[Pdns-users] NXDOMAIN for noon authoritative zone

Riccardo Brunetti riccardo.brunetti at host.it
Fri Oct 28 14:37:31 UTC 2022



Hello Peter.

Thanks for your answer.

Maybe I found the issue:



mysql> select * from records where domain_id=13203;

+------+-----------+------+------+------------------------------------------------------------------------------+------+------+----------+-----------+------+

| id   | domain_id | name | type | content                                                                      | ttl  | prio | disabled | ordername | auth |

+------+-----------+------+------+------------------------------------------------------------------------------+------+------+----------+-----------+------+

| 6309 |     13203 | .    | SOA  | a.misconfigured.powerdns.server hostmaster 2020032401 10800 3600 604800 3600 | 3600 |    0 |        0 | NULL      |    1 |

+------+-----------+------+------+------------------------------------------------------------------------------+------+------+----------+-----------+------+

1 row in set (0.00 sec)

There is an entry (probably a mistake with some API call) which shows a bad SOA entry in a domain with only a "." in the "name" column.

In fact, the query for a non existent domain returns something like:



# dig @my-dns-server-IP non-existent-domain



; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @my-dns-server-IP non-existent-domain

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39797

;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; WARNING: recursion requested but not available



;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

;; QUESTION SECTION:

;non-existent-domain. IN A



;; AUTHORITY SECTION:

. 3600 IN SOA a.misconfigured.powerdns.server. hostmaster. 2020032401 10800 3600 604800 3600



;; Query time: 18 msec

;; SERVER: my-dns-server-IP#53(my-dns-server-IP)
;; WHEN: Fri Oct 28 16:08:14 CEST 2022

;; MSG SIZE  rcvd: 116



Do you think it's safe to simply remove it?



update records set disabled=1 where id=6309;

delete from records where id=6309;

Thanks

Riccardo





28/10/2022, 15:33 Peter van Dijk via Pdns-users ha scritto:

> Hi Riccardo,
> 
> 
> 
> On Fri, 2022-10-28 at 09:11 +0000, Riccardo Brunetti via Pdns-users
> 
> wrote:
> 
> > Hello.
> 
> > We have a powerdns server which is authoritative for some zones, let's
> 
> > say zoneA and zoneB
> 
> > If we send a dns query for a zoneC we get NXDOMAIN answer instead of
> 
> > REFUSED.
> 
> >
> 
> > Is this the correct behavior or we are making some configuration
> 
> > mistake?
> 
> > pdns version: 4.5.2
> 
> 
> 
> That is not correct behaviour, so it sounds like a configuration (or
> 
> database content) mistake.
> 
> 
> 
> Can you show (unedited!) dig output for the good and the bad queries?
> 
> 
> 
> Kind regards,
> 
> --
> 
> Peter van Dijk
> 
> PowerDNS.COM BV - https://www.powerdns.com/
> 
> 
> 
> _______________________________________________
> 
> Pdns-users mailing list
> 
> Pdns-users at mailman.powerdns.com
> 
> https://mailman.powerdns.com/mailman/listinfo/pdns-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20221028/30e7f070/attachment.htm>


More information about the Pdns-users mailing list