domain-name-system – PowerDNS和一个奇怪的NXDomain

我们以前习惯使用Bind9,但是放弃它以支持PowerDNS,因为坦率地说,Bind很糟糕.

我们的DNS主服务器中有一个“主要”区域. london.wibblesplat.com
还有其他区域,oob.london.wibblesplat.com

非oob区域中的大多数地址在192.168.0.0/16范围内. dns-1服务器的IP为192.168.123.140. (我不确定这是否相关).

我想在172.16.254.0/24范围内的oob.london.wibblesplat.com区域添加一些带外(oob)访问IP

这就是驱动powerdns的数据库中的内容.

powerdns=# select * from records where name like '%switch%';
   id   | domain_id |                        name                        | type |    content    | ttl  | prio | change_date | ordername | auth 
--------+-----------+----------------------------------------------------+------+---------------+------+------+-------------+-----------+------
 190709 |        24 | renderchassis-1-switch-A1.london.wibblesplat.com | A    | 172.16.254.12 | 3600 |    0 |  1328715923 |           | 
 190710 |        24 | renderchassis-1-switch-A2.london.wibblesplat.com | A    | 172.16.254.3  | 3600 |    0 |  1328715923 |           | 
 190711 |        24 | renderchassis-2-switch-A1.london.wibblesplat.com | A    | 172.16.254.2  | 3600 |    0 |  1328715923 |           | 
 190712 |        24 | renderchassis-2-switch-A2.london.wibblesplat.com | A    | 172.16.254.13 | 3600 |    0 |  1328715923 |           | 
(4 rows)

这就是挖说的.

tom.oconnor@charcoal-black:~$dig renderchassis-1-switch-A1 +search
; <<>> DiG 9.7.0-P1 <<>> renderchassis-1-switch-A1 +search
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NXDOMAIN,id: 28586
;; flags: qr aa rd ra; QUERY: 1,ANSWER: 0,AUTHORITY: 1,ADDITIONAL: 0

;; QUESTION SECTION:
;renderchassis-1-switch-A1.london.wibblesplat.com. IN A

;; AUTHORITY SECTION:
london.wibblesplat.com. 1800    IN  SOA dns1.london.wibblesplat.com. hostmaster.london.wibblesplat.com. 2012020803 28800 7200 604800 86400

;; Query time: 2 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 15:58:53 2012
;; MSG SIZE  rcvd: 120

为什么PowerDNS没有提供记录？它存在.查询应该没问题.如果A记录不在服务器可访问的子网中,是否有一些奇怪的区域没有被提供？ (我看不出这是正确的,如果我想(无论出于何种原因)重新发布8.8.8.8的A记录或其他什么).

有什么想法吗？

编辑：

情节变浓.
出于兴趣,我修改了旧记录,并添加了一些新的,更短的记录.

powerdns=# select * from records where name like '%rc1sw%' or content like '%rc1sw%';
   id   | domain_id |            name             | type |    content    | ttl  | prio | change_date | ordername | auth 
--------+-----------+-----------------------------+------+---------------+------+------+-------------+-----------+------
 190810 |        23 | rc1sw1.london.wibblesplat.com | A    | 172.16.254.12 | 3600 |    0 |  1328720986 |           | 
 190811 |        23 | rc1sw2.london.wibblesplat.com | A    | 172.16.254.3  | 3600 |    0 |  1328720999 |   

    |

现在..
tom.oconnor@charcoal-black：〜$dig rc1sw1搜索

; <<>> DiG 9.7.0-P1 <<>> rc1sw1 +search
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,status: NOERROR,id: 32849
;; flags: qr aa rd ra; QUERY: 1,ANSWER: 1,AUTHORITY: 0,ADDITIONAL: 0

;; QUESTION SECTION:
;rc1sw1.london.wibblesplat.com. IN  A

;; ANSWER SECTION:
rc1sw1.london.wibblesplat.com. 3600 IN  A   172.16.254.12

;; Query time: 0 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 17:10:35 2012
;; MSG SIZE  rcvd: 61

它有效.

似乎Powerdns可能不喜欢这么多 – 名字中的字符.我会牢记这一点,继续下去.不过,答案可能还不错.

好吧,这是它不喜欢的-A1.

看看这个.

powerdns=# select * from records order by id desc limit 5;
   id   | domain_id |              name               | type |             content             | ttl  | prio | change_date | ordername | auth 
--------+-----------+---------------------------------+------+---------------------------------+------+------+-------------+-----------+------
 190830 |        23 | bunt-1-A1.london.wibblesplat.com  | A    | 127.0.0.1                       |  120 |    0 |  1328722058 |           | 
 190829 |        22 | 80.124.168.192.in-addr.arpa.    | PTR  | claret-red.london.wibblesplat.com | 3600 |    0 |  1328722007 |           | 
 190828 |        23 | claret-red.london.wibblesplat.com | A    | 192.168.124.80                  | 3600 |    0 |  1328722007 |           | 
 190825 |        23 | BUNT.london.wibblesplat.com       | A    | 127.0.0.1                       |  120 |    0 |  1328721975 |           | 
 190824 |        23 | bunt.london.wibblesplat.com       | A    | 127.0.0.1                       |  120 |    0 |  1328721967 |    

   |

和

tom.oconnor@charcoal-black:~$dig bunt +search

; <<>> DiG 9.7.0-P1 <<>> bunt +search
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,id: 34027
;; flags: qr aa rd ra; QUERY: 1,ADDITIONAL: 0

;; QUESTION SECTION:
;bunt.london.wibblesplat.com.   IN  A

;; ANSWER SECTION:
bunt.london.wibblesplat.com. 120    IN  A   127.0.0.1

;; Query time: 1 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 17:27:15 2012
;; MSG SIZE  rcvd: 59

tom.oconnor@charcoal-black:~$dig BUNT +search

; <<>> DiG 9.7.0-P1 <<>> BUNT +search
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,id: 60125
;; flags: qr aa rd ra; QUERY: 1,ADDITIONAL: 0

;; QUESTION SECTION:
;BUNT.london.wibblesplat.com.   IN  A

;; ANSWER SECTION:
BUNT.london.wibblesplat.com. 120    IN  A   127.0.0.1

;; Query time: 0 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 17:27:20 2012
;; MSG SIZE  rcvd: 59


tom.oconnor@charcoal-black:~$dig bunt-1-A1 +search

; <<>> DiG 9.7.0-P1 <<>> bunt-1-A1 +search
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY,id: 22009
;; flags: qr rd ra; QUERY: 1,ADDITIONAL: 0

;    ; QUESTION SECTION:
;bunt-1-A1.         IN  A

;; AUTHORITY SECTION:
.           1800    IN  SOA a.root-servers.net. nstld.verisign-grs.com. 2012020801 1800 900 604800 86400

;; Query time: 59 msec
;; SERVER: 192.168.123.140#53(192.168.123.140)
;; WHEN: Wed Feb  8 17:27:53 2012
;; MSG SIZE  rcvd: 102