Hi Peter, I guess I just do not understand. I added a similar CNAME record in our domain pointing to the same name domains.tumblr.com and here is what I get for the lookup:
> dig +norec a wombat1.rice.edu @ns1.rice.edu ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> +norec a wombat1.rice.edu @ns1.rice.edu ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36391 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;wombat1.rice.edu. IN A ;; ANSWER SECTION: wombat1.rice.edu. 3600 IN CNAME domains.tumblr.com. ;; AUTHORITY SECTION: . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net. ;; Query time: 1 msec ;; SERVER: 128.42.209.32#53(128.42.209.32) ;; WHEN: Wed Mar 21 08:14:18 2012 ;; MSG SIZE rcvd: 277 Note, it still does not return the A record IP address. I thought that the DNS lookup is to restart using the new value returned from the CNAME record, but in this case, it does not. The other noise in the authority section was me trying with send-root-referrals=lean. It does not sent NXDOMAIN in this case. If I instead remove the +norecurse option I get: > dig a wombat1.rice.edu @ns1.rice.edu ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> a wombat1.rice.edu @ns1.rice.edu ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 577 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;wombat1.rice.edu. IN A ;; AUTHORITY SECTION: rice.edu. 2699 IN SOA ns1.rice.edu. hostmaster.rice.edu. 2012030284 10800 900 3600000 3600 ;; Query time: 1 msec ;; SERVER: 128.42.209.32#53(128.42.209.32) ;; WHEN: Wed Mar 21 08:22:46 2012 ;; MSG SIZE rcvd: 85 Which is still returning NXDOMAIN, even though the A record for domains.tumblr.com does exist: > dig a domains.tumblr.com @ns1.rice.edu ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5 <<>> a domains.tumblr.com @ns1.rice.edu ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29239 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;domains.tumblr.com. IN A ;; ANSWER SECTION: domains.tumblr.com. 600 IN A 66.6.44.4 ;; Query time: 9 msec ;; SERVER: 128.42.209.32#53(128.42.209.32) ;; WHEN: Wed Mar 21 08:23:50 2012 ;; MSG SIZE rcvd: 52 Why doesn't the recursor restart with the CNAME results? Regards, Ken On Wed, Mar 21, 2012 at 11:22:17AM +0100, Peter van Dijk wrote: > Hello Ken, > > On Mar 20, 2012, at 19:10 , k...@rice.edu wrote: > > > I am investigating a CNAME resolution problem using > > PDNS Recursor 3.3.1. Here is the lookup that fails: > > > >> nslookup blog.mythandsymbol.com > > Server: 127.0.0.1 > > Address: 127.0.0.1#53 > > > > ** server can't find blog.mythandsymbol.com: NXDOMAIN > > Recursor is returning NXDOMAIN because that's what ns1-3.dreamhost.com, the > auths for mythandsymbol.com, are returning: > > $ dig +norec a blog.mythandsymbol.com @ns1.dreamhost.com > ; <<>> DiG 9.7.0-P1 <<>> +norec a blog.mythandsymbol.com @ns1.dreamhost.com > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40440 > ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;blog.mythandsymbol.com. IN A > > ;; ANSWER SECTION: > blog.mythandsymbol.com. 14400 IN CNAME domains.tumblr.com. > > ;; AUTHORITY SECTION: > tumblr.com. 14400 IN SOA ns1.dreamhost.com. > hostmaster.dreamhost.com. 2011092301 21293 1800 1814400 14400 > > ;; Query time: 168 msec > ;; SERVER: 66.33.206.206#53(66.33.206.206) > ;; WHEN: Wed Mar 21 11:20:51 2012 > ;; MSG SIZE rcvd: 130 > > > They are returning NXDOMAIN because somebody configured tumblr.com as a zone > in their name server, without adding a 'domains' name in it. Recursor 3.4-pre > and newer (and perhaps 3.3) compensate for this misconfiguration, older > versions do not. > > I suggest contacting dream host to have them get rid of tumblr.com; I also > suggest upgrading your recursor because there are many more misconfigured > domains like this one out there. > > Kind regards, > Peter van Dijk > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > http://mailman.powerdns.com/mailman/listinfo/pdns-users > _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
