Hello Sebastian, On Nov 27, 2012, at 19:10 , Sebastian Heil wrote: > That is how I expect the Query to be. But if I query one of the > Superslaves in Front of this setup I get the following: > > ~$ dig non-existing.workstation.whnetz @dns1.idmz.whnetz > > ; <<>> DiG 9.6-ESV-R4 <<>> non-existing.workstation.whnetz @dns1.idmz.whnetz > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57659 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;non-existing.workstation.whnetz. IN A > > ;; Query time: 6 msec > ;; SERVER: 10.99.1.2#53(10.99.1.2) > ;; WHEN: Tue Nov 27 18:37:02 2012 > ;; MSG SIZE rcvd: 49 > > > Here I expect that I also get an NXDOMAIN output. > > Can you explain why there is no NXDOMAIN answer and/or no SOA for the zone? > Or can you help me to debug this case further?
The lack of SOA suggests PowerDNS (on the slave) does not feel authoritative for the zone. Without authority, it's not allowed to send NXDOMAIN. So, the question is: does your slave feel any sense of authority? Does it answer positive questions correctly? Does it still do so when you add +norec to your queries? Furthermore, any logging appearing on the slave during a request (either for an existing or a non-existing name) might be interesting. Also, any logging about the zone transfer failing or succeeding, mostly on the slaves, would be useful to see. One final note - 2.9.21.2 is pretty old. Newer versions, especially 3.0 and up, contain hundreds of bug fixes in many areas. Please consider upgrading. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
