Observed:
mother ~ # dig mother.titify.com ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> mother.titify.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12227 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;mother.titify.com. IN A ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Sep 28 18:08:19 2013 ;; MSG SIZE rcvd: 35
As you can see, there is a QUESTION section, but no ANSWER. This is an example with a CNAME:
airgul ~ $ dig netly.io ; <<>> DiG 9.8.5-P1 <<>> netly.io ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2513 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;netly.io. IN A ;; ANSWER SECTION: netly.io. 21600 IN CNAME mother.netly.io. mother.netly.io. 21600 IN CNAME mother.titify.com. ;; Query time: 277 msec ;; SERVER: 10.60.111.1#53(10.60.111.1) ;; WHEN: Sat Sep 28 20:06:00 CEST 2013 ;; MSG SIZE rcvd: 78
Solution:
mother # /etc/init.d/pdns stop mother # /etc/init.d/pdns monitor
Will probably give an error message such as:
Sep 28 18:08:02 Should not get here (ns1.titify.com|1): please run pdnssec rectify-zone titify.com Sep 28 18:08:02 Should not get here (ns2.titify.com|1): please run pdnssec rectify-zone titify.com Sep 28 18:08:02 Should not get here (ns1.netly.io|1): please run pdnssec rectify-zone titify.com Sep 28 18:08:02 Should not get here (ns2.netly.io|1): please run pdnssec rectify-zone titify.com Sep 28 18:08:10 Should not get here (mother.titify.com|1): please run pdnssec rectify-zone titify.com Sep 28 18:08:19 Should not get here (mother.titify.com|1): please run pdnssec rectify-zone titify.com
Execute that command:
pdnssec rectify-zone titify.com
and it’s magically fixed.
2 replies on “Powerdns no answer on A records and others”
Magic…I had been wrestling with this for hours. Thanks!
If you are on debian and you are using gmysql driver with powerdns, you can disable DNSSEC feature editing file /etc/powerdns/pdns.d/pdns.local.gmysql and setting gmysql-dnssec=no