[Pdns-users] DNSSEC and CNAME records results NXDOMAIN

Klaus Darilion klaus.darilion at nic.at
Fri Apr 22 16:59:49 UTC 2022


And how do you fill records into the mysql db? Can you show the relevenat rows of the records and domains table?
regards
Klaus

> -----Ursprüngliche Nachricht-----
> Von: Pdns-users <pdns-users-bounces at mailman.powerdns.com> Im
> Auftrag von Marijn via Pdns-users
> Gesendet: Freitag, 22. April 2022 18:54
> An: pdns-users at mailman.powerdns.com
> Betreff: Re: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN
> 
> I have pdnsutil 4.5.4 running with MySQL backend and native MySQL
> replication.
> 
> In pdns.conf I have the following value. Maybe the @ doesn't work?
> 
> default-soa-content=ns1.mijn.host hostmaster.@ 0 10800 3600 604800 3600
> 
> Klaus Darilion schreef op 2022-04-22 18:06:
> > I do not see any difference of the two cases. But in any case,
> > returning an answer AND nxdomain is just broken.
> >
> >
> > # dig @ns1.mijn.host. autodiscover.egogo.eu
> > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62514
> > ...
> > ;; QUESTION SECTION:
> > ;autodiscover.egogo.eu.         IN      A
> >
> > ;; ANSWER SECTION:
> > autodiscover.egogo.eu.  900     IN      CNAME
> > autodiscover.outlook.com.
> >
> > ;; AUTHORITY SECTION:
> > .                       3600    IN      SOA     ns1.mijn.host.
> > hostmaster. 1643556361 10800 3600 604800 3600
> >
> > this is a very broken setup. SOA reports "." = root zone.
> >
> > which pdns version/backend/ zone setup are you using?
> >
> > regards
> > Klaus
> >
> >> -----Ursprüngliche Nachricht-----
> >> Von: Pdns-users <pdns-users-bounces at mailman.powerdns.com> Im
> >> Auftrag von Marijn via Pdns-users
> >> Gesendet: Freitag, 22. April 2022 16:39
> >> An: pdns-users at mailman.powerdns.com
> >> Betreff: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN
> >>
> >> I have PowerDNS 4.5.1 running.
> >>
> >> DNSSEC is working on the domain:
> >> https://dnssec-analyzer.verisignlabs.com/egogo.eu
> >>
> >> ---
> >>
> >> But when I have DNSSEC active and I create a CNAME record, which
> >> doesn't
> >> have DNSSEC, I get a NXDOMAIN error.
> >>
> >> ```
> >> $ dig CNAME autodiscover.egogo.eu +short
> >> autodiscover.outlook.com.
> >> ```
> >>
> >> Here you can see the error
> >> https://dnssec-analyzer.verisignlabs.com/autodiscover.egogo.eu
> >>
> >> - Zone egogo.eu (83.96.241.95) returns NXDOMAIN for
> >> autodiscover.egogo.eu
> >> - No NSEC records in response
> >>
> >> ---
> >>
> >> When I create a CNAME record to a domain with DNSSEC, it's working.
> >> ```
> >> $ dig CNAME autodiscover2.egogo.eu +short
> >> egogo.nl.
> >> ```
> >> https://dnssec-analyzer.verisignlabs.com/autodiscover2.egogo.eu
> >> - No errors
> >>
> >> ---
> >>
> >> Why is DNSSEC not working with CNAME record
> autodiscover.outlook.com?
> >> Or could there be something wrong in my configuration?
> >> _______________________________________________
> >> Pdns-users mailing list
> >> Pdns-users at mailman.powerdns.com
> >> https://mailman.powerdns.com/mailman/listinfo/pdns-users
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users


More information about the Pdns-users mailing list