Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN
Am 22.06.2021 um 17:27 schrieb Brian Candler: On 22/06/2021 16:16, Thomas via Pdns-users wrote: Thanks for the clarification, but this scares me. How can I have configured the server in a way it thinks it is authoritative for the entire Internet? It should be authoritative for zur-sonne.it and the other 2500 domains we have, sihosting.cloud is not part of the domains we host Check your configs and database, see if you have a zone "" or "." As misconfigurations go, this isn't a very scary one. You should never be receiving queries at this nameserver for domains that you're not authoritative for - that is, unless someone has wrongly pointed NS records at this server. However it might trip you up if you point one of your *own* domains at this server, but haven't yet added the zone, and some proportion of queries which hit this server get an authoritative NXDOMAIN response, which the user will see as "this site cannot be reached" or similar. Checked the database as I too thought there must be a "" or "." zone as you have written, but there is none. Strange, but I will leave this as it is for the moment. Will look a little bit more into it the comming days. Thanks for your help, Thomas ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN
On 22/06/2021 16:16, Thomas via Pdns-users wrote: Thanks for the clarification, but this scares me. How can I have configured the server in a way it thinks it is authoritative for the entire Internet? It should be authoritative for zur-sonne.it and the other 2500 domains we have, sihosting.cloud is not part of the domains we host Check your configs and database, see if you have a zone "" or "." As misconfigurations go, this isn't a very scary one. You should never be receiving queries at this nameserver for domains that you're not authoritative for - that is, unless someone has wrongly pointed NS records at this server. However it might trip you up if you point one of your *own* domains at this server, but haven't yet added the zone, and some proportion of queries which hit this server get an authoritative NXDOMAIN response, which the user will see as "this site cannot be reached" or similar. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN
Thanks for the clarification, but this scares me. How can I have configured the server in a way it thinks it is authoritative for the entire Internet? It should be authoritative for zur-sonne.it and the other 2500 domains we have, sihosting.cloud is not part of the domains we host Am 22.06.2021 um 17:05 schrieb Brian Candler: On 22/06/2021 15:54, Thomas wrote: Doing a "dig www.zur-sonne.it +nostats +nocomments +nocmd @localhost" I (think) get correct result: ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.zur-sonne.it +nostats +nocomments +nocmd @localhost ;; global options: +cmd ;www.zur-sonne.it. IN A www.zur-sonne.it. 10800 IN CNAME cms-v2.sihosting.cloud. And nslookup can not resolve cms-v2.sihosting.cloud as I pointed it to localhost to query from. Correct? I believe you're right. nslookup thinks it's talking to a recursive nameserver, and wants to chase the CNAME record. However I would not have expected an NXDOMAIN response here; your nameserver ought to have returned REFUSED. It seems like you've made your nameserver authoritative for the entire DNS (or at least, for sihosting.cloud) For that dig command line, when talking to an authoritative nameserver, I'd also recommend you add the "+norec" flag, which makes it explicit that you don't want to recurse. Am 22.06.2021 um 16:54 schrieb Thomas via Pdns-users: Am 22.06.2021 um 16:16 schrieb Brian Candler: On 22/06/2021 14:55, Thomas via Pdns-users wrote: I have upgraded pdns authoritative server from version 4.3 to version 4.4.1 on CentOS 7, MySQL is the backend. If I query a CNAME record on both servers I get the following error (do not remember if it worked before the upgrade): [root@pdns1 log]# nslookup www.example.it localhost Server: localhost Address: ::1#53 www.example.it canonical name = cms-v2.externaldomain.cloud. ** server can't find cms-v2.externaldomain.cloud: NXDOMAIN Firstly, please don't hide domains: see https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/ Secondly, which of those domains is your server authoritative for? PowerDNS will not attempt to follow CNAME records. General recursion was removed in Authoritative Server 4.1. (It will send queries for ALIAS records, but only if you've configured it with a recursor to use). Sorry, was not aware of that. So let me try again Doing a "dig www.zur-sonne.it +nostats +nocomments +nocmd @localhost" I (think) get correct result: ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.zur-sonne.it +nostats +nocomments +nocmd @localhost ;; global options: +cmd ;www.zur-sonne.it. IN A www.zur-sonne.it. 10800 IN CNAME cms-v2.sihosting.cloud. And nslookup can not resolve cms-v2.sihosting.cloud as I pointed it to localhost to query from. Correct? Where is the stick I could hit myself? Feeling stupidShould not do this with more than 30° Celsius temperature. Thanks and sorry for the noise, Thomas ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN
On 22/06/2021 15:54, Thomas wrote: Doing a "dig www.zur-sonne.it +nostats +nocomments +nocmd @localhost" I (think) get correct result: ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.zur-sonne.it +nostats +nocomments +nocmd @localhost ;; global options: +cmd ;www.zur-sonne.it. IN A www.zur-sonne.it. 10800 IN CNAME cms-v2.sihosting.cloud. And nslookup can not resolve cms-v2.sihosting.cloud as I pointed it to localhost to query from. Correct? I believe you're right. nslookup thinks it's talking to a recursive nameserver, and wants to chase the CNAME record. However I would not have expected an NXDOMAIN response here; your nameserver ought to have returned REFUSED. It seems like you've made your nameserver authoritative for the entire DNS (or at least, for sihosting.cloud) For that dig command line, when talking to an authoritative nameserver, I'd also recommend you add the "+norec" flag, which makes it explicit that you don't want to recurse. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN
Am 22.06.2021 um 16:16 schrieb Brian Candler: On 22/06/2021 14:55, Thomas via Pdns-users wrote: I have upgraded pdns authoritative server from version 4.3 to version 4.4.1 on CentOS 7, MySQL is the backend. If I query a CNAME record on both servers I get the following error (do not remember if it worked before the upgrade): [root@pdns1 log]# nslookup www.example.it localhost Server: localhost Address: ::1#53 www.example.it canonical name = cms-v2.externaldomain.cloud. ** server can't find cms-v2.externaldomain.cloud: NXDOMAIN Firstly, please don't hide domains: see https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/ Secondly, which of those domains is your server authoritative for? PowerDNS will not attempt to follow CNAME records. General recursion was removed in Authoritative Server 4.1. (It will send queries for ALIAS records, but only if you've configured it with a recursor to use). Sorry, was not aware of that. So let me try again Doing a "dig www.zur-sonne.it +nostats +nocomments +nocmd @localhost" I (think) get correct result: ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.zur-sonne.it +nostats +nocomments +nocmd @localhost ;; global options: +cmd ;www.zur-sonne.it. IN A www.zur-sonne.it. 10800 IN CNAME cms-v2.sihosting.cloud. And nslookup can not resolve cms-v2.sihosting.cloud as I pointed it to localhost to query from. Correct? Where is the stick I could hit myself? Feeling stupidShould not do this with more than 30° Celsius temperature. Thanks and sorry for the noise, Thomas ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN
On 22/06/2021 14:55, Thomas via Pdns-users wrote: I have upgraded pdns authoritative server from version 4.3 to version 4.4.1 on CentOS 7, MySQL is the backend. If I query a CNAME record on both servers I get the following error (do not remember if it worked before the upgrade): [root@pdns1 log]# nslookup www.example.it localhost Server: localhost Address: ::1#53 www.example.it canonical name = cms-v2.externaldomain.cloud. ** server can't find cms-v2.externaldomain.cloud: NXDOMAIN Firstly, please don't hide domains: see https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/ Secondly, which of those domains is your server authoritative for? PowerDNS will not attempt to follow CNAME records. General recursion was removed in Authoritative Server 4.1. (It will send queries for ALIAS records, but only if you've configured it with a recursor to use). ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users