Join Log in
Score:0
Daniel avatar Server

powerdns delegation - nslookup print ANSWER and SERVFAIL at the same time

tj flag
Daniel

Two powerdns are configured and divided into A and B. B is delegated by A. Host A configured pdns and pdns-recursor, host B configured pdns.

[Version info]

pdns-server : 4.7.2
pdns-backend-pgsql : 4.7.2
pdns-recursor : 4.2.1
postgresql : 15.0

Here is my configuration.

[A pdns.conf]

daemon=yes
disable-axfr=no
include-dir=/etc/powerdns/pdns.d
launch=gpgsql
gpgsql-host=10.1.0.107
gpgsql-port=5432
gpgsql-dbname=pdns_database
gpgsql-user=pdns
gpgsql-password=password
local-address=127.0.0.1, 10.1.0.107
local-port=54
security-poll-suffix=
setgid=pdns
setuid=pdns

[A recursor.conf]

allow-from=10.1.0.0/24
config-dir=/etc/powerdns
daemon=yes
dont-query=192.0.0.0/16
forward-zones-recurse=test.inc=127.0.0.1:54
hint-file=/usr/share/dns/root.hints
include-dir=/etc/powerdns/recursor.d
local-address=10.1.0.107,127.0.0.1
local-port=53
lua-config-file=/etc/powerdns/recursor.lua
public-suffix-list-file=/usr/share/publicsuffix/public_suffix_list.dat
quiet=yes
security-poll-suffix=
setgid=pdns
setuid=pdns

[B pdns.conf]

daemon=yes
disable-axfr=no
include-dir=/etc/powerdns/pdns.d
launch=gpgsql
gpgsql-host=10.1.0.108
gpgsql-port=5432
gpgsql-dbname=pdns_database
gpgsql-user=pdns
gpgsql-password=password
local-address=10.1.0.108,127.0.0.1
local-port=53
security-poll-suffix=
setgid=pdns
setuid=pdns

[A records]

Nov 15 17:42:43 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed
$ORIGIN .
d.test.inc      3600    IN      A       10.1.0.118
k.test.inc      3600    IN      NS      ns.k.test.inc.
test.inc        3600    IN      NS      ns.test.inc.
test.inc        3600    IN      SOA     ns.test.inc root.test.inc 13 10800 3600 604800 3600
ns.k.test.inc   3600    IN      A       10.1.0.108
ns.test.inc     3600    IN      A       10.1.0.107

[B records]

Nov 15 17:45:02 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed
$ORIGIN .
d.k.test.inc    3600    IN      A       10.1.0.120
k.test.inc      3600    IN      NS      ns.k.test.inc.
k.test.inc      3600    IN      SOA     ns.k.test.inc root.k.test.inc 3 10800 3600 604800 3600
ns.k.test.inc   3600    IN      A       10.1.0.108
p.k.test.inc    3600    IN      A       10.1.0.117

[normal nslookup output]

# nslookup ns.test.inc
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   ns.test.inc
Address: 10.1.0.107

# nslookup d.test.inc
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   d.test.inc
Address: 10.1.0.118

# nslookup d.k.test.inc
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   d.k.test.inc
Address: 10.1.0.120

Delegation works fine, but nslookup gives strange output only for glue records.

Here's weird output.

Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   ns.k.test.inc
Address: 10.1.0.108
** server can't find ns.k.test.inc: SERVFAIL

When I do dig, I can check normally, but why do I get ANSWER and SERVFAIL at the same time when I use nslookup? Did I do something wrong with the settings?

80
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.