PDNS to answer as NON-authoritative?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

PDNS to answer as NON-authoritative?

Luis Daniel Lucio Quiroz
Hello

Wat am I missing? I have this:
launch=pipe,bind
pipe-command=/usr/local/libexec/latency.pdns.plugin
pipe-regex=^.*\.(mylocaldomain)\.(net);.*$
bind-config=/etc/named.pdns.conf
bind-check-interval=300
bind-ignore-broken-records=no
send-root-referral=lean
allow-recursion=192.168.7.0/24

/etc/named.pdns.conf looks like this
zone "mylocaldomain.net" IN {
   type master;
   file "/var/named/data/mylocaldomain.net";
};

zone "root-servers.net" IN {
   type master;
   file "/var/named/data/named.ca";
};


when I do a dig, or a host, i get this:

dig google.com @PUBLICIP

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> . @PUBLICIP
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29059
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;.                              IN      A

;; AUTHORITY SECTION:
.                       518400  IN      NS      a.root-servers.net.
.                       518400  IN      NS      b.root-servers.net.
.                       518400  IN      NS      c.root-servers.net.
.                       518400  IN      NS      d.root-servers.net.
.                       518400  IN      NS      e.root-servers.net.
.                       518400  IN      NS      f.root-servers.net.
.                       518400  IN      NS      g.root-servers.net.
.                       518400  IN      NS      h.root-servers.net.
.                       518400  IN      NS      i.root-servers.net.
.                       518400  IN      NS      j.root-servers.net.
.                       518400  IN      NS      k.root-servers.net.
.                       518400  IN      NS      l.root-servers.net.
.                       518400  IN      NS      m.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.     3600000 IN      A       198.41.0.4
a.root-servers.net.     3600000 IN      AAAA    2001:503:ba3e::2:30
b.root-servers.net.     3600000 IN      A       192.228.79.201
c.root-servers.net.     3600000 IN      A       192.33.4.12
d.root-servers.net.     3600000 IN      A       199.7.91.13
d.root-servers.net.     3600000 IN      AAAA    2001:500:2d::d
e.root-servers.net.     3600000 IN      A       192.203.230.10
f.root-servers.net.     3600000 IN      A       192.5.5.241
f.root-servers.net.     3600000 IN      AAAA    2001:500:2f::f
g.root-servers.net.     3600000 IN      A       192.112.36.4
h.root-servers.net.     3600000 IN      A       128.63.2.53
h.root-servers.net.     3600000 IN      AAAA    2001:500:1::803f:235
i.root-servers.net.     3600000 IN      A       192.36.148.17

;; Query time: 24 msec
;;
;; WHEN: Sun Jan  3 05:10:27 2016
;; MSG SIZE  rcvd: 484


or

host google.com PUBLICIP
Using domain server:
Name: PUBLICIP
Address: PUBLICIP#53
Aliases:


As you see, there is no answer. I only get the root NS servers.

--
Luis Daniel Lucio Quiroz
CISSP, CISM, CISA
Linux, VoIP and much more fun
www.okay.com.mx

Need LCR? Check out LCR for FusionPBX with FreeSWITCH
Need Billing? Check out Billing for FusionPBX with FreeSWITCH

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: PDNS to answer as NON-authoritative?

Michael Loftis
PowerDNS is not the same as PowerDNS Recursor. The former only does authoritative which is your problem here.

On Saturday, January 2, 2016, Luis Daniel Lucio Quiroz <[hidden email]> wrote:
Hello

Wat am I missing? I have this:
launch=pipe,bind
pipe-command=/usr/local/libexec/latency.pdns.plugin
pipe-regex=^.*\.(mylocaldomain)\.(net);.*$
bind-config=/etc/named.pdns.conf
bind-check-interval=300
bind-ignore-broken-records=no
send-root-referral=lean
allow-recursion=192.168.7.0/24

/etc/named.pdns.conf looks like this
zone "mylocaldomain.net" IN {
   type master;
   file "/var/named/data/mylocaldomain.net";
};

zone "root-servers.net" IN {
   type master;
   file "/var/named/data/named.ca";
};


when I do a dig, or a host, i get this:

dig google.com @PUBLICIP

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> . @PUBLICIP
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29059
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;.                              IN      A

;; AUTHORITY SECTION:
.                       518400  IN      NS      a.root-servers.net.
.                       518400  IN      NS      b.root-servers.net.
.                       518400  IN      NS      c.root-servers.net.
.                       518400  IN      NS      d.root-servers.net.
.                       518400  IN      NS      e.root-servers.net.
.                       518400  IN      NS      f.root-servers.net.
.                       518400  IN      NS      g.root-servers.net.
.                       518400  IN      NS      h.root-servers.net.
.                       518400  IN      NS      i.root-servers.net.
.                       518400  IN      NS      j.root-servers.net.
.                       518400  IN      NS      k.root-servers.net.
.                       518400  IN      NS      l.root-servers.net.
.                       518400  IN      NS      m.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.     3600000 IN      A       198.41.0.4
a.root-servers.net.     3600000 IN      AAAA    2001:503:ba3e::2:30
b.root-servers.net.     3600000 IN      A       192.228.79.201
c.root-servers.net.     3600000 IN      A       192.33.4.12
d.root-servers.net.     3600000 IN      A       199.7.91.13
d.root-servers.net.     3600000 IN      AAAA    2001:500:2d::d
e.root-servers.net.     3600000 IN      A       192.203.230.10
f.root-servers.net.     3600000 IN      A       192.5.5.241
f.root-servers.net.     3600000 IN      AAAA    2001:500:2f::f
g.root-servers.net.     3600000 IN      A       192.112.36.4
h.root-servers.net.     3600000 IN      A       128.63.2.53
h.root-servers.net.     3600000 IN      AAAA    2001:500:1::803f:235
i.root-servers.net.     3600000 IN      A       192.36.148.17

;; Query time: 24 msec
;;
;; WHEN: Sun Jan  3 05:10:27 2016
;; MSG SIZE  rcvd: 484


or

host google.com PUBLICIP
Using domain server:
Name: PUBLICIP
Address: PUBLICIP#53
Aliases:


As you see, there is no answer. I only get the root NS servers.

--
Luis Daniel Lucio Quiroz
CISSP, CISM, CISA
Linux, VoIP and much more fun
www.okay.com.mx

Need LCR? Check out LCR for FusionPBX with FreeSWITCH
Need Billing? Check out Billing for FusionPBX with FreeSWITCH


--

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: PDNS to answer as NON-authoritative?

Aki Tuomi
If you want to use auth as recursor, you need to configure

recursor=<valid recursor IP>
allow-recursion=<list of networks that can recurse>

On Sat, Jan 02, 2016 at 09:55:54PM -0800, Michael Loftis wrote:

> PowerDNS is not the same as PowerDNS Recursor. The former only does
> authoritative which is your problem here.
>
> On Saturday, January 2, 2016, Luis Daniel Lucio Quiroz <
> [hidden email]> wrote:
>
> > Hello
> >
> > Wat am I missing? I have this:
> > launch=pipe,bind
> > pipe-command=/usr/local/libexec/latency.pdns.plugin
> > pipe-regex=^.*\.(mylocaldomain)\.(net);.*$
> > bind-config=/etc/named.pdns.conf
> > bind-check-interval=300
> > bind-ignore-broken-records=no
> > send-root-referral=lean
> > allow-recursion=192.168.7.0/24
> >
> > /etc/named.pdns.conf looks like this
> > zone "mylocaldomain.net" IN {
> >    type master;
> >    file "/var/named/data/mylocaldomain.net";
> > };
> >
> > zone "root-servers.net" IN {
> >    type master;
> >    file "/var/named/data/named.ca";
> > };
> >
> >
> > when I do a dig, or a host, i get this:
> >
> > dig google.com @PUBLICIP
> >
> > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> . @PUBLICIP
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29059
> > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;.                              IN      A
> >
> > ;; AUTHORITY SECTION:
> > .                       518400  IN      NS      a.root-servers.net.
> > .                       518400  IN      NS      b.root-servers.net.
> > .                       518400  IN      NS      c.root-servers.net.
> > .                       518400  IN      NS      d.root-servers.net.
> > .                       518400  IN      NS      e.root-servers.net.
> > .                       518400  IN      NS      f.root-servers.net.
> > .                       518400  IN      NS      g.root-servers.net.
> > .                       518400  IN      NS      h.root-servers.net.
> > .                       518400  IN      NS      i.root-servers.net.
> > .                       518400  IN      NS      j.root-servers.net.
> > .                       518400  IN      NS      k.root-servers.net.
> > .                       518400  IN      NS      l.root-servers.net.
> > .                       518400  IN      NS      m.root-servers.net.
> >
> > ;; ADDITIONAL SECTION:
> > a.root-servers.net.     3600000 IN      A       198.41.0.4
> > a.root-servers.net.     3600000 IN      AAAA    2001:503:ba3e::2:30
> > b.root-servers.net.     3600000 IN      A       192.228.79.201
> > c.root-servers.net.     3600000 IN      A       192.33.4.12
> > d.root-servers.net.     3600000 IN      A       199.7.91.13
> > d.root-servers.net.     3600000 IN      AAAA    2001:500:2d::d
> > e.root-servers.net.     3600000 IN      A       192.203.230.10
> > f.root-servers.net.     3600000 IN      A       192.5.5.241
> > f.root-servers.net.     3600000 IN      AAAA    2001:500:2f::f
> > g.root-servers.net.     3600000 IN      A       192.112.36.4
> > h.root-servers.net.     3600000 IN      A       128.63.2.53
> > h.root-servers.net.     3600000 IN      AAAA    2001:500:1::803f:235
> > i.root-servers.net.     3600000 IN      A       192.36.148.17
> >
> > ;; Query time: 24 msec
> > ;;
> > ;; WHEN: Sun Jan  3 05:10:27 2016
> > ;; MSG SIZE  rcvd: 484
> >
> >
> > or
> >
> > host google.com PUBLICIP
> > Using domain server:
> > Name: PUBLICIP
> > Address: PUBLICIP#53
> > Aliases:
> >
> >
> > As you see, there is no answer. I only get the root NS servers.
> >
> > --
> > Luis Daniel Lucio Quiroz
> > CISSP, CISM, CISA
> > Linux, VoIP and much more fun
> > www.okay.com.mx
> >
> > Need LCR? Check out LCR for FusionPBX with FreeSWITCH
> > Need Billing? Check out Billing for FusionPBX with FreeSWITCH
> >
>
>
> --
>
> "Genius might be described as a supreme capacity for getting its possessors
> into trouble of all kinds."
> -- Samuel Butler

> _______________________________________________
> Pdns-users mailing list
> [hidden email]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: PDNS to answer as NON-authoritative?

Luis Daniel Lucio Quiroz

Thanks. But that's the way u don't want to use. I know how.

I need to make it work in non recursive mode.

Le 3 janv. 2016 9:29 AM, "Aki Tuomi" <[hidden email]> a écrit :
If you want to use auth as recursor, you need to configure

recursor=<valid recursor IP>
allow-recursion=<list of networks that can recurse>

On Sat, Jan 02, 2016 at 09:55:54PM -0800, Michael Loftis wrote:
> PowerDNS is not the same as PowerDNS Recursor. The former only does
> authoritative which is your problem here.
>
> On Saturday, January 2, 2016, Luis Daniel Lucio Quiroz <
> [hidden email]> wrote:
>
> > Hello
> >
> > Wat am I missing? I have this:
> > launch=pipe,bind
> > pipe-command=/usr/local/libexec/latency.pdns.plugin
> > pipe-regex=^.*\.(mylocaldomain)\.(net);.*$
> > bind-config=/etc/named.pdns.conf
> > bind-check-interval=300
> > bind-ignore-broken-records=no
> > send-root-referral=lean
> > allow-recursion=192.168.7.0/24
> >
> > /etc/named.pdns.conf looks like this
> > zone "mylocaldomain.net" IN {
> >    type master;
> >    file "/var/named/data/mylocaldomain.net";
> > };
> >
> > zone "root-servers.net" IN {
> >    type master;
> >    file "/var/named/data/named.ca";
> > };
> >
> >
> > when I do a dig, or a host, i get this:
> >
> > dig google.com @PUBLICIP
> >
> > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> . @PUBLICIP
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29059
> > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;.                              IN      A
> >
> > ;; AUTHORITY SECTION:
> > .                       518400  IN      NS      a.root-servers.net.
> > .                       518400  IN      NS      b.root-servers.net.
> > .                       518400  IN      NS      c.root-servers.net.
> > .                       518400  IN      NS      d.root-servers.net.
> > .                       518400  IN      NS      e.root-servers.net.
> > .                       518400  IN      NS      f.root-servers.net.
> > .                       518400  IN      NS      g.root-servers.net.
> > .                       518400  IN      NS      h.root-servers.net.
> > .                       518400  IN      NS      i.root-servers.net.
> > .                       518400  IN      NS      j.root-servers.net.
> > .                       518400  IN      NS      k.root-servers.net.
> > .                       518400  IN      NS      l.root-servers.net.
> > .                       518400  IN      NS      m.root-servers.net.
> >
> > ;; ADDITIONAL SECTION:
> > a.root-servers.net.     3600000 IN      A       198.41.0.4
> > a.root-servers.net.     3600000 IN      AAAA    2001:503:ba3e::2:30
> > b.root-servers.net.     3600000 IN      A       192.228.79.201
> > c.root-servers.net.     3600000 IN      A       192.33.4.12
> > d.root-servers.net.     3600000 IN      A       199.7.91.13
> > d.root-servers.net.     3600000 IN      AAAA    2001:500:2d::d
> > e.root-servers.net.     3600000 IN      A       192.203.230.10
> > f.root-servers.net.     3600000 IN      A       192.5.5.241
> > f.root-servers.net.     3600000 IN      AAAA    2001:500:2f::f
> > g.root-servers.net.     3600000 IN      A       192.112.36.4
> > h.root-servers.net.     3600000 IN      A       128.63.2.53
> > h.root-servers.net.     3600000 IN      AAAA    2001:500:1::803f:235
> > i.root-servers.net.     3600000 IN      A       192.36.148.17
> >
> > ;; Query time: 24 msec
> > ;;
> > ;; WHEN: Sun Jan  3 05:10:27 2016
> > ;; MSG SIZE  rcvd: 484
> >
> >
> > or
> >
> > host google.com PUBLICIP
> > Using domain server:
> > Name: PUBLICIP
> > Address: PUBLICIP#53
> > Aliases:
> >
> >
> > As you see, there is no answer. I only get the root NS servers.
> >
> > --
> > Luis Daniel Lucio Quiroz
> > CISSP, CISM, CISA
> > Linux, VoIP and much more fun
> > www.okay.com.mx
> >
> > Need LCR? Check out LCR for FusionPBX with FreeSWITCH
> > Need Billing? Check out Billing for FusionPBX with FreeSWITCH
> >
>
>
> --
>
> "Genius might be described as a supreme capacity for getting its possessors
> into trouble of all kinds."
> -- Samuel Butler

> _______________________________________________
> Pdns-users mailing list
> [hidden email]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: PDNS to answer as NON-authoritative?

Michael Loftis
Then quit asking it for information it doesn't have. Responding with the root NS set is correct when you're asking for Google.com which it knows nothing about. 

On Sunday, January 3, 2016, Luis Daniel Lucio Quiroz <[hidden email]> wrote:

Thanks. But that's the way u don't want to use. I know how.

I need to make it work in non recursive mode.

Le 3 janv. 2016 9:29 AM, "Aki Tuomi" <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;cmouse@youzen.ext.b2.fi&#39;);" target="_blank">cmouse@...> a écrit :
If you want to use auth as recursor, you need to configure

recursor=<valid recursor IP>
allow-recursion=<list of networks that can recurse>

On Sat, Jan 02, 2016 at 09:55:54PM -0800, Michael Loftis wrote:
> PowerDNS is not the same as PowerDNS Recursor. The former only does
> authoritative which is your problem here.
>
> On Saturday, January 2, 2016, Luis Daniel Lucio Quiroz <
> <a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;luis.daniel.lucio@gmail.com&#39;);" target="_blank">luis.daniel.lucio@...> wrote:
>
> > Hello
> >
> > Wat am I missing? I have this:
> > launch=pipe,bind
> > pipe-command=/usr/local/libexec/latency.pdns.plugin
> > pipe-regex=^.*\.(mylocaldomain)\.(net);.*$
> > bind-config=/etc/named.pdns.conf
> > bind-check-interval=300
> > bind-ignore-broken-records=no
> > send-root-referral=lean
> > allow-recursion=192.168.7.0/24
> >
> > /etc/named.pdns.conf looks like this
> > zone "mylocaldomain.net" IN {
> >    type master;
> >    file "/var/named/data/mylocaldomain.net";
> > };
> >
> > zone "root-servers.net" IN {
> >    type master;
> >    file "/var/named/data/named.ca";
> > };
> >
> >
> > when I do a dig, or a host, i get this:
> >
> > dig google.com @PUBLICIP
> >
> > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> . @PUBLICIP
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29059
> > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;.                              IN      A
> >
> > ;; AUTHORITY SECTION:
> > .                       518400  IN      NS      a.root-servers.net.
> > .                       518400  IN      NS      b.root-servers.net.
> > .                       518400  IN      NS      c.root-servers.net.
> > .                       518400  IN      NS      d.root-servers.net.
> > .                       518400  IN      NS      e.root-servers.net.
> > .                       518400  IN      NS      f.root-servers.net.
> > .                       518400  IN      NS      g.root-servers.net.
> > .                       518400  IN      NS      h.root-servers.net.
> > .                       518400  IN      NS      i.root-servers.net.
> > .                       518400  IN      NS      j.root-servers.net.
> > .                       518400  IN      NS      k.root-servers.net.
> > .                       518400  IN      NS      l.root-servers.net.
> > .                       518400  IN      NS      m.root-servers.net.
> >
> > ;; ADDITIONAL SECTION:
> > a.root-servers.net.     3600000 IN      A       198.41.0.4
> > a.root-servers.net.     3600000 IN      AAAA    2001:503:ba3e::2:30
> > b.root-servers.net.     3600000 IN      A       192.228.79.201
> > c.root-servers.net.     3600000 IN      A       192.33.4.12
> > d.root-servers.net.     3600000 IN      A       199.7.91.13
> > d.root-servers.net.     3600000 IN      AAAA    2001:500:2d::d
> > e.root-servers.net.     3600000 IN      A       192.203.230.10
> > f.root-servers.net.     3600000 IN      A       192.5.5.241
> > f.root-servers.net.     3600000 IN      AAAA    2001:500:2f::f
> > g.root-servers.net.     3600000 IN      A       192.112.36.4
> > h.root-servers.net.     3600000 IN      A       128.63.2.53
> > h.root-servers.net.     3600000 IN      AAAA    2001:500:1::803f:235
> > i.root-servers.net.     3600000 IN      A       192.36.148.17
> >
> > ;; Query time: 24 msec
> > ;;
> > ;; WHEN: Sun Jan  3 05:10:27 2016
> > ;; MSG SIZE  rcvd: 484
> >
> >
> > or
> >
> > host google.com PUBLICIP
> > Using domain server:
> > Name: PUBLICIP
> > Address: PUBLICIP#53
> > Aliases:
> >
> >
> > As you see, there is no answer. I only get the root NS servers.
> >
> > --
> > Luis Daniel Lucio Quiroz
> > CISSP, CISM, CISA
> > Linux, VoIP and much more fun
> > www.okay.com.mx
> >
> > Need LCR? Check out LCR for FusionPBX with FreeSWITCH
> > Need Billing? Check out Billing for FusionPBX with FreeSWITCH
> >
>
>
> --
>
> "Genius might be described as a supreme capacity for getting its possessors
> into trouble of all kinds."
> -- Samuel Butler

> _______________________________________________
> Pdns-users mailing list
> <a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;Pdns-users@mailman.powerdns.com&#39;);" target="_blank">Pdns-users@...
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



--

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: PDNS to answer as NON-authoritative?

Luis Daniel Lucio Quiroz

You don't pay attention.
My question is why the resolver doesn't continue the iterative query.
It just stops when it gets the ns answer

Le 3 janv. 2016 12:59 PM, "Michael Loftis" <[hidden email]> a écrit :
Then quit asking it for information it doesn't have. Responding with the root NS set is correct when you're asking for Google.com which it knows nothing about. 

On Sunday, January 3, 2016, Luis Daniel Lucio Quiroz <[hidden email]> wrote:

Thanks. But that's the way u don't want to use. I know how.

I need to make it work in non recursive mode.

Le 3 janv. 2016 9:29 AM, "Aki Tuomi" <[hidden email]> a écrit :
If you want to use auth as recursor, you need to configure

recursor=<valid recursor IP>
allow-recursion=<list of networks that can recurse>

On Sat, Jan 02, 2016 at 09:55:54PM -0800, Michael Loftis wrote:
> PowerDNS is not the same as PowerDNS Recursor. The former only does
> authoritative which is your problem here.
>
> On Saturday, January 2, 2016, Luis Daniel Lucio Quiroz <
> [hidden email]> wrote:
>
> > Hello
> >
> > Wat am I missing? I have this:
> > launch=pipe,bind
> > pipe-command=/usr/local/libexec/latency.pdns.plugin
> > pipe-regex=^.*\.(mylocaldomain)\.(net);.*$
> > bind-config=/etc/named.pdns.conf
> > bind-check-interval=300
> > bind-ignore-broken-records=no
> > send-root-referral=lean
> > allow-recursion=192.168.7.0/24
> >
> > /etc/named.pdns.conf looks like this
> > zone "mylocaldomain.net" IN {
> >    type master;
> >    file "/var/named/data/mylocaldomain.net";
> > };
> >
> > zone "root-servers.net" IN {
> >    type master;
> >    file "/var/named/data/named.ca";
> > };
> >
> >
> > when I do a dig, or a host, i get this:
> >
> > dig google.com @PUBLICIP
> >
> > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> . @PUBLICIP
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29059
> > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;.                              IN      A
> >
> > ;; AUTHORITY SECTION:
> > .                       518400  IN      NS      a.root-servers.net.
> > .                       518400  IN      NS      b.root-servers.net.
> > .                       518400  IN      NS      c.root-servers.net.
> > .                       518400  IN      NS      d.root-servers.net.
> > .                       518400  IN      NS      e.root-servers.net.
> > .                       518400  IN      NS      f.root-servers.net.
> > .                       518400  IN      NS      g.root-servers.net.
> > .                       518400  IN      NS      h.root-servers.net.
> > .                       518400  IN      NS      i.root-servers.net.
> > .                       518400  IN      NS      j.root-servers.net.
> > .                       518400  IN      NS      k.root-servers.net.
> > .                       518400  IN      NS      l.root-servers.net.
> > .                       518400  IN      NS      m.root-servers.net.
> >
> > ;; ADDITIONAL SECTION:
> > a.root-servers.net.     3600000 IN      A       198.41.0.4
> > a.root-servers.net.     3600000 IN      AAAA    2001:503:ba3e::2:30
> > b.root-servers.net.     3600000 IN      A       192.228.79.201
> > c.root-servers.net.     3600000 IN      A       192.33.4.12
> > d.root-servers.net.     3600000 IN      A       199.7.91.13
> > d.root-servers.net.     3600000 IN      AAAA    2001:500:2d::d
> > e.root-servers.net.     3600000 IN      A       192.203.230.10
> > f.root-servers.net.     3600000 IN      A       192.5.5.241
> > f.root-servers.net.     3600000 IN      AAAA    2001:500:2f::f
> > g.root-servers.net.     3600000 IN      A       192.112.36.4
> > h.root-servers.net.     3600000 IN      A       128.63.2.53
> > h.root-servers.net.     3600000 IN      AAAA    2001:500:1::803f:235
> > i.root-servers.net.     3600000 IN      A       192.36.148.17
> >
> > ;; Query time: 24 msec
> > ;;
> > ;; WHEN: Sun Jan  3 05:10:27 2016
> > ;; MSG SIZE  rcvd: 484
> >
> >
> > or
> >
> > host google.com PUBLICIP
> > Using domain server:
> > Name: PUBLICIP
> > Address: PUBLICIP#53
> > Aliases:
> >
> >
> > As you see, there is no answer. I only get the root NS servers.
> >
> > --
> > Luis Daniel Lucio Quiroz
> > CISSP, CISM, CISA
> > Linux, VoIP and much more fun
> > www.okay.com.mx
> >
> > Need LCR? Check out LCR for FusionPBX with FreeSWITCH
> > Need Billing? Check out Billing for FusionPBX with FreeSWITCH
> >
>
>
> --
>
> "Genius might be described as a supreme capacity for getting its possessors
> into trouble of all kinds."
> -- Samuel Butler

> _______________________________________________
> Pdns-users mailing list
> [hidden email]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



--

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: PDNS to answer as NON-authoritative?

Luis Daniel Lucio Quiroz
In reply to this post by Luis Daniel Lucio Quiroz

Host command does not do that as well. It off on the sample output

Le 3 janv. 2016 2:00 PM, "Aki Tuomi" <[hidden email]> a écrit :
That is because dig is not a resolver.



---
Aki Tuomi


-------- Original message --------
From: Luis Daniel Lucio Quiroz <[hidden email]>
Date: 03/01/2016 20:56 (GMT+02:00)
To: Michael Loftis <[hidden email]>
Cc: Aki Tuomi <[hidden email]>, [hidden email]
Subject: Re: [Pdns-users] PDNS to answer as NON-authoritative?

You don't pay attention.
My question is why the resolver doesn't continue the iterative query.
It just stops when it gets the ns answer

Le 3 janv. 2016 12:59 PM, "Michael Loftis" <[hidden email]> a écrit :
Then quit asking it for information it doesn't have. Responding with the root NS set is correct when you're asking for Google.com which it knows nothing about. 

On Sunday, January 3, 2016, Luis Daniel Lucio Quiroz <[hidden email]> wrote:

Thanks. But that's the way u don't want to use. I know how.

I need to make it work in non recursive mode.

Le 3 janv. 2016 9:29 AM, "Aki Tuomi" <[hidden email]> a écrit :
If you want to use auth as recursor, you need to configure

recursor=<valid recursor IP>
allow-recursion=<list of networks that can recurse>

On Sat, Jan 02, 2016 at 09:55:54PM -0800, Michael Loftis wrote:
> PowerDNS is not the same as PowerDNS Recursor. The former only does
> authoritative which is your problem here.
>
> On Saturday, January 2, 2016, Luis Daniel Lucio Quiroz <
> [hidden email]> wrote:
>
> > Hello
> >
> > Wat am I missing? I have this:
> > launch=pipe,bind
> > pipe-command=/usr/local/libexec/latency.pdns.plugin
> > pipe-regex=^.*\.(mylocaldomain)\.(net);.*$
> > bind-config=/etc/named.pdns.conf
> > bind-check-interval=300
> > bind-ignore-broken-records=no
> > send-root-referral=lean
> > allow-recursion=192.168.7.0/24
> >
> > /etc/named.pdns.conf looks like this
> > zone "mylocaldomain.net" IN {
> >    type master;
> >    file "/var/named/data/mylocaldomain.net";
> > };
> >
> > zone "root-servers.net" IN {
> >    type master;
> >    file "/var/named/data/named.ca";
> > };
> >
> >
> > when I do a dig, or a host, i get this:
> >
> > dig google.com @PUBLICIP
> >
> > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> . @PUBLICIP
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29059
> > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;.                              IN      A
> >
> > ;; AUTHORITY SECTION:
> > .                       518400  IN      NS      a.root-servers.net.
> > .                       518400  IN      NS      b.root-servers.net.
> > .                       518400  IN      NS      c.root-servers.net.
> > .                       518400  IN      NS      d.root-servers.net.
> > .                       518400  IN      NS      e.root-servers.net.
> > .                       518400  IN      NS      f.root-servers.net.
> > .                       518400  IN      NS      g.root-servers.net.
> > .                       518400  IN      NS      h.root-servers.net.
> > .                       518400  IN      NS      i.root-servers.net.
> > .                       518400  IN      NS      j.root-servers.net.
> > .                       518400  IN      NS      k.root-servers.net.
> > .                       518400  IN      NS      l.root-servers.net.
> > .                       518400  IN      NS      m.root-servers.net.
> >
> > ;; ADDITIONAL SECTION:
> > a.root-servers.net.     3600000 IN      A       198.41.0.4
> > a.root-servers.net.     3600000 IN      AAAA    2001:503:ba3e::2:30
> > b.root-servers.net.     3600000 IN      A       192.228.79.201
> > c.root-servers.net.     3600000 IN      A       192.33.4.12
> > d.root-servers.net.     3600000 IN      A       199.7.91.13
> > d.root-servers.net.     3600000 IN      AAAA    2001:500:2d::d
> > e.root-servers.net.     3600000 IN      A       192.203.230.10
> > f.root-servers.net.     3600000 IN      A       192.5.5.241
> > f.root-servers.net.     3600000 IN      AAAA    2001:500:2f::f
> > g.root-servers.net.     3600000 IN      A       192.112.36.4
> > h.root-servers.net.     3600000 IN      A       128.63.2.53
> > h.root-servers.net.     3600000 IN      AAAA    2001:500:1::803f:235
> > i.root-servers.net.     3600000 IN      A       192.36.148.17
> >
> > ;; Query time: 24 msec
> > ;;
> > ;; WHEN: Sun Jan  3 05:10:27 2016
> > ;; MSG SIZE  rcvd: 484
> >
> >
> > or
> >
> > host google.com PUBLICIP
> > Using domain server:
> > Name: PUBLICIP
> > Address: PUBLICIP#53
> > Aliases:
> >
> >
> > As you see, there is no answer. I only get the root NS servers.
> >
> > --
> > Luis Daniel Lucio Quiroz
> > CISSP, CISM, CISA
> > Linux, VoIP and much more fun
> > www.okay.com.mx
> >
> > Need LCR? Check out LCR for FusionPBX with FreeSWITCH
> > Need Billing? Check out Billing for FusionPBX with FreeSWITCH
> >
>
>
> --
>
> "Genius might be described as a supreme capacity for getting its possessors
> into trouble of all kinds."
> -- Samuel Butler

> _______________________________________________
> Pdns-users mailing list
> [hidden email]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



--

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: PDNS to answer as NON-authoritative?

Michael Loftis
Again not a resolver. Sorry but you're the one misunderstanding. If you want answers for data not present you need a recursive resolver.

On Sunday, January 3, 2016, Luis Daniel Lucio Quiroz <[hidden email]> wrote:

Host command does not do that as well. It off on the sample output

Le 3 janv. 2016 2:00 PM, "Aki Tuomi" <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;cmouse@cmouse.fi&#39;);" target="_blank">cmouse@...> a écrit :
That is because dig is not a resolver.



---
Aki Tuomi


-------- Original message --------
From: Luis Daniel Lucio Quiroz <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;luis.daniel.lucio@gmail.com&#39;);" target="_blank">luis.daniel.lucio@...>
Date: 03/01/2016 20:56 (GMT+02:00)
To: Michael Loftis <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;mloftis@wgops.com&#39;);" target="_blank">mloftis@...>
Cc: Aki Tuomi <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;cmouse@youzen.ext.b2.fi&#39;);" target="_blank">cmouse@...>, <a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;pdns-users@mailman.powerdns.com&#39;);" target="_blank">pdns-users@...
Subject: Re: [Pdns-users] PDNS to answer as NON-authoritative?

You don't pay attention.
My question is why the resolver doesn't continue the iterative query.
It just stops when it gets the ns answer

Le 3 janv. 2016 12:59 PM, "Michael Loftis" <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;mloftis@wgops.com&#39;);" target="_blank">mloftis@...> a écrit :
Then quit asking it for information it doesn't have. Responding with the root NS set is correct when you're asking for Google.com which it knows nothing about. 

On Sunday, January 3, 2016, Luis Daniel Lucio Quiroz <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;luis.daniel.lucio@gmail.com&#39;);" target="_blank">luis.daniel.lucio@...> wrote:

Thanks. But that's the way u don't want to use. I know how.

I need to make it work in non recursive mode.

Le 3 janv. 2016 9:29 AM, "Aki Tuomi" <[hidden email]> a écrit :
If you want to use auth as recursor, you need to configure

recursor=<valid recursor IP>
allow-recursion=<list of networks that can recurse>

On Sat, Jan 02, 2016 at 09:55:54PM -0800, Michael Loftis wrote:
> PowerDNS is not the same as PowerDNS Recursor. The former only does
> authoritative which is your problem here.
>
> On Saturday, January 2, 2016, Luis Daniel Lucio Quiroz <
> [hidden email]> wrote:
>
> > Hello
> >
> > Wat am I missing? I have this:
> > launch=pipe,bind
> > pipe-command=/usr/local/libexec/latency.pdns.plugin
> > pipe-regex=^.*\.(mylocaldomain)\.(net);.*$
> > bind-config=/etc/named.pdns.conf
> > bind-check-interval=300
> > bind-ignore-broken-records=no
> > send-root-referral=lean
> > allow-recursion=192.168.7.0/24
> >
> > /etc/named.pdns.conf looks like this
> > zone "mylocaldomain.net" IN {
> >    type master;
> >    file "/var/named/data/mylocaldomain.net";
> > };
> >
> > zone "root-servers.net" IN {
> >    type master;
> >    file "/var/named/data/named.ca";
> > };
> >
> >
> > when I do a dig, or a host, i get this:
> >
> > dig google.com @PUBLICIP
> >
> > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> . @PUBLICIP
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29059
> > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;.                              IN      A
> >
> > ;; AUTHORITY SECTION:
> > .                       518400  IN      NS      a.root-servers.net.
> > .                       518400  IN      NS      b.root-servers.net.
> > .                       518400  IN      NS      c.root-servers.net.
> > .                       518400  IN      NS      d.root-servers.net.
> > .                       518400  IN      NS      e.root-servers.net.
> > .                       518400  IN      NS      f.root-servers.net.
> > .                       518400  IN      NS      g.root-servers.net.
> > .                       518400  IN      NS      h.root-servers.net.
> > .                       518400  IN      NS      i.root-servers.net.
> > .                       518400  IN      NS      j.root-servers.net.
> > .                       518400  IN      NS      k.root-servers.net.
> > .                       518400  IN      NS      l.root-servers.net.
> > .                       518400  IN      NS      m.root-servers.net.
> >
> > ;; ADDITIONAL SECTION:
> > a.root-servers.net.     3600000 IN      A       198.41.0.4
> > a.root-servers.net.     3600000 IN      AAAA    2001:503:ba3e::2:30
> > b.root-servers.net.     3600000 IN      A       192.228.79.201
> > c.root-servers.net.     3600000 IN      A       192.33.4.12
> > d.root-servers.net.     3600000 IN      A       199.7.91.13
> > d.root-servers.net.     3600000 IN      AAAA    2001:500:2d::d
> > e.root-servers.net.     3600000 IN      A       192.203.230.10
> > f.root-servers.net.     3600000 IN      A       192.5.5.241
> > f.root-servers.net.     3600000 IN      AAAA    2001:500:2f::f
> > g.root-servers.net.     3600000 IN      A       192.112.36.4
> > h.root-servers.net.     3600000 IN      A       128.63.2.53
> > h.root-servers.net.     3600000 IN      AAAA    2001:500:1::803f:235
> > i.root-servers.net.     3600000 IN      A       192.36.148.17
> >
> > ;; Query time: 24 msec
> > ;;
> > ;; WHEN: Sun Jan  3 05:10:27 2016
> > ;; MSG SIZE  rcvd: 484
> >
> >
> > or
> >
> > host google.com PUBLICIP
> > Using domain server:
> > Name: PUBLICIP
> > Address: PUBLICIP#53
> > Aliases:
> >
> >
> > As you see, there is no answer. I only get the root NS servers.
> >
> > --
> > Luis Daniel Lucio Quiroz
> > CISSP, CISM, CISA
> > Linux, VoIP and much more fun
> > www.okay.com.mx
> >
> > Need LCR? Check out LCR for FusionPBX with FreeSWITCH
> > Need Billing? Check out Billing for FusionPBX with FreeSWITCH
> >
>
>
> --
>
> "Genius might be described as a supreme capacity for getting its possessors
> into trouble of all kinds."
> -- Samuel Butler

> _______________________________________________
> Pdns-users mailing list
> [hidden email]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



--

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler



--

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: PDNS to answer as NON-authoritative?

Luis Daniel Lucio Quiroz

No because in bind, when you turn off recursive resolution it resolves. I can't figure out the missing part to have the same behavior.

Le 3 janv. 2016 2:39 PM, "Michael Loftis" <[hidden email]> a écrit :
Again not a resolver. Sorry but you're the one misunderstanding. If you want answers for data not present you need a recursive resolver.

On Sunday, January 3, 2016, Luis Daniel Lucio Quiroz <[hidden email]> wrote:

Host command does not do that as well. It off on the sample output

Le 3 janv. 2016 2:00 PM, "Aki Tuomi" <[hidden email]> a écrit :
That is because dig is not a resolver.



---
Aki Tuomi


-------- Original message --------
From: Luis Daniel Lucio Quiroz <[hidden email]>
Date: 03/01/2016 20:56 (GMT+02:00)
To: Michael Loftis <[hidden email]>
Cc: Aki Tuomi <[hidden email]>, [hidden email]
Subject: Re: [Pdns-users] PDNS to answer as NON-authoritative?

You don't pay attention.
My question is why the resolver doesn't continue the iterative query.
It just stops when it gets the ns answer

Le 3 janv. 2016 12:59 PM, "Michael Loftis" <[hidden email]> a écrit :
Then quit asking it for information it doesn't have. Responding with the root NS set is correct when you're asking for Google.com which it knows nothing about. 

On Sunday, January 3, 2016, Luis Daniel Lucio Quiroz <[hidden email]> wrote:

Thanks. But that's the way u don't want to use. I know how.

I need to make it work in non recursive mode.

Le 3 janv. 2016 9:29 AM, "Aki Tuomi" <[hidden email]> a écrit :
If you want to use auth as recursor, you need to configure

recursor=<valid recursor IP>
allow-recursion=<list of networks that can recurse>

On Sat, Jan 02, 2016 at 09:55:54PM -0800, Michael Loftis wrote:
> PowerDNS is not the same as PowerDNS Recursor. The former only does
> authoritative which is your problem here.
>
> On Saturday, January 2, 2016, Luis Daniel Lucio Quiroz <
> [hidden email]> wrote:
>
> > Hello
> >
> > Wat am I missing? I have this:
> > launch=pipe,bind
> > pipe-command=/usr/local/libexec/latency.pdns.plugin
> > pipe-regex=^.*\.(mylocaldomain)\.(net);.*$
> > bind-config=/etc/named.pdns.conf
> > bind-check-interval=300
> > bind-ignore-broken-records=no
> > send-root-referral=lean
> > allow-recursion=192.168.7.0/24
> >
> > /etc/named.pdns.conf looks like this
> > zone "mylocaldomain.net" IN {
> >    type master;
> >    file "/var/named/data/mylocaldomain.net";
> > };
> >
> > zone "root-servers.net" IN {
> >    type master;
> >    file "/var/named/data/named.ca";
> > };
> >
> >
> > when I do a dig, or a host, i get this:
> >
> > dig google.com @PUBLICIP
> >
> > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> . @PUBLICIP
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29059
> > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;.                              IN      A
> >
> > ;; AUTHORITY SECTION:
> > .                       518400  IN      NS      a.root-servers.net.
> > .                       518400  IN      NS      b.root-servers.net.
> > .                       518400  IN      NS      c.root-servers.net.
> > .                       518400  IN      NS      d.root-servers.net.
> > .                       518400  IN      NS      e.root-servers.net.
> > .                       518400  IN      NS      f.root-servers.net.
> > .                       518400  IN      NS      g.root-servers.net.
> > .                       518400  IN      NS      h.root-servers.net.
> > .                       518400  IN      NS      i.root-servers.net.
> > .                       518400  IN      NS      j.root-servers.net.
> > .                       518400  IN      NS      k.root-servers.net.
> > .                       518400  IN      NS      l.root-servers.net.
> > .                       518400  IN      NS      m.root-servers.net.
> >
> > ;; ADDITIONAL SECTION:
> > a.root-servers.net.     3600000 IN      A       198.41.0.4
> > a.root-servers.net.     3600000 IN      AAAA    2001:503:ba3e::2:30
> > b.root-servers.net.     3600000 IN      A       192.228.79.201
> > c.root-servers.net.     3600000 IN      A       192.33.4.12
> > d.root-servers.net.     3600000 IN      A       199.7.91.13
> > d.root-servers.net.     3600000 IN      AAAA    2001:500:2d::d
> > e.root-servers.net.     3600000 IN      A       192.203.230.10
> > f.root-servers.net.     3600000 IN      A       192.5.5.241
> > f.root-servers.net.     3600000 IN      AAAA    2001:500:2f::f
> > g.root-servers.net.     3600000 IN      A       192.112.36.4
> > h.root-servers.net.     3600000 IN      A       128.63.2.53
> > h.root-servers.net.     3600000 IN      AAAA    2001:500:1::803f:235
> > i.root-servers.net.     3600000 IN      A       192.36.148.17
> >
> > ;; Query time: 24 msec
> > ;;
> > ;; WHEN: Sun Jan  3 05:10:27 2016
> > ;; MSG SIZE  rcvd: 484
> >
> >
> > or
> >
> > host google.com PUBLICIP
> > Using domain server:
> > Name: PUBLICIP
> > Address: PUBLICIP#53
> > Aliases:
> >
> >
> > As you see, there is no answer. I only get the root NS servers.
> >
> > --
> > Luis Daniel Lucio Quiroz
> > CISSP, CISM, CISA
> > Linux, VoIP and much more fun
> > www.okay.com.mx
> >
> > Need LCR? Check out LCR for FusionPBX with FreeSWITCH
> > Need Billing? Check out Billing for FusionPBX with FreeSWITCH
> >
>
>
> --
>
> "Genius might be described as a supreme capacity for getting its possessors
> into trouble of all kinds."
> -- Samuel Butler

> _______________________________________________
> Pdns-users mailing list
> [hidden email]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



--

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler



--

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Reply | Threaded
Open this post in threaded view
|

Re: PDNS to answer as NON-authoritative?

Michael Loftis
Two people have answered your question and told you what you're missing. I'm not going to try to guess at whatever misconfiguration or misunderstanding resulted in you getting (or seemingly getting) recursive results from bind when you were attempting to disable them. PowerDNS fully and completely separates all authoritative functionality from recursive  functionality (and any associated caches). This is in contrast to bind which merges all such functionality.


On Sunday, January 3, 2016, Luis Daniel Lucio Quiroz <[hidden email]> wrote:

No because in bind, when you turn off recursive resolution it resolves. I can't figure out the missing part to have the same behavior.

Le 3 janv. 2016 2:39 PM, "Michael Loftis" <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;mloftis@wgops.com&#39;);" target="_blank">mloftis@...> a écrit :
Again not a resolver. Sorry but you're the one misunderstanding. If you want answers for data not present you need a recursive resolver.

On Sunday, January 3, 2016, Luis Daniel Lucio Quiroz <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;luis.daniel.lucio@gmail.com&#39;);" target="_blank">luis.daniel.lucio@...> wrote:

Host command does not do that as well. It off on the sample output

Le 3 janv. 2016 2:00 PM, "Aki Tuomi" <[hidden email]> a écrit :
That is because dig is not a resolver.



---
Aki Tuomi


-------- Original message --------
From: Luis Daniel Lucio Quiroz <[hidden email]>
Date: 03/01/2016 20:56 (GMT+02:00)
To: Michael Loftis <[hidden email]>
Cc: Aki Tuomi <[hidden email]>, [hidden email]
Subject: Re: [Pdns-users] PDNS to answer as NON-authoritative?

You don't pay attention.
My question is why the resolver doesn't continue the iterative query.
It just stops when it gets the ns answer

Le 3 janv. 2016 12:59 PM, "Michael Loftis" <[hidden email]> a écrit :
Then quit asking it for information it doesn't have. Responding with the root NS set is correct when you're asking for Google.com which it knows nothing about. 

On Sunday, January 3, 2016, Luis Daniel Lucio Quiroz <[hidden email]> wrote:

Thanks. But that's the way u don't want to use. I know how.

I need to make it work in non recursive mode.

Le 3 janv. 2016 9:29 AM, "Aki Tuomi" <[hidden email]> a écrit :
If you want to use auth as recursor, you need to configure

recursor=<valid recursor IP>
allow-recursion=<list of networks that can recurse>

On Sat, Jan 02, 2016 at 09:55:54PM -0800, Michael Loftis wrote:
> PowerDNS is not the same as PowerDNS Recursor. The former only does
> authoritative which is your problem here.
>
> On Saturday, January 2, 2016, Luis Daniel Lucio Quiroz <
> [hidden email]> wrote:
>
> > Hello
> >
> > Wat am I missing? I have this:
> > launch=pipe,bind
> > pipe-command=/usr/local/libexec/latency.pdns.plugin
> > pipe-regex=^.*\.(mylocaldomain)\.(net);.*$
> > bind-config=/etc/named.pdns.conf
> > bind-check-interval=300
> > bind-ignore-broken-records=no
> > send-root-referral=lean
> > allow-recursion=192.168.7.0/24
> >
> > /etc/named.pdns.conf looks like this
> > zone "mylocaldomain.net" IN {
> >    type master;
> >    file "/var/named/data/mylocaldomain.net";
> > };
> >
> > zone "root-servers.net" IN {
> >    type master;
> >    file "/var/named/data/named.ca";
> > };
> >
> >
> > when I do a dig, or a host, i get this:
> >
> > dig google.com @PUBLICIP
> >
> > ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> . @PUBLICIP
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29059
> > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
> > ;; WARNING: recursion requested but not available
> >
> > ;; QUESTION SECTION:
> > ;.                              IN      A
> >
> > ;; AUTHORITY SECTION:
> > .                       518400  IN      NS      a.root-servers.net.
> > .                       518400  IN      NS      b.root-servers.net.
> > .                       518400  IN      NS      c.root-servers.net.
> > .                       518400  IN      NS      d.root-servers.net.
> > .                       518400  IN      NS      e.root-servers.net.
> > .                       518400  IN      NS      f.root-servers.net.
> > .                       518400  IN      NS      g.root-servers.net.
> > .                       518400  IN      NS      h.root-servers.net.
> > .                       518400  IN      NS      i.root-servers.net.
> > .                       518400  IN      NS      j.root-servers.net.
> > .                       518400  IN      NS      k.root-servers.net.
> > .                       518400  IN      NS      l.root-servers.net.
> > .                       518400  IN      NS      m.root-servers.net.
> >
> > ;; ADDITIONAL SECTION:
> > a.root-servers.net.     3600000 IN      A       198.41.0.4
> > a.root-servers.net.     3600000 IN      AAAA    2001:503:ba3e::2:30
> > b.root-servers.net.     3600000 IN      A       192.228.79.201
> > c.root-servers.net.     3600000 IN      A       192.33.4.12
> > d.root-servers.net.     3600000 IN      A       199.7.91.13
> > d.root-servers.net.     3600000 IN      AAAA    2001:500:2d::d
> > e.root-servers.net.     3600000 IN      A       192.203.230.10
> > f.root-servers.net.     3600000 IN      A       192.5.5.241
> > f.root-servers.net.     3600000 IN      AAAA    2001:500:2f::f
> > g.root-servers.net.     3600000 IN      A       192.112.36.4
> > h.root-servers.net.     3600000 IN      A       128.63.2.53
> > h.root-servers.net.     3600000 IN      AAAA    2001:500:1::803f:235
> > i.root-servers.net.     3600000 IN      A       192.36.148.17
> >
> > ;; Query time: 24 msec
> > ;;
> > ;; WHEN: Sun Jan  3 05:10:27 2016
> > ;; MSG SIZE  rcvd: 484
> >
> >
> > or
> >
> > host google.com PUBLICIP
> > Using domain server:
> > Name: PUBLICIP
> > Address: PUBLICIP#53
> > Aliases:
> >
> >
> > As you see, there is no answer. I only get the root NS servers.
> >
> > --
> > Luis Daniel Lucio Quiroz
> > CISSP, CISM, CISA
> > Linux, VoIP and much more fun
> > www.okay.com.mx
> >
> > Need LCR? Check out LCR for FusionPBX with FreeSWITCH
> > Need Billing? Check out Billing for FusionPBX with FreeSWITCH
> >
>
>
> --
>
> "Genius might be described as a supreme capacity for getting its possessors
> into trouble of all kinds."
> -- Samuel Butler

> _______________________________________________
> Pdns-users mailing list
> [hidden email]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



--

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler



--

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler



--

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users