[Pdns-users] DNAME randomly failing on Linux clients

Adam Cecile acecile at letz-it.lu
Wed Apr 6 08:36:18 UTC 2022 

Hello,


I'm trying to setup a domain migration using DNAME zones to keep compat 
with previous domain name but I ended up with a solution that works 
everytime with dig but seems to be randomly failing using Linux GLIBC 
resolver.

Setup is PowerDNS running native *.domain.internal zones and 
*.domain.local zones using DNAME to redirect to .internal. In front of 
the PowerDNS server we're running DNSDist to route internal 
authoritative zones and external ones to forwarders.

Here is that DIG finds out:

dig api.domain.local

; <<>> DiG 9.16.27-Debian <<>> api.domain.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked 
to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58530
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;api.domain.local.        IN    A

;; ANSWER SECTION:
api.domain.local.    3600    IN    CNAME rp-int.dmz.domain.local.
dmz.domain.local.        3600    IN    DNAME dmz.domain.internal.
rp-int.dmz.domain.internal. 60    IN    A    10.1.1.1
rp-int.dmz.domain.local.    3600    IN    CNAME rp-int.dmz.domain.internal.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Apr 06 08:24:06 UTC 2022
;; MSG SIZE  rcvd: 139

It works 100% times.


However, getent host is failing a lot:

getent hosts api.domain.local

Using .internal domains also fails most of the time.


I'm seeing the same issue using Python socket module:

python3 -c 'import socket; socket.gethostbyname("api.domain.local")'
Traceback (most recent call last):
   File "<string>", line 1, in <module>
socket.gaierror: [Errno -2] Name or service not known


Any idea what's going on here, I'm completely lost. I guess my DNAME 
usage is somehow incorrect but I don't understand why it's working 
intermittently (and always with pure DNS call using dig...)


Thanks a lot in advance,

Best regards, Adam.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220406/9a9f68f7/attachment.htm>

More information about the Pdns-users mailing list