synthetic DNS64 response for sync-na.dyn.itg.com
Stephan Lagerholm
stephan at pi.nxs.se
Sat Jan 21 03:24:10 UTC 2017
Mark I hear you but who gets called when a domain is not working on
provide A that is v6 only but works fine on provider B that is still v4
only?
is this domain a special case or is the expectation that Bind only do the
synthesis if the AAAA returns Empty RCODE NOERROR?
Thanks, Stephan
On Sat, 21 Jan 2017, Mark Andrews wrote:
>
> uj4s52642g6 at networksolutionsprivateregistration.com please fix the servers
> for sync-na.dyn.itg.com.
>
> In message <Pine.LNX.4.44.1701202143460.12242-100000 at pi.nxs.se>, Stephan Lagerholm writes:
> > I'm having trouble getting Bind to create a synthetic DNS64 response for
> > sync-na.dyn.itg.com. although an A record exist. My Bind is configured
> > with DNS64:
> >
> > dns64 64:ff9b::/96 { break-dnssec yes; };
> >
> > The auth nameservers for the domain are busted for sure. They are
> > returning SERVFAIL for the AAAA query
> > (dig @dds1.itginc.com. sync-na.dyn.itg.com. AAAA). But I would
> > expect Bind to fall over to creating a synthetic response,
> > as that is required according to RFC6147 section 5.1.2.
>
> RFC6147 has lots of faults in it including this one. Papering over
> broken servers does not help anyone in the long run. IPv6 is 20
> years old now. If a server can't answer AAAA queries it should be
> fixed not worked around.
>
> It also doesn't answer TXT, MX or TLSA queries. Even if you paper
> over the AAAA lookup fault you can't paper over the other faults.
>
> > Am I missing something or is this a bug in Bind? I'm running bind.x86_64
> > 32:9.9.4-29.el7_2.4
> >
> > I have added three digs below, one that shows that DNS64 works properly,
> > then one for AAAA and one for the A record.
> >
> > Many thanks /Stephan
> >
> >
> > [view at CNODAL01]> dig @x.x.x.x ipv4only.arpa AAAA
> > ; <<>> DiG SourceT 3.x <<>> @ x.x.x.x ipv4only.arpa AAAA
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58145
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;ipv4only.arpa. IN AAAA
> >
> > ;; ANSWER SECTION:
> > ipv4only.arpa. 60 IN AAAA 64:ff9b::c000:ab
> > ipv4only.arpa. 60 IN AAAA 64:ff9b::c000:aa
> >
> > ;; Query time: 58 msec
> > ;; SERVER: x.x.x.x #53 (x.x.x.x)
> > ;; WHEN: Fri Jan 20 18:56:56 2017
> > ;; MSG SIZE rcvd: 87
> >
> >
> > [view at CNODAL01]> dig @ x.x.x.x sync-na.dyn.itg.com. AAAA
> > ; <<>> DiG SourceT 3.x <<>> @ x.x.x.x sync-na.dyn.itg.com. AAAA
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53139
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;sync-na.dyn.itg.com. IN AAAA
> >
> > ;; Query time: 2010 msec
> > ;; SERVER: x.x.x.x #53 (x.x.x.x)
> > ;; WHEN: Fri Jan 20 18:58:12 2017
> > ;; MSG SIZE rcvd: 37
> >
> > [view at CNODAL01]> dig @ x.x.x.x sync-na.dyn.itg.com. A
> > ; <<>> DiG SourceT 3.x <<>> @ x.x.x.x sync-na.dyn.itg.com. A
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61005
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;sync-na.dyn.itg.com. IN A
> >
> > ;; ANSWER SECTION:
> > sync-na.dyn.itg.com. 30 IN A 65.172.71.41
> >
> > ;; Query time: 201 msec
> > ;; SERVER: x.x.x.x #53 (x.x.x.x)
> > ;; WHEN: Fri Jan 20 18:58:14 2017
> > ;; MSG SIZE rcvd: 53
> >
> >
> >
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
More information about the bind-users
mailing list