unresolvable pms.psc.gov, but google/cloudflare/unbound work
Petr Špaček
pspacek at isc.org
Tue Sep 19 11:49:30 UTC 2023
On 19. 09. 23 9:53, Ondřej Surý wrote:
>> On 19. 9. 2023, at 9:25, Petr Špaček <pspacek at isc.org> wrote:
> $ bin/dig/dig +short -p 12345 pms.psc.gov @127.0.0.1
>
> $ bin/dig/dig +noall +comments -p 12345 pms.psc.gov @127.0.0.1
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45084
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; COOKIE: e5b154394f270022010000006509503c139afd80b72dd04a (good)
>
> Those servers are broken with QNAME minimization and should be fixed, but
> as we changed the QNAME minimization algorithm to use NS records instead
> of A records in BIND 9.18.17 and higher, it works now.
>
> I can confirm this works in BIND 9.18.17 and higher. And it's absolutely not
> BIND 9's fault.
So all in all, time to upgrade!
BIND 9.16 series will reach end of life at the end of 2023 anyway.
--
Petr Špaček
More information about the bind-users
mailing list