intermittent SERVFAIL with a DLV domain
Timothe Litt
litt at acm.org
Thu Dec 24 12:43:32 UTC 2015
On 23-Dec-15 08:34, Tony Finch wrote:
> Tony Finch <dot at dotat.at> wrote:
>
> Also, why is it trying to get address records for a reverse DNS name?
An ip6.arpa or in-addra.arpa zone is not restricted to PTR records.
There's nothing special about 'reverse zones'.
dnsviz uses some heuristics to guess what records are worth looking for.
A while ago I asked Casey to have DNSVIZ check for more than PTR+DNSSEC
records in reverse zones, which he did.
There's a panel in dnsviz where you can change what it looks for if you
want more (or less).
A/AAAA records are used in reverse zones by an obscure RFC (1101
encoding of subnet masks), and by others for similar purposes.
(It shouldn't be surprising that CNAME, TXT, RP, LOC and DNSSEC-related
records can be in reverse zones too.)
dnsviz launches its queries in parallel, so asking for a few extra
records doesn't hurt anyone.
> 23-Dec-2015 13:20:54.328 lame-servers: info: broken trust chain resolving 'a.f.f.1.0.0.0.8.1.0.a.2.ip6.arpa/DS/IN': 94.126.40.2#53
> 23-Dec-2015 13:20:54.328 lame-servers: info: broken trust chain resolving '1.0.0.0.3.2.1.0.0.0.0.0.0.0.0.0.2.0.0.f.a.f.f.1.0.0.0.8.1.0.a.2.ip6.arpa/AAAA/IN': 2a01:8000:1ffa:f003:bc9d:1dff:fe9b:7466#53
> 23-Dec-2015 13:20:54.398 lame-servers: info: broken trust chain resolving '1.0.0.0.3.2.1.0.0.0.0.0.0.0.0.0.2.0.0.f.a.f.f.1.0.0.0.8.1.0.a.2.ip6.arpa/A/IN': 217.168.153.95#53
>
> Tony.
Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4994 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20151224/143947b0/attachment.bin>
More information about the bind-users
mailing list