PowerDNSSEC responding with SERVFAIL upon IN A query for a CNAME #311

Closed
Habbie opened this Issue Apr 26, 2013 · 2 comments

Projects

None yet

1 participant

@Habbie
Member
Habbie commented Apr 26, 2013
Ix:~ schmidt$ dig @mandelbrot.zaphods.net a indns.zaphods.net +norec +dnssec

; <<>> DiG 9.6.0-APPLE-P2 <<>> @mandelbrot.zaphods.net a indns.zaphods.net +norec +dnssec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13197
;; flags: qr; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 2800
;; QUESTION SECTION:
;indns.zaphods.net.     IN  A

;; ANSWER SECTION:
indns.zaphods.net.  3600    IN  CNAME   dibatag.in-berlin.de.
indns.zaphods.net.  3600    IN  RRSIG   CNAME 5 3 3600 20100916000000 20100902000000 41940 zaphods.net. y1rLJ2K1CJ3XqiSvuKCviEJ6R1NDOna5Xwn37ZD0477shwwngTjjjlf4 9yB2Sdn1EJfHk9OBZAUSoOaRqRcNFvth/qsqxvPSLNg4ShGZQq+KAdpH iu6elDtCZ09HsV8zAWl4TQYt/CWXOtssnnS1uSnXdeEXZkeC27YuEvb1 hqc=

;; Query time: 27 msec
;; SERVER: 217.197.86.168#53(217.197.86.168)
;; WHEN: Wed Sep  8 00:47:13 2010
;; MSG SIZE  rcvd: 251
Sep  8 00:47:16 mandelbrot pdns[13149]: Query: select content,ttl,prio,type,domain_id,name,auth from dns_record where type='SOA' and name='indns.zaphods.net'
Sep  8 00:47:16 mandelbrot pdns[13149]: Query: 'Q^Iindns.zaphods.net^IIN^ISOA^I-1^I217.186.212.147'
Sep  8 00:47:16 mandelbrot pdns[13149]: Query: select content,ttl,prio,type,domain_id,name, auth from dns_record where name='indns.zaphods.net' and domain_id
=11
Sep  8 00:47:16 mandelbrot pdns[13149]: Query: select content,ttl,prio,type,domain_id,name,auth from dns_record where type='SOA' and name='dibatag.in-berlin.
de'
Sep  8 00:47:16 mandelbrot pdns[13149]: Query: 'Q^Idibatag.in-berlin.de^IIN^ISOA^I-1^I217.186.212.147'
Sep  8 00:47:16 mandelbrot pdns[13149]: Query: select content,ttl,prio,type,domain_id,name,auth from dns_record where type='SOA' and name='in-berlin.de'
Sep  8 00:47:16 mandelbrot pdns[13149]: Query: 'Q^Iin-berlin.de^IIN^ISOA^I-1^I217.186.212.147'
Sep  8 00:47:16 mandelbrot pdns[13149]: Query: select content,ttl,prio,type,domain_id,name,auth from dns_record where type='SOA' and name='de'
Sep  8 00:47:16 mandelbrot pdns[13149]: Query: 'Q^Ide^IIN^ISOA^I-1^I217.186.212.147'
Sep  8 00:47:16 mandelbrot pdns[13149]: Query: select content,ttl,prio,type,domain_id,name,auth from dns_record where type='SOA' and name=''
Sep  8 00:47:16 mandelbrot pdns[13149]: Query: 'Q^I^IIN^ISOA^I-1^I217.186.212.147'

Ix:~ schmidt$ dig @mandelbrot.zaphods.net a www.foo-berlin.de +norec

; <<>> DiG 9.6.0-APPLE-P2 <<>> @mandelbrot.zaphods.net a www.foo-berlin.de +norec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48907
;; flags: qr; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.foo-berlin.de.     IN  A

;; ANSWER SECTION:
www.foo-berlin.de.  1200    IN  CNAME   x-berg.in-berlin.de.

;; Query time: 19 msec
;; SERVER: 217.197.86.168#53(217.197.86.168)
;; WHEN: Wed Sep  8 00:47:56 2010
;; MSG SIZE  rcvd: 66
Sep  8 00:47:45 mandelbrot pdns[13149]: Query: select content,ttl,prio,type,domain_id,name,auth from dns_record where type='SOA' and name='www.foo-berlin.de'
Sep  8 00:47:45 mandelbrot pdns[13149]: Query: 'Q^Iwww.foo-berlin.de^IIN^ISOA^I-1^I217.186.212.147'
Sep  8 00:47:45 mandelbrot pdns[13149]: Query: select content,ttl,prio,type,domain_id,name,auth from dns_record where type='SOA' and name='foo-berlin.de'
Sep  8 00:47:45 mandelbrot pdns[13149]: Query: select content,ttl,prio,type,domain_id,name, auth from dns_record where name='www.foo-berlin.de' and domain_id=14
Sep  8 00:47:58 mandelbrot pdns[13149]: Query: select content,ttl,prio,type,domain_id,name, auth from dns_record where name='www.foo-berlin.de' and domain_id=14
Sep  8 00:47:58 mandelbrot pdns[13149]: Query: select content,ttl,prio,type,domain_id,name,auth from dns_record where type='SOA' and name='x-berg.in-berlin.de'
Sep  8 00:47:58 mandelbrot pdns[13149]: Query: 'Q^Ix-berg.in-berlin.de^IIN^ISOA^I-1^I217.186.212.147'

Ix:~ schmidt$ dig @mandelbrot.zaphods.net cname www.foo-berlin.de +norec

; <<>> DiG 9.6.0-APPLE-P2 <<>> @mandelbrot.zaphods.net cname www.foo-berlin.de +norec
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40496
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.foo-berlin.de.     IN  CNAME

;; ANSWER SECTION:
www.foo-berlin.de.  1200    IN  CNAME   x-berg.in-berlin.de.

;; Query time: 19 msec
;; SERVER: 217.197.86.168#53(217.197.86.168)
;; WHEN: Wed Sep  8 00:48:10 2010
;; MSG SIZE  rcvd: 66

from query cache

Debian package 3.0-pre-1 based on
http://svn.powerdns.com/dnssec-wild-testing/pdns-3.0-pre.tar.gz

launch=gmysql:priv,pipe:v6reverse
gmysql-priv-host=127.0.0.1
gmysql-priv-user=pdns
gmysql-priv-password=
gmysql-priv-dbname=more_power

pipe-v6reverse-command=/etc/powerdns/pdns-ipv6-reverse-backend.py
pipe-v6reverse-timeout=500
pipebackend-abi-version=1

key-repository=/etc/powerdns/keys

gmysql-priv-basic-query=select content,ttl,prio,type,domain_id,name from dns_record where type='%s' and name='%s'
gmysql-priv-id-query=select content,ttl,prio,type,domain_id,name from dns_record where type='%s' and name='%s' and domain_id=%d
gmysql-priv-any-query=select content,ttl,prio,type,domain_id,name from dns_record where name='%s'
gmysql-priv-any-id-query=select content,ttl,prio,type,domain_id,name from dns_record where name='%s' and domain_id=%d
gmysql-priv-list-query=select content,ttl,prio,type,domain_id,name from dns_record where domain_id=%d
gmysql-priv-master-zone-query=select master from dns_domain where name='%s' and type='SLAVE'
gmysql-priv-info-zone-query=select id,name,master,last_check,notified_serial,type from dns_domain where name='%s'
gmysql-priv-info-all-slaves-query=select id,name,master,last_check,type from dns_domain where type='SLAVE'
gmysql-priv-supermaster-query=select account from dns_supermaster where ip='%s' and nameserver='%s'
gmysql-priv-insert-slave-query=insert into dns_domain (type,name,master,account) values('SLAVE','%s','%s','%s')
gmysql-priv-insert-record-query=insert into dns_record (content,ttl,prio,type,domain_id,name) values ('%s',%d,%d,'%s',%d,'%s')
gmysql-priv-update-serial-query=update dns_domain set notified_serial=%d where id=%d
gmysql-priv-update-lastcheck-query=update dns_domain set notified_serial=%d where id=%d
gmysql-priv-info-all-master-query=select id,name,master,last_check,notified_serial,type from dns_domain where type='MASTER'
gmysql-priv-delete-zone-query=delete from dns_record where domain_id=%d;
gmysql-priv-wildcard-query=select content,ttl,prio,type,domain_id,name from dns_record where type='%s' and name like '%s'
gmysql-priv-wildcard-id-query=select content,ttl,prio,type,domain_id,name from dns_record where type='%s' and name like '%s' and domain_id=%d
gmysql-priv-wildcard-any-query=select content,ttl,prio,type,domain_id,name from dns_record where name like '%s'
gmysql-priv-wildcard-any-id-query=select content,ttl,prio,type,domain_id,name from dns_record where name like '%s' and domain_id=%d
gmysql-priv-get-order-before-query=select max(ordername) from dns_record where ordername < '%s' and auth=1 and domain_id=%d
gmysql-priv-get-order-after-query=select min(ordername) from dns_record where ordername > '%s' and auth=1 and domain_id=%d
gmysql-priv-set-order-and-auth-query=update dns_record set ordername='%s',auth=%d where name='%s' and domain_id='%d'
gmysql-priv-check-acl-query=select value from dns_acl where acl_type='%s' and acl_key='%s'
gmysql-priv-basic-query-auth=select content,ttl,prio,type,domain_id,name,auth from dns_record where type='%s' and name='%s'
gmysql-priv-id-query-auth=select content,ttl,prio,type,domain_id,name,auth from dns_record where type='%s' and name='%s' and domain_id=%d
gmysql-priv-wildcard-query-auth=select content,ttl,prio,type,domain_id,name, auth from dns_record where type='%s' and name like '%s'
gmysql-priv-wildcard-id-query-auth=select content,ttl,prio,type,domain_id,name, auth from dns_record where type='%s' and name like '%s' and domain_id='%d'
gmysql-priv-any-query-auth=select content,ttl,prio,type,domain_id,name, auth from dns_record where name='%s'
gmysql-priv-any-id-query-auth=select content,ttl,prio,type,domain_id,name, auth from dns_record where name='%s' and domain_id=%d
gmysql-priv-wildcard-any-query-auth=select content,ttl,prio,type,domain_id,name, auth from dns_record where name like '%s'
gmysql-priv-wildcard-any-id-query=select content,ttl,prio,type,domain_id,name from dns_record where name like '%s' and domain_id='%d'

^^^ these should basically be the default queries with table name prepended dns_ due to python django contraints

best regards,

Stefan Schmidt

@Habbie Habbie was assigned Apr 26, 2013
@Habbie Habbie closed this Apr 26, 2013
@Habbie
Member
Habbie commented Apr 26, 2013

Author: anon
just for completeness:

mysql> select * from dns_record where name='indns.zaphods.net';
+---------+-----------+-------------------+-------+----------------------+------+------+-------------+---------+-----------+------+
| id      | domain_id | name              | type  | content              | ttl  | prio | description | dynamic | ordername | auth |
+---------+-----------+-------------------+-------+----------------------+------+------+-------------+---------+-----------+------+
| 7447324 |        11 | indns.zaphods.net | CNAME | dibatag.in-berlin.de | 3600 |    0 |             |       0 | indns     |    1 |
+---------+-----------+-------------------+-------+----------------------+------+------+-------------+---------+-----------+------+
1 row in set (0.00 sec)

mysql> select * from dns_record where name='www.foo-berlin.de';
+------+-----------+-------------------+-------+---------------------+------+------+-------------+---------+-----------+------+
| id   | domain_id | name              | type  | content             | ttl  | prio | description | dynamic | ordername | auth |
+------+-----------+-------------------+-------+---------------------+------+------+-------------+---------+-----------+------+
| 1554 |        14 | www.foo-berlin.de | CNAME | x-berg.in-berlin.de | 1200 |   40 | NULL        |       0 | www       |    1 |
+------+-----------+-------------------+-------+---------------------+------+------+-------------+---------+-----------+------+
1 row in set (0.00 sec)

@Habbie
Member
Habbie commented Apr 26, 2013

Author: ahu
Fixed in 3.0 (verified), we now to a root referral

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment