Power DNS returning NXDOMAIN for non-authoritive domains

I came across a weird one this morning while doing a check of our DNS name servers

When i did a lookup for google.com against our authoritive name servers, they were returning NXDOMAIN – this is not what it should be returning (should be returning SERVFAIL or REFUSED)! These servers are neither authorised for google.com OR resolvers!

All signs pointed to a misconfiguration, but no changes had taken place in months! And the last check for things like this returned clean.

The end result:

Someone had put a space in for the name of a SOA record!

I dived in to MySQL and ran this

select * from powerdns.records where name = ‘ ‘; (note the space between the quotes)

And found 1 record. Fixing that returned everything to normal again (returning SERVFAIL)

The before dig looked like this:

[[email protected] ~]# dig A google.com @ns1.xxxxx.com.au

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.5 <<>> A google.com @ns1.xxxxx.com.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55583
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;google.com.            IN    A

;; AUTHORITY SECTION:
.            3600    IN    SOA    ns1.XXXX.com.au. hostmaster.XXXX.com.au. 2013091305 28800 7200 604800 86400

;; Query time: 228 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
;; WHEN: Tue Sep 24 22:43:11 2013
;; MSG SIZE  rcvd: 91

[[email protected] ~]#

It should have looked like this:
[[email protected] ~]# dig A google.com @ns1.xxxxx.com.au

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.5 <<>> A google.com @ns1.xxxxx.com.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44150
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;google.com.            IN    A

;; Query time: 232 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
;; WHEN: Tue Sep 24 22:46:40 2013
;; MSG SIZE  rcvd: 28

[[email protected] ~]# 

Hopefully this will help someone along the way!

Leave a Reply

Your email address will not be published.

Blue Captcha Image
Refresh

*

RSS
LinkedIn
LinkedIn
Share