synthetic DNS64 response for sync-na.dyn.itg.com

Mark Andrews marka at isc.org
Fri Jan 20 21:13:50 UTC 2017 

uj4s52642g6 at networksolutionsprivateregistration.com please fix the servers
for sync-na.dyn.itg.com.

In message <Pine.LNX.4.44.1701202143460.12242-100000 at pi.nxs.se>, Stephan Lagerholm writes:
> I'm having trouble getting Bind to create a synthetic DNS64 response for
> sync-na.dyn.itg.com. although an A record exist. My Bind is configured
> with DNS64:
> 
>         dns64 64:ff9b::/96 { break-dnssec yes; };
> 
> The auth nameservers for the domain are busted for sure. They are
> returning SERVFAIL for the AAAA query
> (dig @dds1.itginc.com. sync-na.dyn.itg.com. AAAA). But I would
> expect Bind to fall over to creating a synthetic response,
> as that is required according to RFC6147 section 5.1.2.

RFC6147 has lots of faults in it including this one.  Papering over
broken servers does not help anyone in the long run.  IPv6 is 20
years old now.  If a server can't answer AAAA queries it should be
fixed not worked around.

It also doesn't answer TXT, MX or TLSA queries.  Even if you paper
over the AAAA lookup fault you can't paper over the other faults.

> Am I missing something or is this a bug in Bind? I'm running bind.x86_64
> 32:9.9.4-29.el7_2.4
> 
> I have added three digs below, one that shows that DNS64 works properly,
> then one for AAAA and one for the A record.
> 
> Many thanks /Stephan
> 
> 
> [view at CNODAL01]> dig @x.x.x.x ipv4only.arpa AAAA
> ; <<>> DiG SourceT 3.x <<>> @ x.x.x.x ipv4only.arpa AAAA
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58145
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;ipv4only.arpa.                           IN       AAAA
> 
> ;; ANSWER SECTION:
> ipv4only.arpa.                 60 IN       AAAA         64:ff9b::c000:ab
> ipv4only.arpa.                 60 IN       AAAA         64:ff9b::c000:aa
> 
> ;; Query time: 58 msec
> ;; SERVER: x.x.x.x #53 (x.x.x.x)
> ;; WHEN: Fri Jan 20 18:56:56 2017
> ;; MSG SIZE  rcvd: 87
> 
> 
> [view at CNODAL01]> dig @ x.x.x.x sync-na.dyn.itg.com. AAAA
> ; <<>> DiG SourceT 3.x <<>> @ x.x.x.x sync-na.dyn.itg.com. AAAA
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53139
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;sync-na.dyn.itg.com.                     IN       AAAA
> 
> ;; Query time: 2010 msec
> ;; SERVER: x.x.x.x #53 (x.x.x.x)
> ;; WHEN: Fri Jan 20 18:58:12 2017
> ;; MSG SIZE  rcvd: 37
> 
> [view at CNODAL01]> dig @ x.x.x.x sync-na.dyn.itg.com. A
> ; <<>> DiG SourceT 3.x <<>> @ x.x.x.x sync-na.dyn.itg.com. A
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61005
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;sync-na.dyn.itg.com.                     IN       A
> 
> ;; ANSWER SECTION:
> sync-na.dyn.itg.com.           30 IN       A            65.172.71.41
> 
> ;; Query time: 201 msec
> ;; SERVER: x.x.x.x #53 (x.x.x.x)
> ;; WHEN: Fri Jan 20 18:58:14 2017
> ;; MSG SIZE  rcvd: 53
> 
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list