Re: [Pdns-users] pdns-recursor 3.7.4 on Redhat Linux always returns SERVFAIL for AAAA lookups

Wed, 16 Aug 2017 13:06:00 -0700 

On Wed, Aug 16, 2017 at 05:15:41PM +0100, Brian Candler wrote:
> On 16/08/2017 17:11, Kenneth Marshall wrote:
> >I am investigating a caching problem and the cause is that
> >the 3.7.4 recursor returns a SERVFAIL error for a AAAA lookup.
> >The AAAA record does not exist, but an A record does.
> 
> It seems from your lua script that you are having problems with one
> particular domain, not all domains.  Can you share what that domain
> is?  Is it possible that the authoritative server for that domain is
> not correctly responding to AAAA queries?
> 
> Or, can you replicate this problem with all third-party domain names
> which have A but not AAAA records?
> 
Hi,

Here is what dig says to the nameserver:

dig -t AAAA file-open.rice.edu @open-ssip.rice.edu

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> -t AAAA file-open.rice.edu 
@open-ssip.rice.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7867
;; flags: qr aa ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;file-open.rice.edu.            IN      AAAA

;; AUTHORITY SECTION:
file-open.rice.edu.     3600    IN      NS      open-ssip.rice.edu.

;; ADDITIONAL SECTION:
open-ssip.rice.edu.     3600    IN      A       10.130.96.5

;; Query time: 1 msec
;; SERVER: 10.130.96.5#53(10.130.96.5)
;; WHEN: Wed Aug 16 14:58:56 CDT 2017
;; MSG SIZE  rcvd: 102


And here is the result from the recursor:

dig -t AAAA file-open.rice.edu @localhost

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> -t AAAA file-open.rice.edu 
@localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45440
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;file-open.rice.edu.            IN      AAAA

;; AUTHORITY SECTION:
rice.edu.               3600    IN      SOA     ns1.rice.edu. 
hostmaster.rice.edu. 2017169724 14400 3600 1200000 3600

;; Query time: 49 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Aug 16 15:01:45 CDT 2017
;; MSG SIZE  rcvd: 87

I have the following in the recursor.conf:

forward-zones=+file-open.rice.edu=10.130.96.5

The NXDOMAIN error is cached on the client so it blocks any attempt to
lookup the A record, which does exist. Returning the empty result caches
the fact that the AAAA does not exist but there are other records.

Regards,
Ken
_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to