Observation: BIND 9.18 qname-minimization strict vs dig +trace
Havard Eidnes
he at uninett.no
Fri Apr 26 18:37:52 UTC 2024
> The facts are:
>
> * 191.131.in-addr.arpa is served from awsdns
Correct. And it's delegated to from the 131.in-addr.arpa zone,
maintained by ARIN.
> * It delegates 85.191.131.in-addr.arpa with fs838.click-network.com
> and ns102.click-network.com above the zone cut.
Correct.
> * Below the zone cut the nameserver claims to be authoritative for its
> parent's zone (191.131.in-addr.arpa) instead of
> 85.191.131.in-addr.arpa. (In other words it's lame.)
Well, yes. When queried for the NS set for 85.191.131.in-addr.arpa it
returns "NOERROR" with the 191.131.in-addr.arpa SOA record in the
authority section. This is what is called an "upward referral", and
indicates that the delegation structure and/or child name server setup
is inconsistent with the delegation structure. Were I less charitable
I would say "messed up". Basically what you say above -- it doesn't
serve the delegated zone so is "lame".
> * (Below the zone cut it also erroneously advertises one of its
> nameservers as simply ns102. instead of ns102.click-network.com)
Yep.
> * There is no server which actually advertises itself as authoritative
> for 85.191.131.in-addr.arpa
Yep. Both of the resolveable NSes ns102.click-network.com and
fs838.click-network.com claim authority over 191.131.in-addr.arpa,
which they don't have according to the parent zone DNS delegations.
Regards,
- Håvard
More information about the bind-users
mailing list