Re: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN

Fri, 22 Apr 2022 09:54:01 -0700

I have pdnsutil 4.5.4 running with MySQL backend and native MySQL replication. 

In pdns.conf I have the following value. Maybe the @ doesn't work?

default-soa-content=ns1.mijn.host hostmaster.@ 0 10800 3600 604800 3600

Klaus Darilion schreef op 2022-04-22 18:06:

I do not see any difference of the two cases. But in any case,
returning an answer AND nxdomain is just broken.


# dig @ns1.mijn.host. autodiscover.egogo.eu
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62514
...
;; QUESTION SECTION:
;autodiscover.egogo.eu.         IN      A

;; ANSWER SECTION:
autodiscover.egogo.eu. 900 IN CNAME autodiscover.outlook.com. 

;; AUTHORITY SECTION:
.                       3600    IN      SOA     ns1.mijn.host.
hostmaster. 1643556361 10800 3600 604800 3600

this is a very broken setup. SOA reports "." = root zone.

which pdns version/backend/ zone setup are you using?

regards
Klaus


-----Ursprüngliche Nachricht-----
Von: Pdns-users <pdns-users-boun...@mailman.powerdns.com> Im
Auftrag von Marijn via Pdns-users
Gesendet: Freitag, 22. April 2022 16:39
An: pdns-users@mailman.powerdns.com
Betreff: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN

I have PowerDNS 4.5.1 running.

DNSSEC is working on the domain:
https://dnssec-analyzer.verisignlabs.com/egogo.eu

---
But when I have DNSSEC active and I create a CNAME record, which doesn't 
have DNSSEC, I get a NXDOMAIN error.

```
$ dig CNAME autodiscover.egogo.eu +short
autodiscover.outlook.com.
```

Here you can see the error
https://dnssec-analyzer.verisignlabs.com/autodiscover.egogo.eu

- Zone egogo.eu (83.96.241.95) returns NXDOMAIN for
autodiscover.egogo.eu
- No NSEC records in response

---

When I create a CNAME record to a domain with DNSSEC, it's working.
```
$ dig CNAME autodiscover2.egogo.eu +short
egogo.nl.
```
https://dnssec-analyzer.verisignlabs.com/autodiscover2.egogo.eu
- No errors

---

Why is DNSSEC not working with CNAME record autodiscover.outlook.com?
Or could there be something wrong in my configuration?
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to