I think I maybe went a little too complicated on my explanation here, and missed a couple semi-crucial details. We are *not* the authoritative servers for the two domains that are giving problems (acegroup.cc and hivelocity.net). The domains appear to resolve normally when pdns_recursor 3.1.2 is queried. The problems come in when recursive querying pdns_server 2.9.20 configured to forward recursive queries to the 3.1.2 recursor, or when querying the 2.9.20 recursor directly. I've also tried out the 2.9.21 snapshot of pdns_server, with similar results.
Darren - you said that there was something in the configuration of these two domains that would fail in pre-3.2.1 versions of the recursor. Can you give a bit more detail on that? My question is - is there something in the code for pdns_server (2.9.20 and 2.9.21 snapshot at least), in handling the forwarding of recursive calls, that is failing in a similar way that the older versions of the recursor? If so, is there a quick'n'easy (or quick'n'dirty) workaround for it, or is this a more involved issue? If it's not an easy fix, I need to revisit the way we currently have our DNS services set up, and implement one or more standalone 3.1.2 pdns_recursor installations, instead of our current implementation (all request, recursive or authoritative, passed to 2.9.20 pdns_server installations with pdns_recursors running on alternate ports). Bert, do you still need that tcpdump output that you asked for earlier, or something else to track down the problem? I don't believe this is anything inherent to our setup, but to the way these two domains (again, domains that we are not authoritative for and have no control over) are set up. Thanks to Bert and Darren for their help and feedback on this issue, and I hope that I'm making better sense this time through. Please let me know if there's any further clarification or explanation needed. Kirk -----Original Message----- From: Kirk Friggstad [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 22, 2006 11:52 AM To: '[email protected]' Subject: Recursion failing on certain records? Greetings all: I've been puzzling through some strangeness in our PowerDNS installations here. Recursive queries for certain records/domains have been failing consistently for a number of weeks - two examples are: mail.acegroup.cc mail.hivelocity.net If I query the authoritative server, I get a SERVFAIL: $ dig @localhost mail.hivelocity.net ; <<>> DiG 9.2.4 <<>> @localhost mail.hivelocity.net ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49833 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.hivelocity.net. IN A ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Aug 22 11:10:21 2006 ;; MSG SIZE rcvd: 37 but if I query the 3.1.2 recursor directly, I get the correct answer: $ dig @localhost -p 4754 mail.hivelocity.net ; <<>> DiG 9.2.4 <<>> @localhost -p 4754 mail.hivelocity.net ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1932 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.hivelocity.net. IN A ;; ANSWER SECTION: mail.hivelocity.net. 300 IN A 66.96.80.16 ;; Query time: 206 msec ;; SERVER: 127.0.0.1#4754(127.0.0.1) ;; WHEN: Tue Aug 22 11:10:04 2006 ;; MSG SIZE rcvd: 53 Querying a 2.9.20 recursor directly returns a SERVFAIL. Recursive queries for most other domains return correct answers - these two domains (acegroup.cc and hivelocity.net) are the only ones that I've come across that exhibit this behavior. Lookups for those two domains from http://dnsstuff.com/ appear normal as well. I can reproduce this on the following systems: System 1 - RHEL 3, pdns_server 2.9.20 (static RPM from powerdns.com) recursing to pdns_recursor 3.1.2 (generic RPM from powerdns.com) System 2 - RHEL 3, pdns_server 2.9.20 (static RPM from powerdns.com) recursing to pdns_recursor 2.9.20 (build from source, gcc 4.0.2) Both systems have identical configuration files (except for IP address binding), using the bind backend, and do not appear to exhibit any problems with authoritative queries, only recursive. Anyone have any suggestions as to what is happening here? Could there be a bug somewhere in the recursion routines of pdns_server? Am I making some completely stupid mistake somewhere? I'm out of answers - any help would be greatly appreciated. Thanks Kirk _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
