Without IPv6 half of the queries yield SERVFAIL
Peter
pmc at citylink.dinoex.sub.org
Fri Aug 6 01:10:33 UTC 2021
On Thu, Aug 05, 2021 at 11:53:35PM +0200, Peter wrote:
! I tried to use this recommendation, https://kb.isc.org/docs/aa-00206,
! marking all IPv6 addrs as bogus, but it does not make a difference in
! behaviour.
Update: Actually there is a difference if this recommended
configuration is present or not - only the NXDOMAIN outcome is the
same in both cases.
WITH this configuration ("server ::/0 { bogus yes; };") I get the
behaviour as described in the previous msg: Resolving will
occasionally fail, depending on the sequence in which the recursive
queries get answered.
WITHOUT this configuration lots of INET6 queries are generated (and
cannot be sent anywhere as there is no IPv6). And then frequently
this error appears:
Aug 6 00:05:51 <local1.debug> conr named[5623]: resolver: debug 3:
exceeded max queries resolving 'curitiba.porkbun.com/AAAA'
(querycount=101, maxqueries=100)
Now that is something I can understand. :) So, when I put this
into the configuration: "max-recursion-queries 400;", then things
appear to work!
But this is probably not "The Good Way" to solve this (and it fills
the log with all these "lame-servers" errors from the unreachable
IPv6 addresses).
So then, maybe the recommended configuration with
"server ::/0 { bogus yes; };"
is not so really recommendable and rather dangerous? Or mabye it is
somehow misbehaving in this case?
rgds,
PMc
More information about the bind-users
mailing list