[Pdns-users] DNSSEC and CNAME records results NXDOMAIN

Marijn marijn at egogo.nl
Fri Apr 22 16:53:36 UTC 2022 

I have pdnsutil 4.5.4 running with MySQL backend and native MySQL 
replication.

In pdns.conf I have the following value. Maybe the @ doesn't work?

default-soa-content=ns1.mijn.host hostmaster.@ 0 10800 3600 604800 3600

Klaus Darilion schreef op 2022-04-22 18:06:
> I do not see any difference of the two cases. But in any case,
> returning an answer AND nxdomain is just broken.
> 
> 
> # dig @ns1.mijn.host. autodiscover.egogo.eu
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62514
> ...
> ;; QUESTION SECTION:
> ;autodiscover.egogo.eu.         IN      A
> 
> ;; ANSWER SECTION:
> autodiscover.egogo.eu.  900     IN      CNAME   
> autodiscover.outlook.com.
> 
> ;; AUTHORITY SECTION:
> .                       3600    IN      SOA     ns1.mijn.host.
> hostmaster. 1643556361 10800 3600 604800 3600
> 
> this is a very broken setup. SOA reports "." = root zone.
> 
> which pdns version/backend/ zone setup are you using?
> 
> regards
> Klaus
> 
>> -----Ursprüngliche Nachricht-----
>> Von: Pdns-users <pdns-users-bounces at mailman.powerdns.com> Im
>> Auftrag von Marijn via Pdns-users
>> Gesendet: Freitag, 22. April 2022 16:39
>> An: pdns-users at mailman.powerdns.com
>> Betreff: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN
>> 
>> I have PowerDNS 4.5.1 running.
>> 
>> DNSSEC is working on the domain:
>> https://dnssec-analyzer.verisignlabs.com/egogo.eu
>> 
>> ---
>> 
>> But when I have DNSSEC active and I create a CNAME record, which 
>> doesn't
>> have DNSSEC, I get a NXDOMAIN error.
>> 
>> ```
>> $ dig CNAME autodiscover.egogo.eu +short
>> autodiscover.outlook.com.
>> ```
>> 
>> Here you can see the error
>> https://dnssec-analyzer.verisignlabs.com/autodiscover.egogo.eu
>> 
>> - Zone egogo.eu (83.96.241.95) returns NXDOMAIN for
>> autodiscover.egogo.eu
>> - No NSEC records in response
>> 
>> ---
>> 
>> When I create a CNAME record to a domain with DNSSEC, it's working.
>> ```
>> $ dig CNAME autodiscover2.egogo.eu +short
>> egogo.nl.
>> ```
>> https://dnssec-analyzer.verisignlabs.com/autodiscover2.egogo.eu
>> - No errors
>> 
>> ---
>> 
>> Why is DNSSEC not working with CNAME record autodiscover.outlook.com?
>> Or could there be something wrong in my configuration?
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list