Problem resolving a domain
Mark Andrews
marka at isc.org
Fri May 13 13:07:01 UTC 2022
Working around servers that drop queries causes problems for zones that do have protocol compliant servers. The workarounds cause problems with getting DNSSEC responses wic leads to validation failures.
--
Mark Andrews
> On 13 May 2022, at 22:58, Paul Stead <paul.stead at gmail.com> wrote:
>
>
> Further to this, I've discovered that disabling DNS cookies also seems to help with resolution -
>
> $ dig +nocookie +timeout=1 +retries=0 IN A myapplication.glbaa.barclays.com. @ns21.barclays.com.
>
> Maybe the send-cookie option could be investigated? YMMV..
>
> On a side note other recursive DNS software seem to fall back gracefully and resolve these problems
>
> Paul
>
> On Fri, 13 May 2022 at 13:51, Paul Stead <paul.stead at gmail.com> wrote:
>> I have noticed this, too,
>>
>> The problem seems to be related to edns - disabling edns for the upstream servers looks to resolve the issue, this can be seen with later versions of dig -
>>
>> $ dig +noedns +timeout=1 +retries=0 IN A myapplication.glbaa.barclays.com. @ns21.barclays.com.
>>
>> I have config along the lines of -
>>
>> server 157.83.102.245 {
>> edns no;
>> };
>>
>> for each of the problematic upstreams. I contacted Barclays a few months ago about this, but never got a solid response.
>>
>> Paul
>>
>> On Fri, 13 May 2022 at 13:12, Ondřej Surý <ondrej at isc.org> wrote:
>>> Hi Rainer,
>>>
>>> I believe this is unrelated to any upgrade. The nameservers for the domain are broken:
>>>
>>> $ dig IN A myapplication.international.barclays.com @ns2.barcap.com.
>>>
>>> ; <<>> DiG 9.19.0-1+0~20220421.76+debian10~1.gbpa71ef8-Debian <<>> IN A myapplication.international.barclays.com @ns2.barcap.com.
>>> ;; global options: +cmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26288
>>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
>>> ;; WARNING: recursion requested but not available
>>>
>>> ;; OPT PSEUDOSECTION:
>>> ; EDNS: version: 0, flags:; udp: 1220
>>> ; COOKIE: 1154fcda62fc8122973932b0627e4a9e96eef4cf1d850adf (good)
>>> ;; QUESTION SECTION:
>>> ;myapplication.international.barclays.com. IN A
>>>
>>> ;; ANSWER SECTION:
>>> myapplication.international.barclays.com. 900 IN CNAME myapplication.glbaa.barclays.com.
>>>
>>> ;; AUTHORITY SECTION:
>>> glbaa.barclays.com. 900 IN NS ns22.barclays.net.
>>> glbaa.barclays.com. 900 IN NS ns21.barclays.com.
>>> glbaa.barclays.com. 900 IN NS ns24.barclays.net.
>>> glbaa.barclays.com. 900 IN NS ns23.barclays.com.
>>>
>>> ;; ADDITIONAL SECTION:
>>> ns21.barclays.com. 900 IN A 157.83.102.245
>>> ns23.barclays.com. 900 IN A 157.83.126.245
>>> ns22.barclays.net. 600 IN A 157.83.102.246
>>> ns24.barclays.net. 600 IN A 157.83.126.246
>>>
>>> ;; Query time: 196 msec
>>> ;; SERVER: 141.228.196.129#53(ns2.barcap.com.) (UDP)
>>> ;; WHEN: Fri May 13 14:08:49 CEST 2022
>>> ;; MSG SIZE rcvd: 283
>>>
>>>
>>> and the nameservers itself just timeout:
>>>
>>> $ dig +timeout=1 +retries=0 IN A myapplication.glbaa.barclays.com. @ns21.barclays.com.
>>>
>>> ; <<>> DiG 9.19.0-1+0~20220421.76+debian10~1.gbpa71ef8-Debian <<>> +timeout +retries IN A myapplication.glbaa.barclays.com. @ns21.barclays.com.
>>> ;; global options: +cmd
>>> ;; connection timed out; no servers could be reached
>>>
>>>
>>> DNSVIZ gives the same result:
>>>
>>> https://dnsviz.net/d/myapplication.glbaa.barclays.com/dnssec/
>>>
>>> • glbaa.barclays.com zone: The server(s) were not responsive to queries over UDP. (157.83.102.245, 157.83.102.246, 157.83.126.245, 157.83.126.246)
>>>
>>> Ondrej
>>> --
>>> Ondřej Surý (He/Him)
>>> ondrej at isc.org
>>>
>>> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
>>>
>>> > On 13. 5. 2022, at 13:54, Rainer Duffner <rainer at ultra-secure.de> wrote:
>>> >
>>> > Hi,
>>> >
>>> > at work, I have a problem resolving the following domain:
>>> >
>>> > myapplication.international.barclays.com
>>> >
>>> >
>>> > BIND 9.16.27, FreeBSD 12.3-P5.
>>> > 2022Q2 ports.
>>> >
>>> >
>>> > I copied the config to a VM at home - but it did not work there, either.
>>> >
>>> > I believe it must have happened on the update from BIND 9.16.26 to 9.16.27.
>>> >
>>> >
>>> > options {
>>> > directory "/usr/local/etc/namedb/working";
>>> > pid-file "/var/run/named/pid";
>>> > dump-file "/var/dump/named_dump.db";
>>> > statistics-file "/var/stats/named.stats";
>>> > allow-recursion {"rec";};
>>> > allow-query-cache { localhost; "rec" ; };
>>> > // CIS recommended:
>>> > // serverid none;
>>> > // dnssec-enable yes;
>>> > // dnssec-validation auto;
>>> > // dnssec-accept-expired no;
>>> >
>>> > listen-on { 192.168.1.61; };
>>> >
>>> > disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
>>> > disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
>>> > disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
>>> >
>>> > };
>>> >
>>> > acl rec {
>>> > 127.0.0.0/8;
>>> > 192.168.1.0/24;
>>> > ::1;
>>> > };
>>> >
>>> > /* Serving the following zones locally will prevent any queries
>>> > for these zones leaving your network and going to the root
>>> > name servers. This has two significant advantages:
>>> > 1. Faster local resolution for your users
>>> > 2. No spurious traffic will be sent from your network to the roots
>>> > */
>>> > // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
>>> > zone "localhost" { type master; file "/usr/local/etc/namedb/master/localhost-forward.db"; };
>>> > zone "127.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
>>> > zone "255.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // RFC 1912-style zone for IPv6 localhost address (RFC 6303)
>>> > zone "0.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
>>> >
>>> > // "This" Network (RFCs 1912, 5735 and 6303)
>>> > zone "0.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // Private Use Networks (RFCs 1918, 5735 and 6303)
>>> > zone "10.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "16.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "17.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "18.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "19.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "20.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "21.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "22.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "23.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "24.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "25.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "26.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "27.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "28.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "29.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "30.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "31.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "168.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // Shared Address Space (RFC 6598)
>>> > zone "64.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "65.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "66.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "67.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "68.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "69.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "70.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "71.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "72.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "73.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "74.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "75.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "76.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "77.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "78.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "79.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "80.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "81.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "82.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "83.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "84.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "85.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "86.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "87.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "88.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "89.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "90.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "91.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "92.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "93.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "94.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "95.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "96.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "97.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "98.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "99.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "100.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "101.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "102.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "103.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "104.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "105.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "106.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "107.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "108.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "109.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "110.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "111.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "112.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "113.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "114.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "115.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "116.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "117.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "118.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "119.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "120.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "121.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "122.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "123.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "124.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "125.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "126.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "127.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // Link-local/APIPA (RFCs 3927, 5735 and 6303)
>>> > zone "254.169.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IETF protocol assignments (RFCs 5735 and 5736)
>>> > zone "0.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
>>> > zone "2.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "100.51.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "113.0.203.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IPv6 Example Range for Documentation (RFCs 3849 and 6303)
>>> > zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // Domain Names for Documentation and Testing (BCP 32)
>>> > zone "test" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "example" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "invalid" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "example.com" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "example.net" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "example.org" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // Router Benchmark Testing (RFCs 2544 and 5735)
>>> > zone "18.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "19.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IANA Reserved - Old Class E Space (RFC 5735)
>>> > zone "240.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "241.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "242.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "243.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "244.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "245.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "246.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "247.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "248.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "249.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "250.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "251.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "252.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "253.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "254.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IPv6 Unassigned Addresses (RFC 4291)
>>> > zone "1.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "3.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "4.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "5.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "6.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "7.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "8.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "9.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "a.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "b.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "c.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "d.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "e.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "0.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "1.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "2.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "3.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "4.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "5.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "6.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "7.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "8.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "9.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "a.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "b.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "0.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "1.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "2.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "3.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "4.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "5.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "6.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "7.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IPv6 ULA (RFCs 4193 and 6303)
>>> > zone "c.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "d.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IPv6 Link Local (RFCs 4291 and 6303)
>>> > zone "8.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "9.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "a.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "b.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
>>> > zone "c.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "d.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "e.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> > zone "f.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> > // IP6.INT is Deprecated (RFC 4159)
>>> > zone "ip6.int" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
>>> >
>>> >
>>> > include "/usr/local/etc/namedb/log.conf“;
>>> > (bind-unbound-test <namedb>) 0 # drill @192.168.1.61 myapplication.international.barclays.com
>>> > ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 3215
>>> > ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>> > ;; QUESTION SECTION:
>>> > ;; myapplication.international.barclays.com. IN A
>>> >
>>> > ;; ANSWER SECTION:
>>> >
>>> > ;; AUTHORITY SECTION:
>>> >
>>> > ;; ADDITIONAL SECTION:
>>> >
>>> > ;; Query time: 10056 msec
>>> > ;; SERVER: 192.168.1.61
>>> > ;; WHEN: Fri May 13 13:50:00 2022
>>> > ;; MSG SIZE rcvd: 58
>>> > (bind-unbound-test <namedb>) 0 #
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>> >
>>> > ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>> >
>>> >
>>> > bind-users mailing list
>>> > bind-users at lists.isc.org
>>> > https://lists.isc.org/mailman/listinfo/bind-users
>>>
>>> --
>>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>>
>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220513/1bdcfa81/attachment-0001.htm>
More information about the bind-users
mailing list