Re: [Pdns-users] pdns-recursor 3.7.4 on Redhat Linux always returns SERVFAIL for AAAA lookups

[David]

On 2017-08-16 10:29 AM, David wrote:
On 2017-08-16 10:15 AM, Brian Candler wrote:
On 16/08/2017 17:11, Kenneth Marshall wrote:
I am investigating a caching problem and the cause is that
the 3.7.4 recursor returns a SERVFAIL error for a AAAA lookup.
The AAAA record does not exist, but an A record does.

It seems from your lua script that you are having problems with one
particular domain, not all domains.  Can you share what that domain is?
Is it possible that the authoritative server for that domain is not
correctly responding to AAAA queries?

This can happen if you get a server that gets flagged as lame, which for
AAAA records means either aa=0, and (I think) no data response at all
(no SOA, etc). Lots of load balancers are bad for this, and you'll also
have these issues with using forward-zones on that version as well.

We had some sensitive clients to servfail's in this version too, and we
did a postresolve to just... make them look correct (internal junk only).

This example is almost exactly the same as some you'll find from years
ago for fixing responses from outlook.com



Reference: 
https://mailman.powerdns.com/pipermail/pdns-announce/2014-December/000717.html

which includes the original script that does it based on domain name 
(not request IP like I have below).



fixupshosts = {}
function addToSet(set, key)
     set[key] = true
end

function removeFromSet(set, key)
      set[key] = nil
end

function setContains(set, key)
         return set[key] ~= nil
end


addToSet(fixupshosts, "10.10.10.10");

-- records contains the entire packet, ready for your modifying pleasure
function postresolve ( remoteip, domain, qtype, records, origrcode )
--      print ("postresolve called for: ", remoteip, getlocaladdress(),
-- domain, qtype, origrcode, pdns.loglevels.Info)

        if(qtype== pdns.AAAA and origrcode==pdns.SERVFAIL and
setContains(fixupshosts, remoteip))
         then
                 setvariable()
                 origrcode=0;
         end
         return origrcode, records
end



Or, can you replicate this problem with all third-party domain names
which have A but not AAAA records?

_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users