Bind 9.10 recursion issues
Wade Blackwell
wadeb at bablam.com
Fri Dec 4 18:48:28 UTC 2020
Good morning from the West Coast,
It’s been a while since I’ve setup an authoritative bind
server from scratch so I may be missing something very basic. First time in
a docker container, besides the point but maybe it plays (this looks like a
configuration issue in Bind). I’m getting the following errors when trying
to resolve domains external to my own;
---snip---
17:30:04.843 REFUSED unexpected RCODE resolving './NS/IN': 172.64.32.142#53
04-Dec-2020 17:30:04.859 REFUSED unexpected RCODE resolving '
www.cat.com/A/IN': 172.64.32.142#53
04-Dec-2020 17:30:04.865 REFUSED unexpected RCODE resolving './NS/IN':
172.64.33.136#53
04-Dec-2020 17:30:04.867 REFUSED unexpected RCODE resolving '
E.ROOT-SERVERS.NET/AAAA/IN': 172.64.32.142#53
04-Dec-2020 17:30:04.867 REFUSED unexpected RCODE resolving '
G.ROOT-SERVERS.NET/AAAA/IN': 172.64.32.142#53
04-Dec-2020 17:30:04.877 REFUSED unexpected RCODE resolving '
www.cat.com/A/IN': 172.64.33.136#53
04-Dec-2020 17:30:04.883 REFUSED unexpected RCODE resolving './NS/IN':
108.162.192.142#53
04-Dec-2020 17:30:04.884 REFUSED unexpected RCODE resolving '
E.ROOT-SERVERS.NET/AAAA/IN': 108.162.192.142#53
04-Dec-2020 17:30:04.889 REFUSED unexpected RCODE resolving '
G.ROOT-SERVERS.NET/AAAA/IN': 108.162.192.142#53
04-Dec-2020 17:30:04.897 REFUSED unexpected RCODE resolving '
www.cat.com/A/IN': 108.162.192.142#53
04-Dec-2020 17:30:04.906 REFUSED unexpected RCODE resolving '
E.ROOT-SERVERS.NET/AAAA/IN': 172.64.33.136#53
04-Dec-2020 17:30:04.906 REFUSED unexpected RCODE resolving './NS/IN':
108.162.193.136#53
---end---
You’ll notice the above are Cloudflare resolvers (pete/roxy)
I get a DNSSEC related error when the same resolution is attempted on the
OpenDNS servers
---snip---
04-Dec-2020 17:30:05.084 validating ./DNSKEY: unable to find a DNSKEY which
verifies the DNSKEY RRset and also matches a trusted key for '.'
04-Dec-2020 17:30:05.085 no valid KEY resolving './DNSKEY/IN':
208.67.220.220#53
04-Dec-2020 17:30:05.108 validating ./DNSKEY: unable to find a DNSKEY which
verifies the DNSKEY RRset and also matches a trusted key for '.'
04-Dec-2020 17:30:05.108 no valid KEY resolving './DNSKEY/IN':
208.67.222.222#53
---end---
Named.conf has the correct sources for queries;
---snip---
acl permit {
172.30.0.0/16;
---end---
Named.conf.options has the correct forwarders, recursion and query
statements (ignore syntax, pulling partials);
---snip---
forwarders {
108.162.193.136;
172.64.33.136;
108.162.192.142;
172.64.32.142;
173.245.58.142;
208.67.220.220;
208.67.222.222;
};
allow-recursion {
172.30.0.0/16;
allow-query {
172.30.0.0/16;
---end---
What am I missing here (flame away…)?
-W
“Solo puedo explicártelo a ti. No puedo entenderlo por ti”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20201204/9e84c8c2/attachment.htm>
More information about the bind-users
mailing list