authoritive

Otto Moerbeek otto at drijf.net
Mon Nov 2 14:53:24 UTC 2020


On Mon, Nov 02, 2020 at 02:41:18PM +0100, Roman Steinhart via Pdns-users wrote:

> Hi guys,
> 
> We're running two PowerDNS authoritative instances v4.3.0/4.3.1 (upgraded
> today) with a self-written remote backend.
> 
> From time to time we see small, 1-2 minute long spikes of servfail
> responses.
> In these timeframes one-third of all responses sent by PowerDNS are
> servfail responses, the other two-thirds are successful.
> https://img.steinh.art/1e7J10Qu.png
> - These spikes typically occur two or three times a day, at different times
> the day on both DNS servers.
> - There is no relation to the type of DNS records being queried. It affects
> any type e.g. A, AAAA, SRV, etc. I don't how much PDNS relies on the remote
> backend in online signing mode, but the problem also occurs with DS records.
> - It's not related to the query name. I can query a name with the same name
> as 10 minutes later and it's working fine.
> - There are no spikes in other server metrics like CPU, memory, etc.
> 
> Luckily PowerDNS is logging why these servfails occur:
> 
> > Exception building answer packet for britishgerbil.aternos.me/DS (Attempt
> > to print an unset dnsname) sending out servfail
> 
> But unfortunately, I don't have any clue what this means.
> 
> I also checked our remote backend of course and everything looks fine there.
> I don't know if my assumption is correct, but the fact that DS records are
> generated by PDNS (in online signing mode) and are affected too I would say
> that it's not related to the remote backend?
> 
> Maybe someone of you has a hot hint for me or can explain what that error
> message tries to tell me :)
> 
> Thanks in advance.
> 
> ~ Roman

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users


The issues is that some code tried to do a toString() on a an non-set
DNSName.

This *can* be due to a backend doing something wrong. I suspect that
on irc there are people capable of helping you debugging this,

	-Otto


More information about the Pdns-users mailing list