When you get SERVFAIL, do you see anything in /var/log/syslog or /var/log/messages
Aki On Thu, Oct 29, 2015 at 09:11:16PM +0100, Martin wrote: > > > Hi, > > Sure, one of the domains that is giving me trouble is hoofdluis.nl > > - dnssec is disabled for this backend in Powerdns config > > - here's a few lines from the 'records' table: > > | id | domain_id | name | type | content | ttl | prio | change_date | > disabled | ordername | auth | > +-----+-----------+------------------------+------+------------------------------------------------------------------------+-------+------+-------------+----------+-----------+------+ > | 349 | 38 | hoofdluis.nl | SOA | ns1.sonexo.eu info.sonexo.nl > 2015102902 10800 3600 604800 3600 | 86400 | 0 | 1446148124 | 0 | NULL | > 1 | > | 350 | 38 | hoofdluis.nl | NS | ns1.sonexo.eu | 86400 | 0 | 1446122706 > | 0 | NULL | 1 | > | 351 | 38 | hoofdluis.nl | NS | ns2.sonexo.com | 86400 | 0 | 1446122706 > | 0 | NULL | 1 | > | 352 | 38 | www.hoofdluis.nl | A | 185.27.174.120 | 86400 | 0 | > 1446122706 | 0 | NULL | 1 | > | 353 | 38 | hoofdluis.nl | A | 185.27.174.120 | 86400 | 0 | 1446122706 > | 0 | NULL | 1 | > | 355 | 38 | localhost.hoofdluis.nl | A | 127.0.0.1 | 86400 | 0 | > 1446122706 | 0 | NULL | 1 | > > - root@ns1:/etc/powerdns/pdns.d# pdnssec check-zone hoofdluis.nl > Checked 12 records of 'hoofdluis.nl', 0 errors, 0 warnings. > > I should probably add that we are running two backends, both MySQL on > the same server, spread out over two different databases. One backend is > more advanced and uses custom queries and dnssec but has no records > whatsoever for any of the domains in the second backend, and vice versa. > Advanced backend is queried first, regular one next. It'd be easy to > point to this as the source of the problem but I cannot find any clue > that it is causing problems since MySQL queries are ok and the first > (more advanced) backend does not return any data at all for the domain > hoofdluis.nl so the second backend is definitely in control. > > Martin > > On 29-10-2015 20:39, Aki Tuomi wrote: > > > Is it possible for you to provide actual data? Also, > > - have you turned on dnssec support? gmysql-dnssec=yes > > - can you provide the actual line(s) from mysql database > > - can you run pdnssec check-zone zone > > > > Aki > > > > On Thu, Oct 29, 2015 at 08:18:29PM +0100, Martin wrote: > > Hi, Thanks for your reply. I'm using Poweradmin and everything seems to be > > ok in the database, no mixup of types and content or anything. I forgot to > > add that if I query the authoritative nameserver for the domain directly, > > dig works as expected: dig a abc.example.com @ns1.mynsserver gives me the > > expected NXDOMAIN result. I have enabled MySQL query log and it appears > > that some queries are fired but somehow the requesting client is unable to > > determine who is authoritative or something. You see, when I use nslookup > > in debug mode this happens: ------------ QUESTIONS: abc.example.com, type = > > A, class = IN ANSWERS: AUTHORITY RECORDS: ADDITIONAL RECORDS: ------------ > > ** server can't find abc.example.com: SERVFAIL I would expect to at least > > get some authority records. Again, www.example.com [1]is working fine in > > nslookup & dig. Martin On 29-10-2015 18:12, bert hubert wrote: Hi Martin, > > You appear to have put domain names in the type field! The error messages > > say the type is > example.example.com. Bert On Oct 29, 2015 17:10, Martin > <[email protected]> wrote: Hi, I have setup a simple MySQL backend for a > domain with a few MX records, a couple of A records, two NS records and a SOA > record for the domain. All dig commands are run from a completely unrelated > server: dig a www.example.com [1] [1] is working: it returns the right A > record dig a example.com is working: it returns the right A record Now this > is where things go wrong: dig a abc.example.com returns a SERVFAIL but I am > expecting a NXDOMAIN response because there is no A record for > abc.example.com I checked the PowerDNS logs and this is there: Oct 29 > 16:44:45 ns1 pdns[27687]: Exception building answer packet (Unknown DNS type > 'example.example.com') sending out servfail Oct 29 16:44:45 ns1 pdns[27687]: > Exception building answer packet (Unknown DNS type 'example.example.com') > sending out servfail Oct 29 16:44:45 ns1 pdns[27687]: Exception building > answer packet (Unknown DNS type > 'example.example.com') sending out servfail Oct 29 16:44:45 ns1 pdns[27687]: > Exception building answ > er packet (Unknown DNS type 'example.example.com') sending out servfail > Oct 29 16:44:45 ns1 pdns[27687]: Exception building answer packet > (Unknown DNS type 'example.example.com') sending out servfail Five > messages with unknow dns type 'domain.domain.tld'. I have tried an > online tool like http://www.kloth.net/services/dig.php [3] [2] as well > and it generates the same error in the logs but only once instead of > five times. Can anyone point me in the right direction? I'm stumped. I'm > running the latest version on Debian. Thanks, Martin Links: ------ [1] > http://www.example.com [1] [2] http://www.kloth.net/services/dig.php [3] > > > > _______________________________________________ Pdns-users mailing list > > [email protected] > > http://mailman.powerdns.com/mailman/listinfo/pdns-users [2] > > > Links: > ------ > [1] http://www.example.com > [2] http://mailman.powerdns.com/mailman/listinfo/pdns-users > [3] http://www.kloth.net/services/dig.php > _______________________________________________ > Pdns-users mailing list > [email protected] > http://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
