RE: [Pdns-users] PDNS & pdns-recursor on same machine problems

Baird, Josh Mon, 24 Nov 2008 20:50:34 -0800

Doing some further research.. I can resolve "oldbridgeinc.com" using this 
recursor, but not any hosts underneath it (although dig appears to be seeing 
the A record):  Note that oldbridgeinc.com is not in the forwarders statement 
for the recursor.



[EMAIL PROTECTED]:~$ dig oldbridgeinc.com @172.15.64.10

; <<>> DiG 9.3.4-P1 <<>> oldbridgeinc.com @172.15.64.10
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32066
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;oldbridgeinc.com.              IN      A

;; ANSWER SECTION:
oldbridgeinc.com.       86400   IN      A       72.29.72.191

;; Query time: 1 msec
;; SERVER: 172.15.64.10#53(172.15.64.10)
;; WHEN: Mon Nov 24 23:48:15 2008
;; MSG SIZE  rcvd: 50

[EMAIL PROTECTED]:~$ dig www.oldbridgeinc.com @172.15.64.10

; <<>> DiG 9.3.4-P1 <<>> www.oldbridgeinc.com @172.15.64.10
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10053
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.oldbridgeinc.com.          IN      A

;; ANSWER SECTION:
www.oldbridgeinc.com.   86400   IN      A       72.29.72.191

;; Query time: 1 msec
;; SERVER: 172.15.64.10#53(172.15.64.10)
;; WHEN: Mon Nov 24 23:48:21 2008
;; MSG SIZE  rcvd: 54

[EMAIL PROTECTED]:~$ host www.oldbridgeinc.com

[EMAIL PROTECTED]:~$ nslookup
> www.oldbridgeinc.com
Server:         172.15.64.11
Address:        172.15.64.11#53

Non-authoritative answer:
*** Can't find www.oldbridgeinc.com: No answer
>


-----Original Message-----
From: [EMAIL PROTECTED] on behalf of Baird, Josh
Sent: Mon 11/24/2008 5:06 PM
To: bert hubert
Cc: [email protected]
Subject: RE: [Pdns-users] PDNS & pdns-recursor on same machine problems
 

Bert,

Sure.. running the recursor with --trace completely killed this box, but I do 
believe I was able to get some data for you :)

Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] question for 
'oldbridgeinc.com.|A' from 172.15.64.11
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Looking 
for CNAME cache hit of 'oldbridgeinc.com.|CNAME'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: No 
CNAME cache hit of 'oldbridgeinc.com.|CNAME' found
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: No 
cache hit for 'oldbridgeinc.com.|A', trying to find an appropriate NS record
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: 
Checking if we have NS in cache for 'oldbridgeinc.com.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: no 
valid/useful NS in cache for 'oldbridgeinc.com.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: 
Checking if we have NS in cache for 'com.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS 
(with ip, or non-glue) in cache for 'com.' -> 'a.gtld-servers.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within 
bailiwick: 0, not in cache / did not look at cache
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS 
(with ip, or non-glue) in cache for 'com.' -> 'b.gtld-servers.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within 
bailiwick: 0, not in cache / did not look at cache
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS 
(with ip, or non-glue) in cache for 'com.' -> 'c.gtld-servers.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within 
bailiwick: 0, not in cache / did not look at cache
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS 
(with ip, or non-glue) in cache for 'com.' -> 'd.gtld-servers.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within 
bailiwick: 0, not in cache / did not look at cache
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS 
(with ip, or non-glue) in cache for 'com.' -> 'e.gtld-servers.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within 
bailiwick: 0, not in cache / did not look at cache
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS 
(with ip, or non-glue) in cache for 'com.' -> 'f.gtld-servers.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within 
bailiwick: 0, not in cache / did not look at cache
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS 
(with ip, or non-glue) in cache for 'com.' -> 'g.gtld-servers.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within 
bailiwick: 0, not in cache / did not look at cache
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS 
(with ip, or non-glue) in cache for 'com.' -> 'h.gtld-servers.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within 
bailiwick: 0, not in cache / did not look at cache
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS 
(with ip, or non-glue) in cache for 'com.' -> 'i.gtld-servers.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within 
bailiwick: 0, not in cache / did not look at cache
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS 
(with ip, or non-glue) in cache for 'com.' -> 'j.gtld-servers.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within 
bailiwick: 0, not in cache / did not look at cache
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS 
(with ip, or non-glue) in cache for 'com.' -> 'k.gtld-servers.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within 
bailiwick: 0, not in cache / did not look at cache
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS 
(with ip, or non-glue) in cache for 'com.' -> 'l.gtld-servers.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within 
bailiwick: 0, not in cache / did not look at cache
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS 
(with ip, or non-glue) in cache for 'com.' -> 'm.gtld-servers.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: within 
bailiwick: 0, not in cache / did not look at cache
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: We have 
NS in cache for 'com.' (flawedNSSet=0)
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Cache 
consultations done, have 13 NS to contact
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: 
Nameservers: b.gtld-servers.net.(256ms), a.gtld-servers.net.(275ms), 
d.gtld-servers.net.(287ms),
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:         
     g.gtld-servers.net.(300ms), c.gtld-servers.net.(302ms), 
i.gtld-servers.net.(325ms),
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:         
     h.gtld-servers.net.(325ms), j.gtld-servers.net.(354ms), 
f.gtld-servers.net.(363ms),
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:         
     e.gtld-servers.net.(599ms), l.gtld-servers.net.(625ms), 
k.gtld-servers.net.(728ms),
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.:         
     m.gtld-servers.net.(751ms)
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Trying 
to resolve NS 'b.gtld-servers.net.' (1/13)
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   b.gtld-servers.net.: 
Looking for CNAME cache hit of 'b.gtld-servers.net.|CNAME'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   b.gtld-servers.net.: No 
CNAME cache hit of 'b.gtld-servers.net.|CNAME' found
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   b.gtld-servers.net.: 
Found cache hit for A: 192.33.14.30[ttl=172674]
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: 
Resolved 'com.' NS b.gtld-servers.net. to: 192.33.14.30
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Trying 
IP 192.33.14.30:53, asking 'oldbridgeinc.com.|A'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Got 4 
answers from b.gtld-servers.net. (192.33.14.30), rcode=0, in 142ms
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: accept 
answer 'oldbridgeinc.com.|NS|ns1.jbdesign.net.' from 'com.' nameservers? YES!
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: accept 
answer 'oldbridgeinc.com.|NS|ns2.jbdesign.net.' from 'com.' nameservers? YES!
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: accept 
answer 'ns1.jbdesign.net.|A|72.29.72.189' from 'com.' nameservers? NO!
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: accept 
answer 'ns2.jbdesign.net.|A|12.44.213.89' from 'com.' nameservers? NO!
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: 
determining status after receiving this packet
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: got NS 
record 'oldbridgeinc.com.' -> 'ns1.jbdesign.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: got NS 
record 'oldbridgeinc.com.' -> 'ns2.jbdesign.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: 
status=did not resolve, got 2 NS, looping to them
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: 
Nameservers: ns1.jbdesign.net.(0ms), ns2.jbdesign.net.(0ms)
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Trying 
to resolve NS 'ns1.jbdesign.net.' (1/2)
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: 
Looking for CNAME cache hit of 'ns1.jbdesign.net.|CNAME'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: No 
CNAME cache hit of 'ns1.jbdesign.net.|CNAME' found
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: No 
cache hit for 'ns1.jbdesign.net.|A', trying to find an appropriate NS record
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: Cache 
consultations done, have 1 NS to contact
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: 
Nameservers: 72.29.72.189:53(-1172ms)
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: 
Trying to resolve NS '72.29.72.189:53' (1/1)
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: 
Domain has hardcoded nameserver(s)
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: 
Resolved 'jbdesign.net.' NS 72.29.72.189:53 to: 72.29.72.189
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: 
Trying IP 72.29.72.189:53, asking 'ns1.jbdesign.net.|A'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: query 
throttled
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: 
Failed to resolve via any of the 1 offered NS at level 'jbdesign.net.'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns1.jbdesign.net.: 
failed (res=-1)
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Failed 
to get IP for NS ns1.jbdesign.net., trying next if available
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Trying 
to resolve NS 'ns2.jbdesign.net.' (2/2)
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns2.jbdesign.net.: 
Looking for CNAME cache hit of 'ns2.jbdesign.net.|CNAME'
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns2.jbdesign.net.: No 
CNAME cache hit of 'ns2.jbdesign.net.|CNAME' found
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165]   ns2.jbdesign.net.: Found 
cache hit for A: 12.44.213.89[ttl=86395]
Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: 
Resolved 'oldbridgeinc.com.' NS ns2.jbdesign.net. to: 12.44.213.89
Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Trying 
IP 12.44.213.89:53, asking 'oldbridgeinc.com.|A'
Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: query 
throttled
Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Failed 
to resolve via any of the 2 offered NS at level 'oldbridgeinc.com.'
Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: 
Invalidating nameservers for level 'oldbridgeinc.com.', next query might succeed
Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: failed 
(res=-1)
Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] answer to question 
'oldbridgeinc.com.|A': 0 answers, 0 additional, took 1 packets, 2 throttled, 0 
timeouts, 0 tcp connections, rcode=2

It look's like it is trying to hand the query off to 
ns1.jbdesign.net/ns2.jbdesign.net which is correct (ns2 runs on this same box, 
on a different interface).  This recursor IS able to resolve both  NS1 and NS2 
(only because I have added jbdesign.net to the forwarders= option in 
recursor.conf).  Unfortuantly, dig didn't return any useful info probably due 
to the fact that --trace made the recursor completely unresponsive, but here is 
the output after I turned --trace off:

[EMAIL PROTECTED]:/etc/rc.d/init.d$ dig oldbridgeinc.com @172.15.64.11

; <<>> DiG 9.3.4-P1 <<>> oldbridgeinc.com @172.15.64.11
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54661
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;oldbridgeinc.com.              IN      A

;; ANSWER SECTION:
oldbridgeinc.com.       86400   IN      A       72.29.72.191

;; Query time: 116 msec
;; SERVER: 172.15.64.11#53(172.15.64.11)
;; WHEN: Mon Nov 24 17:05:20 2008
;; MSG SIZE  rcvd: 50


Thanks,

Josh



-----Original Message-----
From: bert hubert [mailto:[EMAIL PROTECTED]
Sent: Mon 11/24/2008 4:43 PM
To: Baird, Josh
Cc: [email protected]
Subject: Re: [Pdns-users] PDNS & pdns-recursor on same machine problems
 
On Mon, Nov 24, 2008 at 03:36:07PM -0600, Baird, Josh wrote:

> I have a set of authoritative servers running PDNS.  One of these servers is
> also running pdns-recursor which is bound to a separate IP address.  The
> recursor is having problems resolving domains that the authoritative
> instance is authoritative for.  Trying to resolve hostnames within these
> domains doesn't bail with a NXDOMAIN or a FAIL, but it just does not return
> an IP address:

Josh,

Can you run the recursor in '--trace' mode, and show the output when it
tries to resolve a domain for you that is hosted on the same machine?

Instead of 'host', could you use 'dig', as in 'dig blah.com
@ip-address-of-recursor'?

Dig is a little bit more verbose in its output.

> Is there a way to make the recursor resolve these domains without manually
> forwarding each of them back to the IP address that the authoritative server
> is listening on?  Shouldn't it use recursion for these queries?

Yes, it should just work, without special configuration.

Please let us know!

        Bert

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users

RE: [Pdns-users] PDNS & pdns-recursor on same machine problems

Reply via email to