Re: [Pdns-users] exception building answer packet

Fri, 25 Mar 2016 07:16:06 -0700 

Hello Steve,
do you still have the ‘broken’ database contents from before your rectify? Those would be useful in figuring out whether there’s a bug! 

Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

On 25 Mar 2016, at 4:07, Steve Atkins wrote:


pdnssec rectify-zone makes the problem go away, which fixes it for me.


It feels like there's still an underlying bug somewhere in the dnssec 
sql or surrounding code, though.


Cheers,
  Steve


On Mar 24, 2016, at 7:54 PM, Steve Atkins <[email protected]> wrote:


I'm using a postgresql backend, and I have several zones configured 
to use dnssec.



Queries for resource records that exist work perfectly. The verisign 
online checker says my dnssec is good.



If I query for a resource record that doesn't exist without using 
dnssec - either one where there are no RRs with a matching name or 
one where there are RRs with a matching name but none also have a 
matching type - I get the expected NXDOMAIN or NOERROR result.


If I run the same query with dnssec then I get a servfail.


With log level 9, and log-dns-details and log-dns-queries on, I get 
this in the log:



Mar 24 19:35:49 ns pdns[30538]: Remote 184.105.179.144 wants 
'foo.blighty.com|A', do = 1, bufsize = 1680: packetcache MISS
Mar 24 19:35:49 ns pdns[30538]: Exception building answer packet 
(Unknown DNS type '.blighty.com') sending out servfail



I see this with version 3.4.6 and 3.4.8. It looks like someone else 
had a similar issue here: 
https://mailman.powerdns.com/pipermail/pdns-users/2015-October/011747.html



It's a new installation, but the data has been around for a few 
years. There are no custom SQL queries.



There is no record in the database with type '.blighty.com' - all 
non-null types are expected A, TXT, PTR, etc. There are some records 
where the type is null, though.



Clearly it's getting garbage from the database, but only when 
building a dnssec response where there are no matching RRs.



Before I set up a testbed server to work out what's going on, does 
any of this ring any bells with anyone?


Cheers,
 Steve

_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users


_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users

_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users






















					Reply via email to