Hi,
Sure, one of the domains that is giving me trouble is hoofdluis.nl
- dnssec is disabled for this backend in Powerdns config
- here's a few lines from the 'records' table:
| id | domain_id | name | type | content | ttl | prio | change_date |
disabled | ordername | auth |
+-----+-----------+------------------------+------+------------------------------------------------------------------------+-------+------+-------------+----------+-----------+------+
| 349 | 38 | hoofdluis.nl | SOA | ns1.sonexo.eu info.sonexo.nl
2015102902 10800 3600 604800 3600 | 86400 | 0 | 1446148124 | 0 | NULL
|
1 |
| 350 | 38 | hoofdluis.nl | NS | ns1.sonexo.eu | 86400 | 0 |
1446122706
| 0 | NULL | 1 |
| 351 | 38 | hoofdluis.nl | NS | ns2.sonexo.com | 86400 | 0 |
1446122706
| 0 | NULL | 1 |
| 352 | 38 | www.hoofdluis.nl | A | 185.27.174.120 | 86400 | 0 |
1446122706 | 0 | NULL | 1 |
| 353 | 38 | hoofdluis.nl | A | 185.27.174.120 | 86400 | 0 |
1446122706
| 0 | NULL | 1 |
| 355 | 38 | localhost.hoofdluis.nl | A | 127.0.0.1 | 86400 | 0 |
1446122706 | 0 | NULL | 1 |
- root@ns1:/etc/powerdns/pdns.d# pdnssec check-zone hoofdluis.nl
Checked 12 records of 'hoofdluis.nl', 0 errors, 0 warnings.
I should probably add that we are running two backends, both MySQL on
the same server, spread out over two different databases. One backend
is
more advanced and uses custom queries and dnssec but has no records
whatsoever for any of the domains in the second backend, and vice
versa.
Advanced backend is queried first, regular one next. It'd be easy to
point to this as the source of the problem but I cannot find any clue
that it is causing problems since MySQL queries are ok and the first
(more advanced) backend does not return any data at all for the domain
hoofdluis.nl so the second backend is definitely in control.
Martin
On 29-10-2015 20:39, Aki Tuomi wrote:
> Is it possible for you to provide actual data? Also,
> - have you turned on dnssec support? gmysql-dnssec=yes
> - can you provide the actual line(s) from mysql database
> - can you run pdnssec check-zone zone
>
> Aki
>
> On Thu, Oct 29, 2015 at 08:18:29PM +0100, Martin wrote:
> Hi, Thanks for your reply. I'm using Poweradmin and everything seems to be ok in
the database, no mixup of types and content or anything. I forgot to add that if I
query the authoritative nameserver for the domain directly, dig works as expected: dig
a abc.example.com @ns1.mynsserver gives me the expected NXDOMAIN result. I have
enabled MySQL query log and it appears that some queries are fired but somehow the
requesting client is unable to determine who is authoritative or something. You see,
when I use nslookup in debug mode this happens: ------------ QUESTIONS:
abc.example.com, type = A, class = IN ANSWERS: AUTHORITY RECORDS: ADDITIONAL RECORDS:
------------ ** server can't find abc.example.com: SERVFAIL I would expect to at least
get some authority records. Again, www.example.com [1]is working fine in nslookup
& dig. Martin On 29-10-2015 18:12, bert hubert wrote: Hi Martin, You appear to
have put domain names in the type field! The error messages say the type is
example.example.com. Bert On Oct 29, 2015 17:10, Martin
<[email protected]> wrote: Hi, I have setup a simple MySQL
backend for a domain with a few MX records, a couple of A records, two
NS records and a SOA record for the domain. All dig commands are run
from a completely unrelated server: dig a www.example.com [1] [1] is
working: it returns the right A record dig a example.com is working:
it returns the right A record Now this is where things go wrong: dig a
abc.example.com returns a SERVFAIL but I am expecting a NXDOMAIN
response because there is no A record for abc.example.com I checked
the PowerDNS logs and this is there: Oct 29 16:44:45 ns1 pdns[27687]:
Exception building answer packet (Unknown DNS type
'example.example.com') sending out servfail Oct 29 16:44:45 ns1
pdns[27687]: Exception building answer packet (Unknown DNS type
'example.example.com') sending out servfail Oct 29 16:44:45 ns1
pdns[27687]: Exception building answer packet (Unknown DNS type
'example.example.com') sending out servfail Oct 29 16:44:45 ns1
pdns[27687]: Exception building answ
er packet (Unknown DNS type 'example.example.com') sending out
servfail
Oct 29 16:44:45 ns1 pdns[27687]: Exception building answer packet
(Unknown DNS type 'example.example.com') sending out servfail Five
messages with unknow dns type 'domain.domain.tld'. I have tried an
online tool like http://www.kloth.net/services/dig.php [3] [2] as well
and it generates the same error in the logs but only once instead of
five times. Can anyone point me in the right direction? I'm stumped.
I'm
running the latest version on Debian. Thanks, Martin Links: ------ [1]
http://www.example.com [1] [2] http://www.kloth.net/services/dig.php
[3]
> _______________________________________________ Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users [2]
Links:
------
[1] http://www.example.com
[2] http://mailman.powerdns.com/mailman/listinfo/pdns-users
[3] http://www.kloth.net/services/dig.php
