On 8/1/07, Chris Seufert <[EMAIL PROTECTED]> wrote: > Does this problem come into play when the client who is trying to > resolve the domain name is sitting on a IPv6 network, or does it have > the potential to happen with any IPv6 aware resolver. (ie has IPv4 > address, but is IPv6 capable).
It happens any time a resolver makes a request for a resource record (AAAA, CNAME, etc.) that does not exist on a query domain (secure.example.com), and there is a wild card that points to a CNAME. For example the resolver could ask for a CNAME of secure.example.com and since there is no answer for that PowerDNS answers with the wild card info. it has; which your recursor could cache and give you the same problem. > Just a thought, but instead of using a wildcard CNAME, perhaps you could > use a wildcard A record, this does seem to alleviate the problem, but > its not fixing the problem thou. Sure that's a one off solution, but when you are talking about thousands of domains, then it really isn't a solution. > I see a bigger problem with a lookup > AAAA records our installation. > # host -t AAAA www.thewebdesigner.com.au fred.shopa.com.au > www.thewebdesigner.com.au CNAME dsl.thewebdesigner.com.au > dsl.thewebdesigner.com.au CNAME dsl.thewebdesigner.com.au > ... > dsl.thewebdesigner.com.au CNAME dsl.thewebdesigner.com.au > dsl.thewebdesigner.com.au CNAME dsl.thewebdesigner.com.au > Possible CNAME loop > That seems to be as bad, if not worse, as the problem your describing. That looks a bit like the other bug I submitted along these lines: http://wiki.powerdns.com/cgi-bin/trac.fcgi/ticket/124 You'll note that PowerDNS answers with a response code of ServFail but also populates the Answer section; which is unclear to me whether that's really OK or not. See my dig below for details: [EMAIL PROTECTED] ~]$ dig aaaa www.thewebdesigner.com.au @fred.shopa.com.au +norecurse ; <<>> DiG 9.4.1 <<>> aaaa www.thewebdesigner.com.au @fred.shopa.com.au +norecurse ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30963 ;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.thewebdesigner.com.au. IN AAAA ;; ANSWER SECTION: www.thewebdesigner.com.au. 10800 IN CNAME dsl.thewebdesigner.com.au. dsl.thewebdesigner.com.au. 10800 IN CNAME dsl.thewebdesigner.com.au. ;; AUTHORITY SECTION: thewebdesigner.com.au. 10800 IN SOA ns1.shopa.com.au. hostmaster.shopa.com.au. 20275 10800 3600 604800 3600 -- Augie Schwer - [EMAIL PROTECTED] - http://schwer.us Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072 _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
