bind qname minimization thoughts
Daniel Stirnimann
daniel.stirnimann at switch.ch
Fri May 24 11:55:22 UTC 2019
Hi
On 24.05.19 12:41, Witold Krecicki wrote:
> Could you try the attached patch (instead of the one you provided) and
> see what happens? It stops trying to do qname minimization earlier if it
> sees any failures in resolution (e.g. lame servers, as with the domains
> you provided), it should work in even more cases than yours does.
Thank you for the provided patch. With the examples I provided before I
get the following result:
a) if it hits an unexpected RCODE (e.g. REFUSED) then qmin is disabled
now and resolution succeeds e.g. federation.exostar.com.
bind9 log:
lame-servers: info: lame server resolving 'glb.exostarsvcs.com' (in
'glb.exostarsvcs.com'?): 192.73.18.6#53
lame-servers: info: REFUSED unexpected RCODE resolving
'glb.exostarsvcs.com/NS/IN': 173.245.96.6#53
lame-servers: info: success resolving
'federate.prd.glb.exostarsvcs.com/A' after disabling qname minimization
due to 'failure'
b) if it hits a lame server name with nxdomain then it is still unable
to recover/disable qmin e.g. nouveau.europresse.com, clients.eurest.ch.
there is no bind9 log entry for nouveau.europresse.com anymore. The
original 9.14.2 has logged that qmin got disabled which was not true:
lame-servers: info: success resolving 'nouveau.europresse.com,/A' after
disabling qname minimization due to 'ncache nxdomain'
for clients.eurest.ch. no bind9 log entry is shown with or without the
patch.
Daniel
More information about the bind-users
mailing list