Your authoritative servers are broken. No really : [EMAIL PROTECTED] ~]$ dig ns oldbridgeinc.com +trace [snip] oldbridgeinc.com. 172800 IN NS ns1.jbdesign.net. oldbridgeinc.com. 172800 IN NS ns2.jbdesign.net.
[EMAIL PROTECTED] ~]$ dig ns oldbridgeinc.com @ns2.jbdesign.net +short [EMAIL PROTECTED] ~]$ dig ns oldbridgeinc.com @ns1.jbdesign.net +short No answer; your name servers do not provide NS records for your domain; this could screw up your recursion. --Augie On Wed, Nov 26, 2008 at 8:52 AM, Baird, Josh <[EMAIL PROTECTED]> wrote: > > Any ideas? > > -----Original Message----- > From: [EMAIL PROTECTED] on behalf of Baird, Josh > Sent: Mon 11/24/2008 5:06 PM > To: bert hubert > Cc: [email protected] > Subject: RE: [Pdns-users] PDNS & pdns-recursor on same machine problems > > > Bert, > > Sure.. running the recursor with --trace completely killed this box, but I > do believe I was able to get some data for you :) > > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] question for > 'oldbridgeinc.com.|A' from 172.15.64.11 > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Looking for CNAME cache hit of 'oldbridgeinc.com.|CNAME' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: No > CNAME cache hit of 'oldbridgeinc.com.|CNAME' found > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: No > cache hit for 'oldbridgeinc.com.|A', trying to find an appropriate NS record > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Checking if we have NS in cache for 'oldbridgeinc.com.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: no > valid/useful NS in cache for 'oldbridgeinc.com.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Checking if we have NS in cache for 'com.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS > (with ip, or non-glue) in cache for 'com.' -> 'a.gtld-servers.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > within bailiwick: 0, not in cache / did not look at cache > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS > (with ip, or non-glue) in cache for 'com.' -> 'b.gtld-servers.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > within bailiwick: 0, not in cache / did not look at cache > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS > (with ip, or non-glue) in cache for 'com.' -> 'c.gtld-servers.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > within bailiwick: 0, not in cache / did not look at cache > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS > (with ip, or non-glue) in cache for 'com.' -> 'd.gtld-servers.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > within bailiwick: 0, not in cache / did not look at cache > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS > (with ip, or non-glue) in cache for 'com.' -> 'e.gtld-servers.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > within bailiwick: 0, not in cache / did not look at cache > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS > (with ip, or non-glue) in cache for 'com.' -> 'f.gtld-servers.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > within bailiwick: 0, not in cache / did not look at cache > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS > (with ip, or non-glue) in cache for 'com.' -> 'g.gtld-servers.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > within bailiwick: 0, not in cache / did not look at cache > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS > (with ip, or non-glue) in cache for 'com.' -> 'h.gtld-servers.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > within bailiwick: 0, not in cache / did not look at cache > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS > (with ip, or non-glue) in cache for 'com.' -> 'i.gtld-servers.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > within bailiwick: 0, not in cache / did not look at cache > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS > (with ip, or non-glue) in cache for 'com.' -> 'j.gtld-servers.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > within bailiwick: 0, not in cache / did not look at cache > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS > (with ip, or non-glue) in cache for 'com.' -> 'k.gtld-servers.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > within bailiwick: 0, not in cache / did not look at cache > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS > (with ip, or non-glue) in cache for 'com.' -> 'l.gtld-servers.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > within bailiwick: 0, not in cache / did not look at cache > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: NS > (with ip, or non-glue) in cache for 'com.' -> 'm.gtld-servers.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > within bailiwick: 0, not in cache / did not look at cache > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: We > have NS in cache for 'com.' (flawedNSSet=0) > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Cache consultations done, have 13 NS to contact > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Nameservers: b.gtld-servers.net.(256ms), a.gtld-servers.net.(275ms), > d.gtld-servers.net.(287ms), > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] > oldbridgeinc.com.: g.gtld-servers.net.(300ms), > c.gtld-servers.net.(302ms), i.gtld-servers.net.(325ms), > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] > oldbridgeinc.com.: h.gtld-servers.net.(325ms), > j.gtld-servers.net.(354ms), f.gtld-servers.net.(363ms), > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] > oldbridgeinc.com.: e.gtld-servers.net.(599ms), > l.gtld-servers.net.(625ms), k.gtld-servers.net.(728ms), > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] > oldbridgeinc.com.: m.gtld-servers.net.(751ms) > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Trying to resolve NS 'b.gtld-servers.net.' (1/13) > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] b.gtld-servers.net.: > Looking for CNAME cache hit of 'b.gtld-servers.net.|CNAME' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] b.gtld-servers.net.: > No CNAME cache hit of 'b.gtld-servers.net.|CNAME' found > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] b.gtld-servers.net.: > Found cache hit for A: 192.33.14.30[ttl=172674] > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Resolved 'com.' NS b.gtld-servers.net. to: 192.33.14.30 > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Trying IP 192.33.14.30:53, asking 'oldbridgeinc.com.|A' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: Got > 4 answers from b.gtld-servers.net. (192.33.14.30), rcode=0, in 142ms > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > accept answer 'oldbridgeinc.com.|NS|ns1.jbdesign.net.' from 'com.' > nameservers? YES! > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > accept answer 'oldbridgeinc.com.|NS|ns2.jbdesign.net.' from 'com.' > nameservers? YES! > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > accept answer 'ns1.jbdesign.net.|A|72.29.72.189' from 'com.' nameservers? > NO! > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > accept answer 'ns2.jbdesign.net.|A|12.44.213.89' from 'com.' nameservers? > NO! > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > determining status after receiving this packet > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: got > NS record 'oldbridgeinc.com.' -> 'ns1.jbdesign.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: got > NS record 'oldbridgeinc.com.' -> 'ns2.jbdesign.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > status=did not resolve, got 2 NS, looping to them > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Nameservers: ns1.jbdesign.net.(0ms), ns2.jbdesign.net.(0ms) > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Trying to resolve NS 'ns1.jbdesign.net.' (1/2) > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: > Looking for CNAME cache hit of 'ns1.jbdesign.net.|CNAME' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: No > CNAME cache hit of 'ns1.jbdesign.net.|CNAME' found > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: No > cache hit for 'ns1.jbdesign.net.|A', trying to find an appropriate NS record > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: > Cache consultations done, have 1 NS to contact > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: > Nameservers: 72.29.72.189:53(-1172ms) > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: > Trying to resolve NS '72.29.72.189:53' (1/1) > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: > Domain has hardcoded nameserver(s) > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: > Resolved 'jbdesign.net.' NS 72.29.72.189:53 to: 72.29.72.189 > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: > Trying IP 72.29.72.189:53, asking 'ns1.jbdesign.net.|A' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: > query throttled > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: > Failed to resolve via any of the 1 offered NS at level 'jbdesign.net.' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns1.jbdesign.net.: > failed (res=-1) > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Failed to get IP for NS ns1.jbdesign.net., trying next if available > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Trying to resolve NS 'ns2.jbdesign.net.' (2/2) > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns2.jbdesign.net.: > Looking for CNAME cache hit of 'ns2.jbdesign.net.|CNAME' > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns2.jbdesign.net.: No > CNAME cache hit of 'ns2.jbdesign.net.|CNAME' found > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] ns2.jbdesign.net.: > Found cache hit for A: 12.44.213.89[ttl=86395] > Nov 24 16:58:31 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Resolved 'oldbridgeinc.com.' NS ns2.jbdesign.net. to: 12.44.213.89 > Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Trying IP 12.44.213.89:53, asking 'oldbridgeinc.com.|A' > Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > query throttled > Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Failed to resolve via any of the 2 offered NS at level 'oldbridgeinc.com.' > Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > Invalidating nameservers for level 'oldbridgeinc.com.', next query might > succeed > Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] oldbridgeinc.com.: > failed (res=-1) > Nov 24 16:58:32 thunder pdns_recursor[15262]: [1165] answer to question > 'oldbridgeinc.com.|A': 0 answers, 0 additional, took 1 packets, 2 throttled, > 0 timeouts, 0 tcp connections, rcode=2 > > It look's like it is trying to hand the query off to > ns1.jbdesign.net/ns2.jbdesign.net which is correct (ns2 runs on this same > box, on a different interface). This recursor IS able to resolve both NS1 > and NS2 (only because I have added jbdesign.net to the forwarders= option in > recursor.conf). Unfortuantly, dig didn't return any useful info probably > due to the fact that --trace made the recursor completely unresponsive, but > here is the output after I turned --trace off: > > [EMAIL PROTECTED]:/etc/rc.d/init.d$ dig oldbridgeinc.com @172.15.64.11 > > ; <<>> DiG 9.3.4-P1 <<>> oldbridgeinc.com @172.15.64.11 > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54661 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;oldbridgeinc.com. IN A > > ;; ANSWER SECTION: > oldbridgeinc.com. 86400 IN A 72.29.72.191 > > ;; Query time: 116 msec > ;; SERVER: 172.15.64.11#53(172.15.64.11) > ;; WHEN: Mon Nov 24 17:05:20 2008 > ;; MSG SIZE rcvd: 50 > > > Thanks, > > Josh > > > > -----Original Message----- > From: bert hubert [mailto:[EMAIL PROTECTED] > Sent: Mon 11/24/2008 4:43 PM > To: Baird, Josh > Cc: [email protected] > Subject: Re: [Pdns-users] PDNS & pdns-recursor on same machine problems > > On Mon, Nov 24, 2008 at 03:36:07PM -0600, Baird, Josh wrote: > >> I have a set of authoritative servers running PDNS. One of these servers >> is >> also running pdns-recursor which is bound to a separate IP address. The >> recursor is having problems resolving domains that the authoritative >> instance is authoritative for. Trying to resolve hostnames within these >> domains doesn't bail with a NXDOMAIN or a FAIL, but it just does not >> return >> an IP address: > > Josh, > > Can you run the recursor in '--trace' mode, and show the output when it > tries to resolve a domain for you that is hosted on the same machine? > > Instead of 'host', could you use 'dig', as in 'dig blah.com > @ip-address-of-recursor'? > > Dig is a little bit more verbose in its output. > >> Is there a way to make the recursor resolve these domains without manually >> forwarding each of them back to the IP address that the authoritative >> server >> is listening on? Shouldn't it use recursion for these queries? > > Yes, it should just work, without special configuration. > > Please let us know! > > Bert > > -- > http://www.PowerDNS.com Open source, database driven DNS Software > http://netherlabs.nl Open and Closed source services > > > > _______________________________________________ > Pdns-users mailing list > [email protected] > http://mailman.powerdns.com/mailman/listinfo/pdns-users > > -- Augie Schwer - [EMAIL PROTECTED] - http://schwer.us Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072 _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
