Powerdns no answer on A records and others

Observed:

mother ~ # dig mother.titify.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> mother.titify.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12227
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;mother.titify.com. IN A

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Sep 28 18:08:19 2013
;; MSG SIZE rcvd: 35

As you can see, there is a QUESTION section, but no ANSWER. This is an example with a CNAME:

airgul ~ $ dig netly.io

; <<>> DiG 9.8.5-P1 <<>> netly.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2513
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;netly.io. IN A

;; ANSWER SECTION:
netly.io. 21600 IN CNAME mother.netly.io.
mother.netly.io. 21600 IN CNAME mother.titify.com.

;; Query time: 277 msec
;; SERVER: 10.60.111.1#53(10.60.111.1)
;; WHEN: Sat Sep 28 20:06:00 CEST 2013
;; MSG SIZE rcvd: 78

Solution:

mother # /etc/init.d/pdns stop
mother # /etc/init.d/pdns monitor

Will probably give an error message such as:

Sep 28 18:08:02 Should not get here (ns1.titify.com|1): 
please run pdnssec rectify-zone titify.com
Sep 28 18:08:02 Should not get here (ns2.titify.com|1): 
please run pdnssec rectify-zone titify.com
Sep 28 18:08:02 Should not get here (ns1.netly.io|1): 
please run pdnssec rectify-zone titify.com
Sep 28 18:08:02 Should not get here (ns2.netly.io|1): 
please run pdnssec rectify-zone titify.com
Sep 28 18:08:10 Should not get here (mother.titify.com|1): 
please run pdnssec rectify-zone titify.com
Sep 28 18:08:19 Should not get here (mother.titify.com|1): 
please run pdnssec rectify-zone titify.com

Execute that command:

pdnssec rectify-zone titify.com

and it’s magically fixed.


Posted by

in

, , ,

Comments

2 responses to “Powerdns no answer on A records and others”

  1. Bill avatar
    Bill

    Magic…I had been wrestling with this for hours. Thanks!

  2. dam2k avatar

    If you are on debian and you are using gmysql driver with powerdns, you can disable DNSSEC feature editing file /etc/powerdns/pdns.d/pdns.local.gmysql and setting gmysql-dnssec=no

Leave a Reply…