Hi! Can you please try with trace?
rec_control trace-regex ebay.com This will generate lots of logs, so remember to turn it off. Aki On Thu, Nov 21, 2013 at 02:52:23PM +0100, Francois Claire wrote: > Hi, > > > I'm currently testing PowerDNS recursor to see if it can be used in > my production environment. > > I've found one problem which is blocking: it's unable to resolve > thumbs.g.ebay.com. and replies with an NXDOMAIN. > > > Here's the overall packet exchange for this resolution (cache is empty): > 14:13:37.736863 IP A.B.C.D.59962 > W.X.Y.Z.53: 38849+ A? > thumbs.g.ebay.com. (35) > 14:13:37.740840 IP W.X.Y.Z.43796 > 192.58.128.30.53: 35832 [1au] A? > thumbs.g.ebay.com. (54) > 14:13:37.744086 IP 192.58.128.30.53 > W.X.Y.Z.43796: 35832- 0/13/16 (534) > 14:13:37.749991 IP W.X.Y.Z.50992 > 192.41.162.30.53: 18765 [1au] A? > thumbs.g.ebay.com. (54) > 14:13:37.849736 IP 192.41.162.30.53 > W.X.Y.Z.50992: 18765- 0/6/7 (292) > 14:13:37.853289 IP W.X.Y.Z.62858 > 66.135.215.5.53: 11952 [1au] A? > thumbs.g.ebay.com. (54) > 14:13:38.021033 IP 66.135.215.5.53 > W.X.Y.Z.62858: 11952- 0/3/4 (145) > 14:13:38.023503 IP W.X.Y.Z.4994 > 66.211.167.40.53: 26515 [1au] A? > thumbs.g.ebay.com. (54) > 14:13:38.196462 IP 66.211.167.40.53 > W.X.Y.Z.4994: 26515 NXDomain*- > 0/1/1 (96) > 14:13:38.198210 IP W.X.Y.Z.53 > A.B.C.D.59962: 38849 NXDomain 0/1/0 (85) > > Machine A.B.C.D is the client, W.X.Y.Z the powerDNS server. > > So the client asks the powerDNS recursor to resolve thumbs.g.ebay.com.: > 14:13:37.736863 IP A.B.C.D.59962 > W.X.Y.Z.53: 38849+ A? > thumbs.g.ebay.com. (35) > > The powerDNS recursor starts recursion and asks a com. authoritative > DNS server (192.58.128.30) which replies with the NS records for > .ebay.com. zone: > 14:13:37.740840 IP W.X.Y.Z.43796 > 192.58.128.30.53: 35832 [1au] A? > thumbs.g.ebay.com. (54) > 14:13:37.744086 IP 192.58.128.30.53 > W.X.Y.Z.43796: 35832- 0/13/16 (534) > > The powerDNS recursor asks a ebay.com. DNS server (192.41.162.30): > 14:13:37.749991 IP W.X.Y.Z.50992 > 192.41.162.30.53: 18765 [1au] A? > thumbs.g.ebay.com. (54) > 14:13:37.849736 IP 192.41.162.30.53 > W.X.Y.Z.50992: 18765- 0/6/7 (292) > > Then a g.ebay.com. server (66.135.215.5): > 14:13:37.853289 IP W.X.Y.Z.62858 > 66.135.215.5.53: 11952 [1au] A? > thumbs.g.ebay.com. (54) > 14:13:38.021033 IP 66.135.215.5.53 > W.X.Y.Z.62858: 11952- 0/3/4 (145) > > Then finally it asks the g2.ebay.com. DNS server (66.211.167.40) to > resolve thumbs.g.ebay.com.: > 14:13:38.023503 IP W.X.Y.Z.4994 > 66.211.167.40.53: 26515 [1au] A? > thumbs.g.ebay.com. (54) > 14:13:38.196462 IP 66.211.167.40.53 > W.X.Y.Z.4994: 26515 NXDomain*- > 0/1/1 (96) > > This g2.ebay.com. server answers an NXDomain, so the powerDNS > recursor forwards this answer to the client machine: > 14:13:38.198210 IP W.X.Y.Z.53 > A.B.C.D.59962: 38849 NXDomain 0/1/0 (85) > > > > > However when using dig, the g2.ebay.com. DNS server answers a CNAME record: > > $ dig @66.211.167.40 thumbs.g.ebay.com > > ; <<>> DiG 9.8.4-P2 <<>> @66.211.167.40 thumbs.g.ebay.com > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58678 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;thumbs.g.ebay.com. IN A > > ;; ANSWER SECTION: > thumbs.g.ebay.com. 60 IN CNAME c.ebay.georedirector.akadns.net. > > ;; Query time: 177 msec > ;; SERVER: 66.211.167.40#53(66.211.167.40) > ;; WHEN: Thu Nov 21 14:41:08 2013 > ;; MSG SIZE rcvd: 80 > > > And when using google's DNS 8.8.8.8, the name thumbs.g.ebay.com. > resolves well: > > $ dig @8.8.8.8 thumbs.g.ebay.com > > ; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 thumbs.g.ebay.com > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19911 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;thumbs.g.ebay.com. IN A > > ;; ANSWER SECTION: > thumbs.g.ebay.com. 41 IN CNAME c.ebay.georedirector.akadns.net. > c.ebay.georedirector.akadns.net. 1781 IN CNAME a1223.cp.akamai.net. > a1223.cp.akamai.net. 1 IN A 46.33.69.218 > a1223.cp.akamai.net. 1 IN A 46.33.69.186 > a1223.cp.akamai.net. 1 IN A 46.33.69.201 > > ;; Query time: 45 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Thu Nov 21 14:48:37 2013 > ;; MSG SIZE rcvd: 158 > > > So why is the powerDNS recursor receiving an NXDomain ? Is its query > malformed ? > > > > To reproduce the problem is easy: just use the "dig > thumbs.g.ebay.com" command on your pdns_recursor server. > > > > > _______________________________________________ > Pdns-users mailing list > [email protected] > http://mailman.powerdns.com/mailman/listinfo/pdns-users >
signature.asc
Description: Digital signature
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
