[Pdns-users] [E] Re: ALIAS not resolving to IP address

Chhavi Mittal chhavi.mittal at verizonmedia.com
Wed Mar 31 19:12:19 UTC 2021 

Hi Brian,

This is what I get in tcpdump: I see a call to 53 for securityservices and
then a call to 8699 for mydomain.com and then 2 more pair of calls for the
same but end result is a timeout.

12:09:18.666913 IP (tos 0x0, ttl 64, id 5331, offset 0, flags [none], proto
UDP (17), length 81)
    127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? securityservices.com.
(53)
0x0000:  4500 0051 14d3 0000 4011 67c7 7f00 0001  E..Q.... at .g.....
0x0010:  7f00 0001 8e4b 0035 003d fe50 8057 0120  .....K.5.=.P.W..
0x0020:  0001 0000 0000 0001 1476 6572 6173 6563  .........sec
0x0030:  7572 6974 7973 6572 7669 6365 7303 636f  urityservices.co
0x0040:  6d00 0001 0001 0000 2910 0000 0000 0000  m.......).......
0x0050:  00                                       .
12:09:18.667947 IP (tos 0x0, ttl 64, id 5332, offset 0, flags [DF], proto
UDP (17), length 58)
    127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30
0x0000:  4500 003a 14d4 4000 4011 27dd 7f00 0001  E..:.. at .@.'.....
0x0010:  7f00 0001 9e40 21fb 0026 fe39 6eeb 0100  .....@!..&.9n...
0x0020:  0001 0000 0000 0000 086d 7964 6f6d 6169  .........mydomai
0x0030:  6e03 636f 6d00 0001 0001                 n.com.....
12:09:23.666879 IP (tos 0x0, ttl 64, id 7361, offset 0, flags [none], proto
UDP (17), length 81)
    127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? securityservices.com.
(53)
0x0000:  4500 0051 1cc1 0000 4011 5fd9 7f00 0001  E..Q.... at ._.....
0x0010:  7f00 0001 8e4b 0035 003d fe50 8057 0120  .....K.5.=.P.W..
0x0020:  0001 0000 0000 0001 1476 6572 6173 6563  .........sec
0x0030:  7572 6974 7973 6572 7669 6365 7303 636f  urityservices.co
0x0040:  6d00 0001 0001 0000 2910 0000 0000 0000  m.......).......
0x0050:  00                                       .
12:09:23.669459 IP (tos 0x0, ttl 64, id 7363, offset 0, flags [DF], proto
UDP (17), length 58)
    127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30
0x0000:  4500 003a 1cc3 4000 4011 1fee 7f00 0001  E..:.. at .@.......
0x0010:  7f00 0001 9e40 21fb 0026 fe39 69eb 0100  .....@!..&.9i...
0x0020:  0001 0000 0000 0000 086d 7964 6f6d 6169  .........mydomai
0x0030:  6e03 636f 6d00 0001 0001                 n.com.....
12:09:28.667125 IP (tos 0x0, ttl 64, id 11356, offset 0, flags [none],
proto UDP (17), length 81)
    127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? securityservices.com.
(53)
0x0000:  4500 0051 2c5c 0000 4011 503e 7f00 0001  E..Q,\.. at .P>....
0x0010:  7f00 0001 8e4b 0035 003d fe50 8057 0120  .....K.5.=.P.W..
0x0020:  0001 0000 0000 0001 1476 6572 6173 6563  .........sec
0x0030:  7572 6974 7973 6572 7669 6365 7303 636f  urityservices.co
0x0040:  6d00 0001 0001 0000 2910 0000 0000 0000  m.......).......
0x0050:  00                                       .
12:09:28.667506 IP (tos 0x0, ttl 64, id 11357, offset 0, flags [DF], proto
UDP (17), length 58)
    127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30
0x0000:  4500 003a 2c5d 4000 4011 1054 7f00 0001  E..:,]@. at ..T....
0x0010:  7f00 0001 9e40 21fb 0026 fe39 68eb 0100  .....@!..&.9h...
0x0020:  0001 0000 0000 0000 086d 7964 6f6d 6169  .........mydomai
0x0030:  6e03 636f 6d00 0001 0001                 n.com.....


On Tue, Mar 30, 2021 at 2:12 AM Brian Candler <b.candler at pobox.com> wrote:

> On 29/03/2021 21:34, Chhavi Mittal via Pdns-users wrote:
>
> I have a pdns and pdns_recursor running on the same server and I have one
> ALIAS record and one A record for the alias both belonging to the same
> domain entry but when I do 'dig' on the ALIAS it's not returning an answer.
>
> In that case what does it return: NXDOMAIN? NODATA? SERVFAIL? Timeout?
>
>
> This is what I have in my mysql:
>
> Domains
>
> +-----+------+--------+------------+--------+
>
> | id  | name | master | last_check | type   |
>
> +-----+------+--------+------------+--------+
>
> | 274 | .    | NULL   |       NULL | NATIVE |
>
> +-----+------+--------+------------+--------+
>
> Records
>
> +---+--------------------------+------+-------------+
>
> 274 | mydomain.com
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__mydomain.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=bA8lf2-6y-lnuN6DjyREBgTm1meCP0T8DlBKqMrFjEY&e=>
>            | A     | 10.1.164.107
>
> +---+--------------------------+------+-------------+
>
> 274 | securityservices.com
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__securityservices.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=4C9GraXRQnUPkKWBeQvN1TrOqDDQoBkRhrtGTx_NAhw&e=>
> | ALIAS | mydomain.com
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__mydomain.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=bA8lf2-6y-lnuN6DjyREBgTm1meCP0T8DlBKqMrFjEY&e=>
>
> +---+---------------------------+------+-------------+
>
> What do you get if you dig separately:
>
> dig @127.0.0.1 mydomain.com. a
>
>
>
> I am expecting the final answer of 'securityservices.com
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__securityservices.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=4C9GraXRQnUPkKWBeQvN1TrOqDDQoBkRhrtGTx_NAhw&e=>'
> to be "10.1.164.107". I feel I have a problem in my configuration but I
> am not able to figure it out. Please help!!
>
> *pdns config:*
>
> expand-alias=yes
>
> resolver=127.0.0.1:8699
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8699&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=Bx82slLKUmAY8UBhmp6DPwlvJecEmErXdNSGuarxky0&e=>
>
> setgid=pdns
>
> setuid=pdns
>
>
> *recursor config:*
>
> allow-from=0.0.0.0/0
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__0.0.0.0_0&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=GeR8zV95mCJu_AIUuH7Ey7TGh76ejLhEU1gTWDEpwsQ&e=>
>
> forward-zones=.=127.0.0.1
>
> local-address=127.0.0.1
>
> local-port=8699
>
> setgid=pdns
>
> setuid=pdns
>
> Try running tcpdump at the same time:
>
> tcpdump -i lo -nn -s0 -vX udp port 53 or udp port 8699
>
> Then when you "dig @127.0.0.1 securityservices.com. a", look at the
> tcpdump traffic.
>
> 1. do you see the incoming request for "securityservices.com" to
> pdns-auth with dst port 53?  (You should!)
> 2. do you see the request for "mydomain.com" from auth to recursor with
> dst port 8699?
> 3. do you see the request for "mydomain.com" from recursor to auth with
> dst port 53?
> 4. do you see the response to (3) with src port 53?
> 5. do you see the response to (2) with src port 8699?
> 6. do you see the response to (1) with src port 53?
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210331/f23bd533/attachment-0001.htm>

More information about the Pdns-users mailing list