[Pdns-users] [E] Re: ALIAS not resolving to IP address

Chhavi Mittal chhavi.mittal at verizonmedia.com
Wed Mar 31 19:37:00 UTC 2021


I just got it to work, turns out my recursor was not running and that is
why it was timing out. Thank you for recommending the tcpdump which helped
me see that the call was going through.

Also for anyone else dealing in similar issues. Setting "trace=on" in
recursor.conf helps see the queries in realtime.

Best,
Chhavi

On Wed, Mar 31, 2021 at 12:12 PM Chhavi Mittal <
chhavi.mittal at verizonmedia.com> wrote:

> Hi Brian,
>
> This is what I get in tcpdump: I see a call to 53 for securityservices and
> then a call to 8699 for mydomain.com and then 2 more pair of calls for
> the same but end result is a timeout.
>
> 12:09:18.666913 IP (tos 0x0, ttl 64, id 5331, offset 0, flags [none],
> proto UDP (17), length 81)
>     127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? securityservices.com.
> (53)
> 0x0000:  4500 0051 14d3 0000 4011 67c7 7f00 0001  E..Q.... at .g.....
> 0x0010:  7f00 0001 8e4b 0035 003d fe50 8057 0120  .....K.5.=.P.W..
> 0x0020:  0001 0000 0000 0001 1476 6572 6173 6563  .........sec
> 0x0030:  7572 6974 7973 6572 7669 6365 7303 636f  urityservices.co
> 0x0040:  6d00 0001 0001 0000 2910 0000 0000 0000  m.......).......
> 0x0050:  00                                       .
> 12:09:18.667947 IP (tos 0x0, ttl 64, id 5332, offset 0, flags [DF], proto
> UDP (17), length 58)
>     127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30
> 0x0000:  4500 003a 14d4 4000 4011 27dd 7f00 0001  E..:.. at .@.'.....
> 0x0010:  7f00 0001 9e40 21fb 0026 fe39 6eeb 0100  .....@!..&.9n...
> 0x0020:  0001 0000 0000 0000 086d 7964 6f6d 6169  .........mydomai
> 0x0030:  6e03 636f 6d00 0001 0001                 n.com.....
> 12:09:23.666879 IP (tos 0x0, ttl 64, id 7361, offset 0, flags [none],
> proto UDP (17), length 81)
>     127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? securityservices.com.
> (53)
> 0x0000:  4500 0051 1cc1 0000 4011 5fd9 7f00 0001  E..Q.... at ._.....
> 0x0010:  7f00 0001 8e4b 0035 003d fe50 8057 0120  .....K.5.=.P.W..
> 0x0020:  0001 0000 0000 0001 1476 6572 6173 6563  .........sec
> 0x0030:  7572 6974 7973 6572 7669 6365 7303 636f  urityservices.co
> 0x0040:  6d00 0001 0001 0000 2910 0000 0000 0000  m.......).......
> 0x0050:  00                                       .
> 12:09:23.669459 IP (tos 0x0, ttl 64, id 7363, offset 0, flags [DF], proto
> UDP (17), length 58)
>     127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30
> 0x0000:  4500 003a 1cc3 4000 4011 1fee 7f00 0001  E..:.. at .@.......
> 0x0010:  7f00 0001 9e40 21fb 0026 fe39 69eb 0100  .....@!..&.9i...
> 0x0020:  0001 0000 0000 0000 086d 7964 6f6d 6169  .........mydomai
> 0x0030:  6e03 636f 6d00 0001 0001                 n.com.....
> 12:09:28.667125 IP (tos 0x0, ttl 64, id 11356, offset 0, flags [none],
> proto UDP (17), length 81)
>     127.0.0.1.36427 > 127.0.0.1.53: 32855+ [1au] A? securityservices.com.
> (53)
> 0x0000:  4500 0051 2c5c 0000 4011 503e 7f00 0001  E..Q,\.. at .P>....
> 0x0010:  7f00 0001 8e4b 0035 003d fe50 8057 0120  .....K.5.=.P.W..
> 0x0020:  0001 0000 0000 0001 1476 6572 6173 6563  .........sec
> 0x0030:  7572 6974 7973 6572 7669 6365 7303 636f  urityservices.co
> 0x0040:  6d00 0001 0001 0000 2910 0000 0000 0000  m.......).......
> 0x0050:  00                                       .
> 12:09:28.667506 IP (tos 0x0, ttl 64, id 11357, offset 0, flags [DF], proto
> UDP (17), length 58)
>     127.0.0.1.40512 > 127.0.0.1.8699: UDP, length 30
> 0x0000:  4500 003a 2c5d 4000 4011 1054 7f00 0001  E..:,]@. at ..T....
> 0x0010:  7f00 0001 9e40 21fb 0026 fe39 68eb 0100  .....@!..&.9h...
> 0x0020:  0001 0000 0000 0000 086d 7964 6f6d 6169  .........mydomai
> 0x0030:  6e03 636f 6d00 0001 0001                 n.com.....
>
>
> On Tue, Mar 30, 2021 at 2:12 AM Brian Candler <b.candler at pobox.com> wrote:
>
>> On 29/03/2021 21:34, Chhavi Mittal via Pdns-users wrote:
>>
>> I have a pdns and pdns_recursor running on the same server and I have one
>> ALIAS record and one A record for the alias both belonging to the same
>> domain entry but when I do 'dig' on the ALIAS it's not returning an answer.
>>
>> In that case what does it return: NXDOMAIN? NODATA? SERVFAIL? Timeout?
>>
>>
>> This is what I have in my mysql:
>>
>> Domains
>>
>> +-----+------+--------+------------+--------+
>>
>> | id  | name | master | last_check | type   |
>>
>> +-----+------+--------+------------+--------+
>>
>> | 274 | .    | NULL   |       NULL | NATIVE |
>>
>> +-----+------+--------+------------+--------+
>>
>> Records
>>
>> +---+--------------------------+------+-------------+
>>
>> 274 | mydomain.com
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__mydomain.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=bA8lf2-6y-lnuN6DjyREBgTm1meCP0T8DlBKqMrFjEY&e=>
>>            | A     | 10.1.164.107
>>
>> +---+--------------------------+------+-------------+
>>
>> 274 | securityservices.com
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__securityservices.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=4C9GraXRQnUPkKWBeQvN1TrOqDDQoBkRhrtGTx_NAhw&e=>
>> | ALIAS | mydomain.com
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__mydomain.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=bA8lf2-6y-lnuN6DjyREBgTm1meCP0T8DlBKqMrFjEY&e=>
>>
>> +---+---------------------------+------+-------------+
>>
>> What do you get if you dig separately:
>>
>> dig @127.0.0.1 mydomain.com. a
>>
>>
>>
>> I am expecting the final answer of 'securityservices.com
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__securityservices.com&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=4C9GraXRQnUPkKWBeQvN1TrOqDDQoBkRhrtGTx_NAhw&e=>'
>> to be "10.1.164.107". I feel I have a problem in my configuration but I
>> am not able to figure it out. Please help!!
>>
>> *pdns config:*
>>
>> expand-alias=yes
>>
>> resolver=127.0.0.1:8699
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8699&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=Bx82slLKUmAY8UBhmp6DPwlvJecEmErXdNSGuarxky0&e=>
>>
>> setgid=pdns
>>
>> setuid=pdns
>>
>>
>> *recursor config:*
>>
>> allow-from=0.0.0.0/0
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__0.0.0.0_0&d=DwMFaQ&c=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY&r=zhXmtZOB8qouWS1ukhEyCOSrM390DVZ1dg-asUtrEKo&m=U40NWrm5IiXE87EYbF_1M2h6MiBG8iX4x3yHNcLc_IM&s=GeR8zV95mCJu_AIUuH7Ey7TGh76ejLhEU1gTWDEpwsQ&e=>
>>
>> forward-zones=.=127.0.0.1
>>
>> local-address=127.0.0.1
>>
>> local-port=8699
>>
>> setgid=pdns
>>
>> setuid=pdns
>>
>> Try running tcpdump at the same time:
>>
>> tcpdump -i lo -nn -s0 -vX udp port 53 or udp port 8699
>>
>> Then when you "dig @127.0.0.1 securityservices.com. a", look at the
>> tcpdump traffic.
>>
>> 1. do you see the incoming request for "securityservices.com" to
>> pdns-auth with dst port 53?  (You should!)
>> 2. do you see the request for "mydomain.com" from auth to recursor with
>> dst port 8699?
>> 3. do you see the request for "mydomain.com" from recursor to auth with
>> dst port 53?
>> 4. do you see the response to (3) with src port 53?
>> 5. do you see the response to (2) with src port 8699?
>> 6. do you see the response to (1) with src port 53?
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210331/d3322e0f/attachment-0001.htm>


More information about the Pdns-users mailing list