Strange DNS problem
Chris Thompson
cet1 at cam.ac.uk
Mon Jun 10 15:30:21 UTC 2019
On Jun 10 2019, Jukka Pakkanen wrote:
>We have a strange problem related to DNS services, maybe someone here have
>a clue what could be the problem.
[…]
>An example, the client domain is raimoasikainenoy.fi.
Well, there is certainly something wrong with ns.datatower.fi [193.184.54.212],
as it consistently returns server cookies that bear no relationship to the
client cookie sent in the query, and in fact I get *exactly* the same one as
you report:
>; <<>> DiG 9.14.2 <<>> @193.184.54.212 raimoasikainenoy.fi ns
>; (1 server found)
>;; global options: +cmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14591
>;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
>;; WARNING: recursion requested but not available
>
>;; OPT PSEUDOSECTION:
>; EDNS: version: 0, flags:; udp: 4096
>; COOKIE: a0ff0c014f65b471e0b8b271ffffffffe7bab2718129c071 (bad)
every time! (Use +qr to show the client cookie sent by dig.)
I expect you could work around this by specifying
server 193.184.54.212 { send-cookie no; };
in your named.conf, but it seems to me that BIND 9.14 ought to be able to
fall back on using ns.kpk.fi [192.130.183.74] which doesn't have this server
cookie problem.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list