Thomas, As discussed before, sending out an NXDOMAIN means just that, an NXDOMAIN. Please don't do it.
I don't think it would be a good idea to make PowerDNS "broken". If you want to do it personally, apply this patch and recompile: --- ../syncres.cc 2010-09-16 17:17:38.496153009 +0200 +++ syncres.cc 2010-09-22 17:30:37.506153002 +0200 @@ -1083,7 +1083,7 @@ LOG<<prefix<<qname<<": status=got results, this level of recursion done"<<endl; return 0; } - if(lwr.d_rcode==RCode::NXDomain) { + if(lwr.d_rcode==RCode::NXDomain && newtarget.empty()) { LOG<<prefix<<qname<<": status=NXDOMAIN, we are done "<<(negindic ? "(have negative SOA)" : "")<<endl; return RCode::NXDomain; } It fixes your problem Good luck! On Wed, Sep 22, 2010 at 05:08:23PM +0200, Thomas Mieslinger wrote: > Hi Bert, > > an example is db686.XXX.de. From the authorative Nameserver > you will get NXDomain and AUTHORTIY = 1, but internally > db686.YYY.de is known. > > Would you add an option to try recursing cnames even if an answer > has the authority bit set? > > Regards Thomas > > On 09/22/10 04:54 PM, bert hubert wrote: > >Thomas, > > > >Please provide real domain names, otherwise I can't test. > > > >Kind regards, > > > >Bert Hubert > > > >On Wed, Sep 22, 2010 at 04:53:22PM +0200, Thomas Mieslinger wrote: > >>On 09/20/10 07:53 AM, bert hubert wrote: > >>>On Mon, Sep 20, 2010 at 07:32:51AM +0200, Thomas Mieslinger wrote: > >>>>we're using pdns recursor for out company internal name resolution. > >>>>[..] > >>>>containing answer has the NXDOMAIN Bit set. > >>> > >>>Can you elaborate a bit more? I think this issue is ""fixed"" in 3.3, which > >>>[..] > >>>Let me know if this solves your problem. > >> > >>Hi Bert, > >> > >>I installed pdns_recursor 3.3-rc3 from svn.powerdns.com. Sorry, my > >>Problem isn't gone... > >> > >>I did some packet dumping ... > >> > >>dig db686.XXX.de @recursor > >> > >>tcpdump on the recursor: > >>IP recursor.38240> authdns.53: 19990 A? db686.XXX.de. (38) > >>IP authdns.53> recursor.38240: 19990 NXDomain*- 1/1/0 CNAME[|domain] > >> > >>The answer packet contains > >> > >>db686.XXX.de IN CNAME db686.YYY.de > >> > >>And has the AUTHORITY bit set. > >> > >>At this point I would like the recursor to try another resolution > >>with db686.YYY.de but that would probably break the code and the > >>idea behind DNS. > >> > >>So now, that I understood my problem, I don't think the code needs > >>to be fixed :-( > >> > >>Regards Thomas > >> > >>-- > >>Thomas Mieslinger > >> > >>1&1 Internet AG - IT Operations Data Services Infrastructure > >>Brauerstraße 48 · DE-76135 Karlsruhe > >>Telefon: +49 721 91374 4404 > >>thomas.mieslin...@1und1.de > >> > >>Amtsgericht Montabaur / HRB 6484 > >>Vorstände: Henning Ahlert, Ralph Dommermuth, Matthias Ehrlich, > >>Thomas Gottschlich, Robert Hoffmann, Markus Huhn, Hans-Henning > >>Kettler, Dr. Oliver Mauss, Jan Oetjen > >>Aufsichtsratsvorsitzender: Michael Scheeren > >>_______________________________________________ > >>Pdns-users mailing list > >>Pdns-users@mailman.powerdns.com > >>http://mailman.powerdns.com/mailman/listinfo/pdns-users > > > -- > Thomas Mieslinger > > 1&1 Internet AG - IT Operations Data Services Infrastructure > Brauerstraße 48 · DE-76135 Karlsruhe > Telefon: +49 721 91374 4404 > thomas.mieslin...@1und1.de > > Amtsgericht Montabaur / HRB 6484 > Vorstände: Henning Ahlert, Ralph Dommermuth, Matthias Ehrlich, > Thomas Gottschlich, Robert Hoffmann, Markus Huhn, Hans-Henning > Kettler, Dr. Oliver Mauss, Jan Oetjen > Aufsichtsratsvorsitzender: Michael Scheeren > _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users