Hello all, We're using PowerDNS to serve authoritative records for our clients at DNSimple.com. We've noticed some behavior which I'm hoping someone can shed some light on.
In the default configuration when someone would query our server for a CNAME record the server would return SERVFAIL + the CNAME record. In the logs we would see: Not authoritative for 'some.other.name.com', sending servfail Where some.other.name.com is the content of the CNAME record. What's bizarre is that in many cases the UDP packet appears to be truncated [1]. In order to stop this behavior we set --send-root-referral=lean in pdns.conf and now we receive a NOERROR response [2]. It seems like we may still have something misconfigured as what I think we really want is [3], a NOERROR without the root referral records. Can someone help us figure out if we've done the best we can or if we should be doing something else to ensure that basic CNAME responses return NOERROR responses that fit in a UDP packet? Is there Thanks in advance for any assistance. Sincerely, Anthony Eden [1] Example of truncated response and TCP mode retry $ dig @ns3.dnsimple.com production.s3.rubygems.org ;; Warning: Message parser reports malformed message packet. ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.6.0-APPLE-P2 <<>> @ns3.dnsimple.com production.s3.rubygems.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22307 ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;production.s3.rubygems.org. IN A ;; ANSWER SECTION: production.s3.rubygems.org. 3600 IN CNAME production.s3.rubygems.org.s3.amazonaws.com. ;; Query time: 416 msec ;; SERVER: 66.220.0.169#53(66.220.0.169) ;; WHEN: Thu Jan 27 17:21:49 2011 ;; MSG SIZE rcvd: 101 [2] Current response $ dig @ns3.dnsimple.com production.s3.rubygems.org ; <<>> DiG 9.6.0-APPLE-P2 <<>> @ns3.dnsimple.com production.s3.rubygems.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38917 ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;production.s3.rubygems.org. IN A ;; ANSWER SECTION: production.s3.rubygems.org. 3600 IN CNAME production.s3.rubygems.org.s3.amazonaws.com. ;; AUTHORITY SECTION: . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net. ;; Query time: 203 msec ;; SERVER: 66.220.0.169#53(66.220.0.169) ;; WHEN: Thu Jan 27 17:39:21 2011 ;; MSG SIZE rcvd: 312 [3] ; <<>> DiG 9.6.0-APPLE-P2 <<>> @ns3.dnsimple.com production.s3.rubygems.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38917 ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;production.s3.rubygems.org. IN A ;; ANSWER SECTION: production.s3.rubygems.org. 3600 IN CNAME production.s3.rubygems.org.s3.amazonaws.com. ;; Query time: 203 msec ;; SERVER: 66.220.0.169#53(66.220.0.169) ;; WHEN: Thu Jan 27 17:39:21 2011 ;; MSG SIZE rcvd: 312 -- http://anthonyeden.com | twitter: @aeden | skype: anthonyeden
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
