[Pdns-users] ALIAS not resolving to IP address

Brian Candler b.candler at pobox.com
Tue Mar 30 09:12:42 UTC 2021 

On 29/03/2021 21:34, Chhavi Mittal via Pdns-users wrote:
> I have a pdns and pdns_recursor running on the same server and I have 
> one ALIAS record and one A record for the alias both belonging to the 
> same domain entry but when I do 'dig' on the ALIAS it's not returning 
> an answer.

In that case what does it return: NXDOMAIN? NODATA? SERVFAIL? Timeout?


> This is what I have in my mysql:
>
> Domains
>
> +-----+------+--------+------------+--------+
>
> | id| name | master | last_check | type |
>
> +-----+------+--------+------------+--------+
>
> | 274 | .| NULL | NULL | NATIVE |
>
> +-----+------+--------+------------+--------+
>
>
> Records
>
> +---+--------------------------+------+-------------+
>
> 274 | mydomain.com <http://mydomain.com>             | A| 10.1.164.107
>
> +---+--------------------------+------+-------------+
>
> 274 | securityservices.com <http://securityservices.com> | ALIAS | 
> mydomain.com <http://mydomain.com>
>
> +---+---------------------------+------+-------------+
>
What do you get if you dig separately:

dig @127.0.0.1 mydomain.com. a


>
> I am expecting the final answer of 'securityservices.com 
> <http://securityservices.com>' to be "10.1.164.107". I feel I have a 
> problem in my configuration but I am not able to figure it out. Please 
> help!!
>
> *pdns config:*
>
> expand-alias=yes
>
> resolver=127.0.0.1:8699 <http://127.0.0.1:8699>
>
> setgid=pdns
>
> setuid=pdns
>
>
> *recursor config:*
>
> allow-from=0.0.0.0/0 <http://0.0.0.0/0>
>
> forward-zones=.=127.0.0.1
>
> local-address=127.0.0.1
>
> local-port=8699
>
> setgid=pdns
>
> setuid=pdns
>
Try running tcpdump at the same time:

tcpdump -i lo -nn -s0 -vX udp port 53 or udp port 8699

Then when you "dig @127.0.0.1 securityservices.com. a", look at the 
tcpdump traffic.

1. do you see the incoming request for "securityservices.com" to 
pdns-auth with dst port 53?  (You should!)
2. do you see the request for "mydomain.com" from auth to recursor with 
dst port 8699?
3. do you see the request for "mydomain.com" from recursor to auth with 
dst port 53?
4. do you see the response to (3) with src port 53?
5. do you see the response to (2) with src port 8699?
6. do you see the response to (1) with src port 53?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210330/1c1bfa02/attachment-0001.htm>

More information about the Pdns-users mailing list