[Pdns-users] DNAME randomly failing on Linux clients

Wed, 06 Apr 2022 01:36:40 -0700 

Hello,
I'm trying to setup a domain migration using DNAME zones to keep compat with previous domain name but I ended up with a solution that works everytime with dig but seems to be randomly failing using Linux GLIBC resolver.
Setup is PowerDNS running native *.domain.internal zones and *.domain.local zones using DNAME to redirect to .internal. In front of the PowerDNS server we're running DNSDist to route internal authoritative zones and external ones to forwarders. 

Here is that DIG finds out:

dig api.domain.local

; <<>> DiG 9.16.27-Debian <<>> api.domain.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58530
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;api.domain.local.        IN    A

;; ANSWER SECTION:
api.domain.local.    3600    IN    CNAME rp-int.dmz.domain.local.
dmz.domain.local.        3600    IN    DNAME dmz.domain.internal.
rp-int.dmz.domain.internal. 60    IN    A    10.1.1.1
rp-int.dmz.domain.local.    3600    IN    CNAME rp-int.dmz.domain.internal.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Apr 06 08:24:06 UTC 2022
;; MSG SIZE  rcvd: 139

It works 100% times.


However, getent host is failing a lot:

getent hosts api.domain.local

Using .internal domains also fails most of the time.


I'm seeing the same issue using Python socket module:

python3 -c 'import socket; socket.gethostbyname("api.domain.local")'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
socket.gaierror: [Errno -2] Name or service not known
Any idea what's going on here, I'm completely lost. I guess my DNAME usage is somehow incorrect but I don't understand why it's working intermittently (and always with pure DNS call using dig...) 


Thanks a lot in advance,

Best regards, Adam.


_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to