Ticket #123 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Classless in-addr.arpa delegation broken

Reported by: anon Assigned to: somebody
Priority: normal Milestone:
Component: component1 Version:
Severity: normal Keywords:
Cc: augie.schwer@gmail.com

Description

It seems in certain cases PowerDNS does not volunteer the CNAME it has when asked for a PTR; which will break sites with rfc2317 (http://www.ietf.org/rfc/rfc2317.txt) setup.

We are running r950 out of the SVN trunk with a patch for #118 (http://wiki.powerdns.com/cgi-bin/trac.fcgi/ticket/118).

So for example we have a BIND master with a zone file that looks something like this: 

$TTL 3600
$ORIGIN 222.12.69.in-addr.arpa.
@               IN      SOA     sonic.net. hostmaster.sonic.net. (
                       2006121401      ; serial
                       3600            ; refresh
                       300             ; retry
                       1209600          ; expire
                       3600 )          ; minimum ttl
               IN      NS      a.auth-ns.sonic.net.
               IN      NS      b.auth-ns.sonic.net.
               IN      NS      c.auth-ns.sonic.net.
0-255           IN      NS      ns1.quantact.com.
0-255           IN      NS      ns2.quantact.com.
2               IN      CNAME   2.0-255.222.12.69.in-addr.arpa.

If you ask the BIND master for the reverse you get the CNAME and glue records: 

[augie@augnix ~]$ dig -x 69.12.222.2 @mns1.sonic.net +norecurse
;; ANSWER SECTION:
2.222.12.69.in-addr.arpa. 3600  IN      CNAME   2.0-255.222.12.69.in-addr.arpa.
;; AUTHORITY SECTION:
0-255.222.12.69.in-addr.arpa. 3600 IN   NS      ns1.quantact.com.
0-255.222.12.69.in-addr.arpa. 3600 IN   NS      ns2.quantact.com.
;; ADDITIONAL SECTION:
ns1.quantact.com.       172121  IN      A       64.142.109.250
ns2.quantact.com.       172121  IN      A       64.151.119.219

But if you ask one of the PowerDNS authoritative slaves you only get the glue: 

[augie@augnix ~]$ dig -x 69.12.222.2 @a.auth-ns.sonic.net +norecurse
;; AUTHORITY SECTION:
0-255.222.12.69.in-addr.arpa. 3600 IN   NS      ns1.quantact.com.
0-255.222.12.69.in-addr.arpa. 3600 IN   NS      ns2.quantact.com.

The pertinent bits in the PowerDNS slave DBs look like this: 

mysql> select name,type,content from records where domain_id = 17603
and type = 'NS';
+------------------------------+------+---------------------+
| name                         | type | content             |
+------------------------------+------+---------------------+
| 222.12.69.in-addr.arpa       | NS   | a.auth-ns.sonic.net |
| 222.12.69.in-addr.arpa       | NS   | b.auth-ns.sonic.net |
| 222.12.69.in-addr.arpa       | NS   | c.auth-ns.sonic.net |
| 0-255.222.12.69.in-addr.arpa | NS   | ns1.quantact.com    |
| 0-255.222.12.69.in-addr.arpa | NS   | ns2.quantact.com    |
+------------------------------+------+---------------------+

and 

mysql> select name,type,content from records where content =
'2.0-255.222.12.69.in-addr.arpa';
+--------------------------+-------+--------------------------------+
| name                     | type  | content                        |
+--------------------------+-------+--------------------------------+
| 2.222.12.69.in-addr.arpa | CNAME | 2.0-255.222.12.69.in-addr.arpa |
+--------------------------+-------+--------------------------------+

Attachments

db.69.12.222 (16.9 kB) - added by anon on 02/13/07 00:02:08.
BIND zone file of affected zone.

Change History

02/13/07 00:02:08 changed by anon

  • attachment db.69.12.222 added.

BIND zone file of affected zone.

02/14/07 01:33:11 changed by anon

  • cc set to augie.schwer@gmail.com.

03/25/07 15:53:56 changed by ahu

  • status changed from new to closed.
  • resolution set to fixed.

fixed in 992, but I wonder if this ends things. The regression tests don't find anything odd.