Response code 15 from BIND8?
Kevin Darcy
kcd at daimlerchrysler.com
Thu Nov 10 23:28:41 UTC 2005
Hmmm... Fascinating. That nameserver seems to be rather broken, or using
a non-standards-defined RCODE for its own purposes. It's interesting
that it would only give this strange RCODE on a non-recursive query,
but, then again, since it's not a delegated nameserver for otenet.gr,
why would it expect anyone on the Internet to query it non-recursively
for that domain?
My expectation would be that named would treat this as basically
equivalent to a SERVFAIL response. It's not safe to treat it as anything
other than that, since one doesn't know whether one can trust any of the
other contents of the response.
- Kevin
Dave Clark wrote:
>Yes, sorry about that. The proper dig command is below:
>
>dig +norec @ns0.panafonet.gr otenet.gr
>
>Dave
>
>----- Original Message -----
>From: "Kevin Darcy" <kcd at daimlerchrysler.com>
>To: "bind-users" <bind-users at isc.org>
>Sent: Thursday, November 10, 2005 5:28 PM
>Subject: Re: Response code 15 from BIND8?
>
>
>
>
>>Dave Clark wrote:
>>
>>
>>
>>>My tool logged an interesting occurance for me. This server reports
>>>response code 15, which should be reserved:
>>>
>>>
>>>
>>http://www.dollardns.net/cgi-bin/dnscrawler/index.pl?server=ns0.panafonet.g
>>
>>
>r&name=otenet.gr&submit=BU
>
>
>>>The server's version reports BIND8:
>>>
>>>
>>>
>>http://www.dollardns.net/cgi-bin/dnscrawler/index.pl?server=ns0.panafonet.g
>>
>>
>r&name=version.bind&type=TXT&class=CH&submit=BU
>
>
>>>In dig from BIND 9.3.0 I got RESERVED15 in the status field. The
>>>
>>>
>following
>
>
>>>command will show you:
>>>dig @ns0.panafonet.gr otenet.gr
>>>
>>>
>>>
>>That's not what I get:
>>
>>% dig @ns0.panafonet.gr otenet.gr
>>
>>; <<>> DiG 9.2.2rc1 <<>> @ns0.panafonet.gr otenet.gr
>>;; global options: printcmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45354
>>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>>;; QUESTION SECTION:
>>;otenet.gr. IN A
>>
>>;; AUTHORITY SECTION:
>>otenet.gr. 9740 IN SOA ns1.otenet.gr.
>>hostmaster.ns1.otenet.gr. 2005111002 10800 3600 1814400 86400
>>
>>;; Query time: 161 msec
>>;; SERVER: 213.249.17.10#53(ns0.panafonet.gr)
>>;; WHEN: Thu Nov 10 17:28:54 2005
>>;; MSG SIZE rcvd: 78
>>
>>%
>>
>>Either it was a transient thing, or you're getting packet corruption, or
>>both.
>>
>>
>> - Kevin
>>
>>
>>
>>>----- Original Message -----
>>>From: "Brad Knowles" <brad at stop.mail-abuse.org>
>>>To: "Tavis Gustafson" <tavis at hq.newdream.net>
>>>Cc: "bind-users" <bind-users at isc.org>
>>>Sent: Wednesday, November 09, 2005 8:33 PM
>>>Subject: Re: bind vs powerdns
>>>
>>>
>>>
>>>
>>>
>>>
>>>>At 4:08 PM -0800 2005-11-09, Tavis Gustafson wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>Anyone have experience running powerdns with a TON of domains?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>You should ask these questions on the PowerDNS mailing lists.
>>>>For one thing, I believe that all the e164 domains are being managed
>>>>via PowerDNS, and I know there are a lot of others.
>>>>
>>>>--
>>>>Brad Knowles, <brad at stop.mail-abuse.org>
>>>>
>>>>"Those who would give up essential Liberty, to purchase a little
>>>>temporary Safety, deserve neither Liberty nor Safety."
>>>>
>>>> -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
>>>> Assembly to the Governor, November 11, 1755
>>>>
>>>> SAGE member since 1995. See <http://www.sage.org/> for more info.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>
>
>
>
>
>
>
More information about the bind-users
mailing list