Bug#650965: pdns-recursor: gives inconsistent results on subsequent queries

2014-11-26 Thread Matija Nalis 
Package: pdns-recursor
Version: 3.6.1-1~bpo70+1
Followup-For: Bug #650965

Unfortunately, 

inconsistency bug still appears in 3.6.1-1~bpo70+1 from wheezy-backports.

This time not fatal (as domain data didn't change), but subsequent calls to
pdns-recursor return different TTL data (indicating it keeps two different
cached versions for same data):

for example (all request are to this one pdns-recursor instance via
/etc/resolv.conf). You'll notice in attached report TTL being 77xxx, then
28xxx, then again 77xxx, and again 28xxx and repeating.

-- System Information:
Debian Release: 7.7
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages pdns-recursor depends on:
ii  adduser  3.113+nmu3
ii  libc62.13-38+deb7u6
ii  libgcc1  1:4.7.2-5
ii  liblua5.2-0  5.2.1-3+deb7u1
ii  libstdc++6   4.7.2-5
ii  lsb-base 4.1+Debian8+deb7u1

Versions of packages pdns-recursor recommends:
pn  pdns-doc  

pdns-recursor suggests no packages.

-- Configuration Files:
/etc/powerdns/recursor.conf changed:
allow-from=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, 
fe80::/10, 83.139.110.0/26, 2a00:dd8:0:1::1e/126, 2a00:dd8:8000:100::/56
chroot=/var/empty
dont-query=fe80::/10
forward-zones-file=/etc/powerdns/forward-zones.cfg
local-address=192.168.200.254
local-port=53
query-local-address=83.139.110.1
query-local-address6=2a00:dd8:8000:110::1
quiet=yes
setgid=pdns
setuid=pdns


-- no debconf information
% dig ns inside.hr

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> ns inside.hr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62962
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;inside.hr. IN  NS

;; ANSWER SECTION:
inside.hr.  77083   IN  NS  ns2.incloud.hr.
inside.hr.  77083   IN  NS  ns1.incloud.hr.

;; Query time: 0 msec
;; SERVER: 192.168.200.254#53(192.168.200.254)
;; WHEN: Wed Nov 26 15:15:18 2014
;; MSG SIZE  rcvd: 71

% dig ns inside.hr

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> ns inside.hr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5264
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;inside.hr. IN  NS

;; ANSWER SECTION:
inside.hr.  77079   IN  NS  ns2.incloud.hr.
inside.hr.  77079   IN  NS  ns1.incloud.hr.

;; Query time: 0 msec
;; SERVER: 192.168.200.254#53(192.168.200.254)
;; WHEN: Wed Nov 26 15:15:21 2014
;; MSG SIZE  rcvd: 71

% dig ns inside.hr

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> ns inside.hr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55603
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;inside.hr. IN  NS

;; ANSWER SECTION:
inside.hr.  28036   IN  NS  ns1.incloud.hr.
inside.hr.  28036   IN  NS  ns2.incloud.hr.

;; Query time: 0 msec
;; SERVER: 192.168.200.254#53(192.168.200.254)
;; WHEN: Wed Nov 26 15:15:22 2014
;; MSG SIZE  rcvd: 71

% dig ns inside.hr

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> ns inside.hr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39498
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;inside.hr. IN  NS

;; ANSWER SECTION:
inside.hr.  77078   IN  NS  ns2.incloud.hr.
inside.hr.  77078   IN  NS  ns1.incloud.hr.

;; Query time: 0 msec
;; SERVER: 192.168.200.254#53(192.168.200.254)
;; WHEN: Wed Nov 26 15:15:23 2014
;; MSG SIZE  rcvd: 71

% dig ns inside.hr

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> ns inside.hr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25100
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;inside.hr. IN  NS

;; ANSWER SECTION:
inside.hr.  77075   IN  NS  ns2.incloud.hr.
inside.hr.  77075   IN  NS  ns1.incloud.hr.

;; Query time: 0 msec
;; SERVER: 192.168.200.254#53(192.168.200.254)
;; WHEN: Wed Nov 26 15:15:26 2014
;; MSG SIZE  rcvd: 71

% dig ns inside.hr

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> ns inside.hr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64829
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;inside.hr. IN  NS

;; ANSWER SECTION:
inside.hr.  77074   IN  NS  ns2.incloud.hr.
inside.hr.  77074   IN  NS  ns1.incloud.hr.

;; Query time: 0 msec
;; SERVER: 192.16

Bug#650965: pdns-recursor: gives inconsistent results on subsequent queries

2011-12-04 Thread Tomislav Paulic 
Package: pdns-recursor
Version: 3.2-4
Severity: normal


If I query my pdns-recursor (at 192.168.1.100) several times in a row, it
gives different results, right answer only about 1 in 5 times, even though
the result should be cached for 555 seconds.

newaxe# dig imap.tomsoft.hr @192.168.1.100

; <<>> DiG 9.6-ESV-R4 <<>> imap.tomsoft.hr @192.168.1.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48649
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;imap.tomsoft.hr.   IN  A

;; AUTHORITY SECTION:
tomsoft.hr. 2560IN  SOA ns1.tomsoft.hr.
hostmaster.tomsoft.hr. 1322478975 16384 2048 1048576 2560

;; Query time: 0 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Wed Nov 30 18:19:47 2011
;; MSG SIZE  rcvd: 84

newaxe# dig imap.tomsoft.hr @192.168.1.100

; <<>> DiG 9.6-ESV-R4 <<>> imap.tomsoft.hr @192.168.1.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46566
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;imap.tomsoft.hr.   IN  A

;; ANSWER SECTION:
imap.tomsoft.hr.555 IN  A   195.190.136.132

;; Query time: 0 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Wed Nov 30 18:19:47 2011
;; MSG SIZE  rcvd: 49

newaxe# dig imap.tomsoft.hr @192.168.1.100

; <<>> DiG 9.6-ESV-R4 <<>> imap.tomsoft.hr @192.168.1.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64851
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;imap.tomsoft.hr.   IN  A

;; ANSWER SECTION:
imap.tomsoft.hr.555 IN  A   195.190.136.132

;; Query time: 0 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Wed Nov 30 18:19:47 2011
;; MSG SIZE  rcvd: 49

newaxe# dig imap.tomsoft.hr @192.168.1.100

; <<>> DiG 9.6-ESV-R4 <<>> imap.tomsoft.hr @192.168.1.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7863
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;imap.tomsoft.hr.   IN  A

;; AUTHORITY SECTION:
tomsoft.hr. 2560IN  SOA ns1.tomsoft.hr.
hostmaster.tomsoft.hr. 1322478975 16384 2048 1048576 2560

;; Query time: 0 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Wed Nov 30 18:20:00 2011
;; MSG SIZE  rcvd: 84

Querying authorative DNS servers (ns1.tomsoft.hr and ns2.tomsoft.hr always
returns correct result).

newaxe% dig imap.tomsoft.hr @ns1.tomsoft.hr.

; <<>> DiG 9.6-ESV-R4 <<>> imap.tomsoft.hr @ns1.tomsoft.hr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27365
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;imap.tomsoft.hr.   IN  A

;; ANSWER SECTION:
imap.tomsoft.hr.555 IN  A   195.190.136.132

;; AUTHORITY SECTION:
tomsoft.hr. 555 IN  NS  ns1.tomsoft.hr.
tomsoft.hr. 555 IN  NS  ns2.tomsoft.hr.

;; ADDITIONAL SECTION:
ns1.tomsoft.hr. 9000IN  A   195.190.136.132
ns2.tomsoft.hr. 9000IN  A   195.190.136.21

;; Query time: 0 msec
;; SERVER: 195.190.136.132#53(195.190.136.132)
;; WHEN: Wed Nov 30 18:28:44 2011
;; MSG SIZE  rcvd: 117

newaxe% dig imap.tomsoft.hr @ns2.tomsoft.hr.

; <<>> DiG 9.6-ESV-R4 <<>> imap.tomsoft.hr @ns2.tomsoft.hr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14173
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;imap.tomsoft.hr.   IN  A

;; ANSWER SECTION:
imap.tomsoft.hr.555 IN  A   195.190.136.132

;; AUTHORITY SECTION:
tomsoft.hr. 555 IN  NS  ns1.tomsoft.hr.
tomsoft.hr. 555 IN  NS  ns2.tomsoft.hr.

;; ADDITIONAL SECTION:
ns1.tomsoft.hr. 9000IN  A   195.190.136.132
ns2.tomsoft.hr. 9000IN  A   195.190.136.21

;; Query time: 0 msec
;; SERVER: 195.190.136.21#53(195.190.136.21)
;; WHEN: Wed Nov 30 18:28:47 2011
;; MSG SIZE  rcvd: 117


The bug repeats sporadically, and restarting pdns-recursor cures it.

-- System Information:
Debian Release: 6.0.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages pdns-recursor depends on:
ii  adduser 3.112+nmu2   add and remove users and groups
ii  libc6   2.11.2-10Embedded GNU C Library: Shared li