bind resolver zone delegation
Frank Patzig
fp at mdlink.de
Wed May 15 13:27:14 UTC 2019
Hi,
my bind is 9.14-1.
I check the zone
dig @NS-EAST.CERF.NET any vpn.smiths.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @NS-EAST.CERF.NET any
vpn.smiths.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47937
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vpn.smiths.com. IN ANY
;; AUTHORITY SECTION:
vpn.smiths.com. 86400 IN NS resolve01.sslra.com.
vpn.smiths.com. 86400 IN NS resolve02.sslra.com.
;; Query time: 119 msec
;; SERVER: 2001:1890:1ff:9f1:99:99:99:136#53(2001:1890:1ff:9f1:99:99:99:136)
;; WHEN: Mi Mai 15 13:42:26 CEST 2019
;; MSG SIZE rcvd: 97
this is fine
dig @resolve01.sslra.com any vpn.smiths.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @resolve01.sslra.com any
vpn.smiths.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22398
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vpn.smiths.com. IN ANY
;; ANSWER SECTION:
vpn.smiths.com. 30 IN A 194.105.113.242
;; AUTHORITY SECTION:
smiths.com. 500 IN NS resolve01.sslvpndemo.com.
;; Query time: 171 msec
;; SERVER: 216.132.83.124#53(216.132.83.124)
;; WHEN: Mi Mai 15 13:43:04 CEST 2019
;; MSG SIZE rcvd: 94
OK
dig @resolve01.sslra.com MX vpn.smiths.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @resolve01.sslra.com MX
vpn.smiths.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21258
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vpn.smiths.com. IN MX
;; AUTHORITY SECTION:
smiths.com. 60 IN SOA resolve01.sslvpndemo.com.
hostmaster.resolve01.sslvpndemo.com. 5 10800 3600 604800 60
;; Query time: 169 msec
;; SERVER: 216.132.83.124#53(216.132.83.124)
;; WHEN: Mi Mai 15 13:44:04 CEST 2019
;; MSG SIZE rcvd: 111
-----------------------------------------------------------------------
I check my bind:
dig @localhost any vpn.smiths.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @localhost any vpn.smiths.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27551
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vpn.smiths.com. IN ANY
;; ANSWER SECTION:
vpn.smiths.com. 30 IN A 194.105.113.242
vpn.smiths.com. 1583 IN NS resolve01.sslra.com.
vpn.smiths.com. 1583 IN NS resolve02.sslra.com.
;; AUTHORITY SECTION:
vpn.smiths.com. 1583 IN NS resolve01.sslra.com.
vpn.smiths.com. 1583 IN NS resolve02.sslra.com.
;; ADDITIONAL SECTION:
resolve01.sslra.com. 506 IN A 216.132.83.124
resolve02.sslra.com. 258 IN A 64.7.11.138
;; Query time: 172 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mi Mai 15 13:44:38 CEST 2019
;; MSG SIZE rcvd: 173
dig @localhost MX vpn.smiths.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @localhost MX vpn.smiths.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 8396
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vpn.smiths.com. IN MX
;; Query time: 272 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mi Mai 15 13:45:34 CEST 2019
;; MSG SIZE rcvd: 43
In status is SERVFAIL
In my log
DNS format error from 64.7.11.138#53 resolving vpn.smiths.com/MX for
client 127.0.0.1#47512: Name smiths.com (SOA) not subdomain of zone
vpn.smiths.com -- invalid response
What is the problem.
Test with Google is OK:
dig @8.8.8.8 MX vpn.smiths.com
; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @8.8.8.8 MX vpn.smiths.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21066
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;vpn.smiths.com. IN MX
;; AUTHORITY SECTION:
smiths.com. 59 IN SOA
resolve01.sslvpndemo.com. hostmaster.resolve01.sslvpndemo.com. 5 10800
3600 604800 60
;; Query time: 180 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mi Mai 15 15:26:28 CEST 2019
;; MSG SIZE rcvd: 111
Can i help you.
Regards
--
Frank
More information about the bind-users
mailing list