> On Mar 25, 2016, at 7:15 AM, Peter van Dijk <[email protected]> > wrote: > > Hello Steve, > > do you still have the ‘broken’ database contents from before your rectify? > Those would be useful in figuring out whether there’s a bug!
I have several backups that might have that data. I'm planning on building a test server and loading them up to see if I can replicate the problem. If I get a test case I'll share. Cheers, Steve > > Kind regards, > -- > Peter van Dijk > PowerDNS.COM BV - https://www.powerdns.com/ > > On 25 Mar 2016, at 4:07, Steve Atkins wrote: > >> pdnssec rectify-zone makes the problem go away, which fixes it for me. >> >> It feels like there's still an underlying bug somewhere in the dnssec sql or >> surrounding code, though. >> >> Cheers, >> Steve >> >>> On Mar 24, 2016, at 7:54 PM, Steve Atkins <[email protected]> wrote: >>> >>> I'm using a postgresql backend, and I have several zones configured to use >>> dnssec. >>> >>> Queries for resource records that exist work perfectly. The verisign online >>> checker says my dnssec is good. >>> >>> If I query for a resource record that doesn't exist without using dnssec - >>> either one where there are no RRs with a matching name or one where there >>> are RRs with a matching name but none also have a matching type - I get the >>> expected NXDOMAIN or NOERROR result. >>> >>> If I run the same query with dnssec then I get a servfail. >>> >>> With log level 9, and log-dns-details and log-dns-queries on, I get this in >>> the log: >>> >>> Mar 24 19:35:49 ns pdns[30538]: Remote 184.105.179.144 wants >>> 'foo.blighty.com|A', do = 1, bufsize = 1680: packetcache MISS >>> Mar 24 19:35:49 ns pdns[30538]: Exception building answer packet (Unknown >>> DNS type '.blighty.com') sending out servfail >>> >>> I see this with version 3.4.6 and 3.4.8. It looks like someone else had a >>> similar issue here: >>> https://mailman.powerdns.com/pipermail/pdns-users/2015-October/011747.html >>> >>> It's a new installation, but the data has been around for a few years. >>> There are no custom SQL queries. >>> >>> There is no record in the database with type '.blighty.com' - all non-null >>> types are expected A, TXT, PTR, etc. There are some records where the type >>> is null, though. >>> >>> Clearly it's getting garbage from the database, but only when building a >>> dnssec response where there are no matching RRs. >>> >>> Before I set up a testbed server to work out what's going on, does any of >>> this ring any bells with anyone? >>> >>> Cheers, >>> Steve >>> >>> _______________________________________________ >>> Pdns-users mailing list >>> [email protected] >>> https://mailman.powerdns.com/mailman/listinfo/pdns-users >> >> _______________________________________________ >> Pdns-users mailing list >> [email protected] >> https://mailman.powerdns.com/mailman/listinfo/pdns-users > _______________________________________________ > Pdns-users mailing list > [email protected] > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
