Hi Richard, Kees,
In snapshot 2224, we now do exactly what BIND does, for better or worse. At
least if this is wrong, we're in the same camp now ;-)
Thanks for reporting this issue.
Bert
On Thu, Jul 07, 2011 at 01:26:22PM +0200, bert hubert wrote:
> Hi Richard,
>
> As a very quick fix, please set send-root-referral=lean
> This works around the issue according to one user.
>
> This issue is actually the second to last issue holding up the real 3.0
> release.
>
> Please let us know if 'send-root-referral=lean' fixes the problem for you.
>
> Bert
>
> On Wed, Jul 06, 2011 at 04:18:30PM +0100, Richard Poole wrote:
> > I've been trying out PowerDNS 3.0 and I've found a change in the handling
> > of CNAME records which seems to break some recursors, including the
> > PowerDNS recursor.
> >
> > In 2.9.22.x3, the last release before 3.0, the behaviour when asked for
> > a name which has an associated CNAME record pointing to a zone for which
> > this nameserver is not authoritative is as follows: if the RD flag is set
> > in the query, it gives SERVFAIL, does not set the AA flag, and returns
> > only the single CNAME record in the ANSWER section with no AUTHORITY or
> > ADDITIONAL records. If the RD flag is *not* set, it gives NOERROR, sets
> > the AA flag, and returns the root server information in the AUTHORITY and
> > ADDITIONAL sections along with the CNAME record in the ANSWER section. The
> > pdns recursor does not set the RD flag so it sees the latter response,
> > and makes its own queries to resolve the right-hand side of the CNAME
> > record. It then returns the desired response to the original query which
> > it was trying to resolve.
> >
> > In 3.0rc2, the behaviour does not depend on the RD flag: it gives
> > SERVFAIL, sets the AA flag, and returns only the single CNAME record. The
> > latest svn snapshot modifies this behaviour to not set the AA flag but
> > is otherwise the same. The pdns recursor, on seeing either of these
> > responses, returns SERVFAIL and no ANSWER records to the original query.
> >
> > I'm using recursor verion 3.2 but the changelogs don't seem to indicate
> > a change between then and now.
> >
> > The resulting effect is that when asking an authoritative pdns server
> > through a pdns recursor, the usual case inside our network, these CNAME
> > records don't work at all. I'm not sure which part of pdns is misbehaving
> > here, either according to RFCs or to common practice, but I think one
> > of them must be. I *think* it is the authoritative server that is in
> > the wrong, because we had customers who are presumably behind different
> > recursors reporting problems. I've now gone back to 2.9.22.x3 for live
> > but I'd like to get to 3.0 because we want to offer DNSSEC to customers
> > if we can. Any thoughts, anyone?
> >
> > --
> > Richard Poole
> > System Administrator
> > Heart Internet Ltd
> > [email protected]
> > http://www.heartinternet.co.uk/
> > Tel: 0845 644 7750
> > Fax: 0845 644 7740
> >
> > ******************************************************************
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom
> > they are addressed. If you are not the intended recipient you are
> > not authorised to and must not disclose, copy, distribute, or
> > retain this message or any part of it.
> >
> > Heart Internet Ltd accepts no responsibility for information,
> > errors or omissions in this email.
> > ******************************************************************
>
>
>
> > _______________________________________________
> > Pdns-users mailing list
> > [email protected]
> > http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
> _______________________________________________
> Pdns-users mailing list
> [email protected]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
