Powerdns no answer on A records and others

Observed:

mother ~ # dig mother.titify.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> mother.titify.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12227
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;mother.titify.com. IN A

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Sep 28 18:08:19 2013
;; MSG SIZE rcvd: 35

As you can see, there is a QUESTION section, but no ANSWER. This is an example with a CNAME:

airgul ~ $ dig netly.io

; <<>> DiG 9.8.5-P1 <<>> netly.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2513
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;netly.io. IN A

;; ANSWER SECTION:
netly.io. 21600 IN CNAME mother.netly.io.
mother.netly.io. 21600 IN CNAME mother.titify.com.

;; Query time: 277 msec
;; SERVER: 10.60.111.1#53(10.60.111.1)
;; WHEN: Sat Sep 28 20:06:00 CEST 2013
;; MSG SIZE rcvd: 78

Solution:

mother # /etc/init.d/pdns stop
mother # /etc/init.d/pdns monitor

Will probably give an error message such as:

Sep 28 18:08:02 Should not get here (ns1.titify.com|1): 
please run pdnssec rectify-zone titify.com
Sep 28 18:08:02 Should not get here (ns2.titify.com|1): 
please run pdnssec rectify-zone titify.com
Sep 28 18:08:02 Should not get here (ns1.netly.io|1): 
please run pdnssec rectify-zone titify.com
Sep 28 18:08:02 Should not get here (ns2.netly.io|1): 
please run pdnssec rectify-zone titify.com
Sep 28 18:08:10 Should not get here (mother.titify.com|1): 
please run pdnssec rectify-zone titify.com
Sep 28 18:08:19 Should not get here (mother.titify.com|1): 
please run pdnssec rectify-zone titify.com

Execute that command:

pdnssec rectify-zone titify.com

and it’s magically fixed.

2 comments

  1. Bill says:

    Magic…I had been wrestling with this for hours. Thanks!

  2. dam2k says:

    If you are on debian and you are using gmysql driver with powerdns, you can disable DNSSEC feature editing file /etc/powerdns/pdns.d/pdns.local.gmysql and setting gmysql-dnssec=no

Leave a Reply...