Home / server / Questions / 358045
Accepted
Tom O'Connor
Asked: 2012-02-09 08:01:19 +0800 CST

PowerDNS and a strange NXDomain

  • 772

Allow me first to set the scene.

We used to use Bind9, but ditched it in favour of PowerDNS, because, frankly, Bind sucks.

We have a "primary" zone in our DNS master. london.wibblesplat.com There's other zones too, oob.london.wibblesplat.com

The majority of addresses in the non-oob zone are in the range 192.168.0.0/16. The IP of the dns-1 server is 192.168.123.140. (I'm not sure if this is relevant).

I wanted to add some out-of-band (oob) access IPs to the oob.london.wibblesplat.com zone in the range 172.16.254.0/24

This is what's in the database that drives powerdns.

    powerdns=# select * from records where name like '%switch%';
   id   | domain_id |                        name                        | type |    content    | ttl  | prio | change_date | ordername | auth 
--------+-----------+----------------------------------------------------+------+---------------+------+------+-------------+-----------+------
 190709 |        24 | renderchassis-1-switch-A1.london.wibblesplat.com | A    | 172.16.254.12 | 3600 |    0 |  1328715923 |           | 
 190710 |        24 | renderchassis-1-switch-A2.london.wibblesplat.com | A    | 172.16.254.3  | 3600 |    0 |  1328715923 |           | 
 190711 |        24 | renderchassis-2-switch-A1.london.wibblesplat.com | A    | 172.16.254.2  | 3600 |    0 |  1328715923 |           | 
 190712 |        24 | renderchassis-2-switch-A2.london.wibblesplat.com | A    | 172.16.254.13 | 3600 |    0 |  1328715923 |           | 
(4 rows)

This is what dig says.

tom.oconnor@charcoal-black:~$ dig renderchassis-1-switch-A1 +search
; <<>> DiG 9.7.0-P1 <<>> renderchassis-1-switch-A1 +search
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28586
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;renderchassis-1-switch-A1.london.wibblesplat.com. IN A

;; AUTHORITY SECTION:
london.wibblesplat.com. 1800    IN  SOA dns1.london.wibblesplat.com. hostmaster.london.wibblesplat.com. 2012020803 28800 7200 604800 86400

;; Query time: 2 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 15:58:53 2012
;; MSG SIZE  rcvd: 120

Why is PowerDNS not serving the record? It exists. The query should be fine. Is there something weird about zones not being served if the A record isn't in the subnet the server has access to? (I can't see this being right, what if I wanted (for whatever reason) to re-publish an A record for 8.8.8.8 or whatever).

Any thoughts?

EDIT:

The plot thickens. Out of interest, I nuked the old records, and added some new, shorter ones.

powerdns=# select * from records where name like '%rc1sw%' or content like '%rc1sw%';
   id   | domain_id |            name             | type |    content    | ttl  | prio | change_date | ordername | auth 
--------+-----------+-----------------------------+------+---------------+------+------+-------------+-----------+------
 190810 |        23 | rc1sw1.london.wibblesplat.com | A    | 172.16.254.12 | 3600 |    0 |  1328720986 |           | 
 190811 |        23 | rc1sw2.london.wibblesplat.com | A    | 172.16.254.3  | 3600 |    0 |  1328720999 |   

    |

And now.. tom.oconnor@charcoal-black:~$ dig rc1sw1 +search

; <<>> DiG 9.7.0-P1 <<>> rc1sw1 +search
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32849
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;rc1sw1.london.wibblesplat.com. IN  A

;; ANSWER SECTION:
rc1sw1.london.wibblesplat.com. 3600 IN  A   172.16.254.12

;; Query time: 0 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 17:10:35 2012
;; MSG SIZE  rcvd: 61

And it works.

Seems Powerdns might not like so many - characters in a Name. I'll bear that in mind, and carry on. Still, an answer might be nice.

OK, it's the -A1 it doesn't like.

Have a look at this.

powerdns=# select * from records order by id desc limit 5;
   id   | domain_id |              name               | type |             content             | ttl  | prio | change_date | ordername | auth 
--------+-----------+---------------------------------+------+---------------------------------+------+------+-------------+-----------+------
 190830 |        23 | bunt-1-A1.london.wibblesplat.com  | A    | 127.0.0.1                       |  120 |    0 |  1328722058 |           | 
 190829 |        22 | 80.124.168.192.in-addr.arpa.    | PTR  | claret-red.london.wibblesplat.com | 3600 |    0 |  1328722007 |           | 
 190828 |        23 | claret-red.london.wibblesplat.com | A    | 192.168.124.80                  | 3600 |    0 |  1328722007 |           | 
 190825 |        23 | BUNT.london.wibblesplat.com       | A    | 127.0.0.1                       |  120 |    0 |  1328721975 |           | 
 190824 |        23 | bunt.london.wibblesplat.com       | A    | 127.0.0.1                       |  120 |    0 |  1328721967 |    

   |

and

tom.oconnor@charcoal-black:~$ dig bunt +search

; <<>> DiG 9.7.0-P1 <<>> bunt +search
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34027
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bunt.london.wibblesplat.com.   IN  A

;; ANSWER SECTION:
bunt.london.wibblesplat.com. 120    IN  A   127.0.0.1

;; Query time: 1 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 17:27:15 2012
;; MSG SIZE  rcvd: 59

tom.oconnor@charcoal-black:~$ dig BUNT +search

; <<>> DiG 9.7.0-P1 <<>> BUNT +search
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60125
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;BUNT.london.wibblesplat.com.   IN  A

;; ANSWER SECTION:
BUNT.london.wibblesplat.com. 120    IN  A   127.0.0.1

;; Query time: 0 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 17:27:20 2012
;; MSG SIZE  rcvd: 59


tom.oconnor@charcoal-black:~$ dig bunt-1-A1 +search

; <<>> DiG 9.7.0-P1 <<>> bunt-1-A1 +search
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22009
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;    ; QUESTION SECTION:
;bunt-1-A1.         IN  A

;; AUTHORITY SECTION:
.           1800    IN  SOA a.root-servers.net. nstld.verisign-grs.com. 2012020801 1800 900 604800 86400

;; Query time: 59 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 17:27:53 2012
;; MSG SIZE  rcvd: 102
domain-name-system powerdns

2 Answers

  1. Best Answer

    PostgreSQL, at least under the default PowerDNS table schema, is case sensitive. PowerDNS lowercases all queries. So, make sure to always lowercase your names.

    • 6

  2. So, It looks like PowerDNS has a massive thing about uppercase strings in certain configurations.

    It'll accept BUNT and bunt, but not bunt-1-A1 or variants thereof.

    See the edits on the Question, and this block of digs.

    tom.oconnor@charcoal-black:~$ dig bunt-A0000.london.wibblesplat.com

; <<>> DiG 9.7.0-P1 <<>> bunt-A0000.london.wibblesplat.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21482
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bunt-A0000.london.wibblesplat.com. IN  A

;; AUTHORITY SECTION:
london.wibblesplat.com. 86400   IN  SOA dns-1.london.wibblesplat.com. root.london.wibblesplat.com. 2012020835 28800 14400 2419200 86400

;; Query time: 1 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 17:39:01 2012
;; MSG SIZE  rcvd: 116

tom.oconnor@charcoal-black:~$ dig bunt-B.london.wibblesplat.com

; <<>> DiG 9.7.0-P1 <<>> bunt-B.london.wibblesplat.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41445
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bunt-B.london.wibblesplat.com. IN  A

;; AUTHORITY SECTION:
london.wibblesplat.com. 86400   IN  SOA dns-1.london.wibblesplat.com. root.london.wibblesplat.com. 2012020835 28800 14400 2419200 86400

;; Query time: 1 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 17:39:09 2012
;; MSG SIZE  rcvd: 112

tom.oconnor@charcoal-black:~$ dig bunt-BUNT.london.wibblesplat.com

; <<>> DiG 9.7.0-P1 <<>> bunt-BUNT.london.wibblesplat.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57635
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bunt-BUNT.london.wibblesplat.com.  IN  A

;; AUTHORITY SECTION:
london.wibblesplat.com. 86400   IN  SOA dns-1.london.wibblesplat.com. root.london.wibblesplat.com. 2012020835 28800 14400 2419200 86400

;; Query time: 1 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 17:39:14 2012
;; MSG SIZE  rcvd: 115

tom.oconnor@charcoal-black:~$ dig buntA1.london.wibblesplat.com

; <<>> DiG 9.7.0-P1 <<>> buntA1.london.wibblesplat.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29929
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;buntA1.london.wibblesplat.com. IN  A

;; AUTHORITY SECTION:
london.wibblesplat.com. 86400   IN  SOA dns-1.london.wibblesplat.com. root.london.wibblesplat.com. 2012020835 28800 14400 2419200 86400

;; Query time: 1 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 17:39:18 2012
;; MSG SIZE  rcvd: 112
    • 3