Saurabh: Not getting the answer with AAAA record. Error FORMERR resolving 'gim8.pl/AAAA/IN comes.
Saurabh Srivastava
jp.saurabh at gmail.com
Tue May 22 11:57:08 UTC 2018
Dear Bind-Users,
Greetings of the Day!!!
I have faced an issue on my RPZ Server.
I have added the A record Entry & AAAA record entry for some domains.
The RPZ Policy is running fine.
But the werired response that i am getting with few domains are that when I
have quered the A record for that domain, the answer is OK.
When I have quered for AAAA record, it is not given the answer.
When I have run the dig query using any option, it has shown me the A
record as well as AAAA record too.
I have facing this issue while querying following domains:
1. gim8.pl
2. ns-cnc1.qq.com
3. ns-tel1.qq.com
Lets take an example of first doamin:
I have sharing the dig o/p here with different options:
A. querying A Record:
-----------------------------
; <<>> DiG 9.10.3-P3 <<>> gim8.pl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19768
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gim8.pl. IN A
;; ANSWER SECTION:
gim8.pl. 5 IN A 10.40.124.13
;; AUTHORITY SECTION:
rpz.nkn.in. 3600 IN NS ns1.rpz.nkn.in.
;; ADDITIONAL SECTION:
ns1.rpz.nkn.in. 3600 IN A 10.199.88.2
;; Query time: 4406 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 22 17:22:57 IST 2018
;; MSG SIZE rcvd: 96
B: Query the AAAA Record:
-------------------------------------
; <<>> DiG 9.10.3-P3 <<>> gim8.pl AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60907
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gim8.pl. IN AAAA
;; Query time: 517 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 22 17:24:13 IST 2018
;; MSG SIZE rcvd: 36
C: Query the Record with ANY option:
--------------------------------------------------
; <<>> DiG 9.10.3-P3 <<>> gim8.pl any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 583
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gim8.pl. IN ANY
;; ANSWER SECTION:
gim8.pl. 5 IN AAAA 2001:4408:5240::13
gim8.pl. 5 IN A 10.40.124.13
;; AUTHORITY SECTION:
rpz.nkn.in. 3600 IN NS ns1.rpz.nkn.in.
;; ADDITIONAL SECTION:
ns1.rpz.nkn.in. 3600 IN A 10.199.88.2
;; Query time: 821 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 22 17:24:42 IST 2018
;; MSG SIZE rcvd: 124
Last o/p shows the AAAA record too...but alone its not working.
I am sharing you the messages that i received when I hit the AAAA query
using dig:
May 22 17:24:13 RPZ named[17245]: FORMERR resolving 'gim8.pl/AAAA/IN':
104.130.132.112#53
May 22 17:24:13 RPZ named[17245]: FORMERR resolving 'gim8.pl/AAAA/IN':
198.245.62.20#53
May 22 17:25:46 RPZ named[17245]: FORMERR resolving 'gim8.pl/AAAA/IN':
104.130.132.112#53
May 22 17:25:46 RPZ named[17245]: FORMERR resolving 'gim8.pl/AAAA/IN':
198.245.62.20#53
Can anyone suggest, what goes wrong & why the RPZ policy is not throuugh
the AAAA result when the dig alone run with AAAA query?
Thanks & Regards,
Saurabh Srivastava,
Mobile: +91-9958399291
Email: jp.saurabh at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180522/6b79dd98/attachment.html>
More information about the bind-users
mailing list