Re: [Pdns-users] Dig: zone queries are not answered without the ANY flag

Wed, 13 Dec 2017 09:18:34 -0800 

On 13/12/2017 10:53 πμ, Pieter Lexis wrote:


...
How is your set up? Please share your pdns.conf and recursor.conf.

Also, can you show the output of `pdnsutil check-zone noa.gr`?
...


Hi Pieter,

Thank you for your reply.

I list the details you requested below.
I have also included our reverse zones. As you can see, they all appear as not having NS records!
As we have not changed our setup at all for years, and we have not had any such (or other) problems during all these years, I tend to suspect some LDAP backend -related bug, introduced in some recent version.
Finally, for your reference, I am including the LDAP DIT (tree) down to the noa.gr SOA entry.
I am available to provide any other info you may require to troubleshoot the issue. 

Please advise.

---------------------------------------------------------------------------------------

[root@vdns ~]# cat /etc/pdns/pdns.conf
setuid=pdns
setgid=pdns
allow-recursion=0.0.0.0/0, ::/0
webserver=yes
webserver-address=194.177.195.162
webserver-password=xxxxxxxxxxxx
webserver-port=8081
webserver-print-arguments=no

launch=ldap:bkend1,bind:bkend2

bind-bkend2-config=/etc/pdns/bind/named.conf
bind-bkend2-check-interval=600

ldap-bkend1-host=localhost
ldap-bkend1-basedn=ou=dns,dc=noa,dc=gr
ldap-bkend1-binddn=uid=dnsauth,ou=system,dc=noa,dc=gr
ldap-bkend1-secret=xxxxxxxxxxxxxxx
ldap-bkend1-method=simple
default-ttl=86400
local-address=127.0.0.1 194.177.195.162
do-ipv6-additional-processing=yes
local-ipv6=::1 2001:648:2011:15::162
local-port=53

allow-axfr-ips=192.168.0.0/16, 195.251.202.0/23, 195.251.204.0/24, \
 194.177.194.0/24, 194.177.195.0/24, 10.0.0.0/8, 194.177.210.211, \
  194.177.210.10, 83.212.5.18, 83.212.5.22, 2001:648:2011::/48, \
  2001:648:2ffc:111::2, 2001:648:2ffc:112::2, 127.0.0.1, ::1
allow-recursion=127.0.0.1, ::1, 192.168.0.0/16, 195.251.202.0/23, 195.251.204.0/24, \ 
 194.177.194.0/24, 194.177.195.0/24, 10.0.0.0/8, 83.212.5.18, \
 83.212.5.22, 194.177.210.210, 194.177.194.99, 2001:648:2011::/48

logging-facility=0
loglevel=5
cache-ttl=0
log-dns-details=off

recursor=127.0.0.1:5300

---------------------------------------------------------------------------------------

[root@vdns ~]# cat /etc/pdns-recursor/recursor.conf
setuid=pdns-recursor
setgid=pdns-recursor

local-address=127.0.0.1,194.177.195.162,[::1],[2001:648:2011:15::162]
allow-from=0.0.0.0/0,::/0
query-local-address6=2001:648:2011:15::162
local-port=5300
quiet=yes
logging-facility=0
log-common-errors=off

max-cache-entries=0
max-negative-ttl=3600

---------------------------------------------------------------------------------------

[root@vdns ~]# pdnsutil check-zone noa.gr
Dec 13 19:00:27 Reading random entropy from '/dev/urandom'
Dec 13 19:00:27 [LdapBackend] Ldap connection succeeded
Dec 13 19:00:27 [LdapBackend] Ldap connection succeeded
Dec 13 19:00:27 [bind-bkend2backend] Parsing 1 domain(s), will report when done Dec 13 19:00:27 [bind-bkend2backend] Done parsing domains, 0 rejected, 1 new, 0 removed 
[Error] No NS record at zone apex in zone 'noa.gr'
Checked 1 records of 'noa.gr', 1 errors, 0 warnings.
[root@vdns ~]#
[root@vdns ~]# pdnsutil check-zone 203.251.195.in-addr.arpa
Dec 13 19:01:20 Reading random entropy from '/dev/urandom'
Dec 13 19:01:20 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:20 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:20 [bind-bkend2backend] Parsing 1 domain(s), will report when done Dec 13 19:01:20 [bind-bkend2backend] Done parsing domains, 0 rejected, 1 new, 0 removed 
[Error] No NS record at zone apex in zone '203.251.195.in-addr.arpa'
Checked 1 records of '203.251.195.in-addr.arpa', 1 errors, 0 warnings.
[root@vdns ~]#
[root@vdns ~]# pdnsutil check-zone 204.251.195.in-addr.arpa
Dec 13 19:01:33 Reading random entropy from '/dev/urandom'
Dec 13 19:01:33 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:33 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:33 [bind-bkend2backend] Parsing 1 domain(s), will report when done Dec 13 19:01:33 [bind-bkend2backend] Done parsing domains, 0 rejected, 1 new, 0 removed 
[Error] No NS record at zone apex in zone '204.251.195.in-addr.arpa'
Checked 1 records of '204.251.195.in-addr.arpa', 1 errors, 0 warnings.
[root@vdns ~]#
[root@vdns ~]# pdnsutil check-zone 202.251.195.in-addr.arpa
Dec 13 19:01:39 Reading random entropy from '/dev/urandom'
Dec 13 19:01:39 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:39 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:39 [bind-bkend2backend] Parsing 1 domain(s), will report when done Dec 13 19:01:39 [bind-bkend2backend] Done parsing domains, 0 rejected, 1 new, 0 removed 
[Error] No NS record at zone apex in zone '202.251.195.in-addr.arpa'
Checked 1 records of '202.251.195.in-addr.arpa', 1 errors, 0 warnings.
[root@vdns ~]#
[root@vdns ~]# pdnsutil check-zone 194.177.194.in-addr.arpa
Dec 13 19:01:59 Reading random entropy from '/dev/urandom'
Dec 13 19:01:59 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:59 [LdapBackend] Ldap connection succeeded
Dec 13 19:01:59 [bind-bkend2backend] Parsing 1 domain(s), will report when done Dec 13 19:01:59 [bind-bkend2backend] Done parsing domains, 0 rejected, 1 new, 0 removed 
[Error] No NS record at zone apex in zone '194.177.194.in-addr.arpa'
Checked 1 records of '194.177.194.in-addr.arpa', 1 errors, 0 warnings.
[root@vdns ~]#
[root@vdns ~]# pdnsutil check-zone 195.177.194.in-addr.arpa
Dec 13 19:02:06 Reading random entropy from '/dev/urandom'
Dec 13 19:02:06 [LdapBackend] Ldap connection succeeded
Dec 13 19:02:06 [LdapBackend] Ldap connection succeeded
Dec 13 19:02:06 [bind-bkend2backend] Parsing 1 domain(s), will report when done Dec 13 19:02:06 [bind-bkend2backend] Done parsing domains, 0 rejected, 1 new, 0 removed 
[Error] No NS record at zone apex in zone '195.177.194.in-addr.arpa'
Checked 1 records of '195.177.194.in-addr.arpa', 1 errors, 0 warnings.

---------------------------------------------------------------------------------------

dn: dc=noa,dc=gr
dc: noa
description: National Observatory of Athens
objectClass: dcObject
objectClass: organization
o: NOA
o;lang-el:: zpXOkc6R
o;lang-en: NOA

dn: ou=dns,dc=noa,dc=gr
objectClass: top
objectClass: organizationalUnit
ou: dns

dn: dc=noa.gr,ou=dns,dc=noa,dc=gr
objectClass: dNSDomain2
objectClass: domainRelatedObject
dc: noa.gr
associatedDomain: noa.gr
nSRecord: vdns.noa.gr
nSRecord: dns2.noa.gr
nSRecord: sns0.grnet.gr
nSRecord: sns1.grnet.gr
mXRecord: 20 mailgw1.noa.gr
mXRecord: 10 mailgw3.noa.gr
tXTRecord: "MS=ms14959969"
sOARecord: vdns.noa.gr sysad...@noa.gr 2017120501 7200 180 1209600 3600

---------------------------------------------------------------------------------------

Thanks,
Nick
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to