Issue running "dig txt rs.dns-oarc.net" on 9.12
Matthew Pounsett
matt at conundrum.com
Sun Jan 28 00:32:22 UTC 2018
On 27 January 2018 at 19:11, Matthew Pounsett <matt at conundrum.com> wrote:
> The only thing I can think of that has changed in that time, which has
> ever caused me query issues, is the addition of DNS cookies in the default
> query. Some broken authoritative servers will incorrectly respond with
> things like FORMERR when they see an EDNS option they don't recognize. I
> doubt DNS-OARC is running such a name server, but I haven't looked to see.
>
> Serves me right for not actually going any looking at this sooner.. and
for some reason I failed to recognize the name when I saw it.
rs.dns-oarc.net is the DNS-OARC response size tester. The server
synthesizes a series of large responses via a CNAME chain when you look up
that TXT record, designed to test your recursive server's ability to handle
large responses. I'm getting similar failure behaviour from Google Public
DNS that you're seeing in 9.12, but I'm not seeing it from my 9.11
recursive server (it works on the first try).
; <<>> DiG 9.11.2 <<>> IN TXT rs.dns-oarc.net @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63546
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;rs.dns-oarc.net. IN TXT
;; Query time: 4373 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Jan 27 19:20:21 EST 2018
;; MSG SIZE rcvd: 44
; <<>> DiG 9.11.2 <<>> IN TXT rs.dns-oarc.net @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29585
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;rs.dns-oarc.net. IN TXT
;; ANSWER SECTION:
rs.dns-oarc.net. 1 IN CNAME rst.x4090.rs.dns-oarc.net.
rst.x4090.rs.dns-oarc.net. 58 IN CNAME rst.x4058.x4090.rs.dns-oarc.net.
rst.x4058.x4090.rs.dns-oarc.net. 57 IN CNAME
rst.x4064.x4058.x4090.rs.dns-oarc.net.
rst.x4064.x4058.x4090.rs.dns-oarc.net. 56 IN TXT "74.125.179.74 DNS reply
size limit is at least 4090"
rst.x4064.x4058.x4090.rs.dns-oarc.net. 56 IN TXT "74.125.179.74 sent EDNS
buffer size 4096"
rst.x4064.x4058.x4090.rs.dns-oarc.net. 56 IN TXT "Tested at 2018-01-28
00:21:16 UTC"
;; Query time: 857 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Jan 27 19:21:16 EST 2018
;; MSG SIZE rcvd: 279
If you want to understand why your resolver is failing, again I'd have a
look at the 'resolver' log channel. It should have some detail about
what's resulting in the SERVFAIL message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180127/ccc82b37/attachment.html>
More information about the bind-users
mailing list