Re: [Pdns-users] DNAME randomly failing on Linux clients

[Adam Cecile via Pdns-users]

On 4/6/22 10:46, Adam Cecile wrote:
On 4/6/22 10:44, Brian Candler wrote:
On 06/04/2022 09:36, Adam Cecile via Pdns-users wrote:
Any idea what's going on here, I'm completely lost. I guess my DNAME 
usage is somehow incorrect but I don't understand why it's working 
intermittently (and always with pure DNS call using dig...)

Just a thought, but does your system use systemd-resolved? (Clue: 
/etc/resolv.conf points to nameserver 127.0.0.53).  For example, it 
may treat ".local" differently, given that domain is reserved for 
multicast DNS (as dig output informs you); or there may be some 
DNSSEC issue.  "systemd-resolve --status" may give you some clue.

Apart from that, I suggest you look at the raw queries and responses 
on the wire, and see how this differs between using direct dig and 
gethostbyname:

tcpdump -i eth0 -nn -s0 -v port 53

(replace "eth0" with whatever your external interace is)

Hello,

No regular resolv.conf pointing to 127.0.0.1 (local DNSDist -> local 
PowerDNS), nsswitch mdns stuff is also removed.

Just find out something interesting, it works with PowerDNS recursor but 
not DNSDist:

Recursor config:

local-address=0.0.0.0, ::
local-port=53
forward-zones=domain.internal=127.0.0.1:5300
forward-zones+=in-addr.arpa=127.0.0.1:5300
forward-zones+=domain.local=127.0.0.1:5300
forward-zones+=another.domain=127.0.0.1:5300
forward-zones+=another.domain2=127.0.0.1:5300
forward-zones+=another.domain3=127.0.0.1:5300
forward-zones+=another.domain4=127.0.0.1:5300
forward-zones-recurse=.=10.10.10.10
serve-rfc1918=no
loglevel=6
quiet=no
lua-config-file=/etc/powerdns/local-protobuf-forwarder-recursor.lua


DNSDist config:

setSecurityPollSuffix("")
addLocal('0.0.0.0:53', {reusePort=true})

newServer({address="127.0.0.1:5300", pool="authoritative"})
newServer({address="10.10.10.10:53", pool="recursor"})
setACL({'127.0.0.0/8'})
addACL('10.1.0.0/16')
addACL('192.168.69.33/27')

addAction(AndRule({OrRule({OpcodeRule(DNSOpcode.Notify), 
OpcodeRule(DNSOpcode.Update), QTypeRule(DNSQType.AXFR), 
QTypeRule(DNSQType.IXFR)}), NotRule(makeRule({"127.0.0.1/8", 
"10.x.x.x/32", "10.x.x.x/32", "10.x.x.x/32"}))}), 
RCodeAction(dnsdist.REFUSED))
addAction(OrRule({QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), 
RCodeAction(DNSRCode.REFUSED))

addAction({'in-addr.arpa'}, PoolAction("authoritative"))
addAction({'domain.local'}, PoolAction("authoritative"))
addAction({'domain.internal'}, PoolAction("authoritative"))
addAction({'another.domain'}, PoolAction("authoritative"))
addAction({'another.domain2'}, PoolAction("authoritative"))
addAction({'another.domain3'}, PoolAction("authoritative"))
addAction({'another.domain4'}, PoolAction("authoritative"))
addAction(AllRule(), PoolAction('recursor'))

rl = newRemoteLogger("127.0.0.1:50001")
addAction(AllRule(),RemoteLogAction(rl))


Any idea ? I can definitely make TCPDumps at some point but I'm not sure 
to able to understand them ;-)
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users