"not subdomain of zone {XXXX} -- invalid response" errors found in named.run log

Mark Andrews marka at isc.org
Wed Jan 6 11:09:24 UTC 2021 

Complain to the administrators of the zone. They have not properly delegated it.  We see this often with load balancers. 

The zone a.b.example has been delegated but the answer is as if it is from b.example. 

-- 
Mark Andrews

> On 6 Jan 2021, at 21:02, 同屋 <39223722 at qq.com> wrote:
> 
> 
> The version of bind is BIND 9.10.5-P3 id:7d5676f 
> 
> One day, I found that the size of named.run is increasing very quickly. And a lot of "invalid response" entries were spotted in the log. Details is as follows (I replace the sensitive info with  {xxxx},{AAA} etc.)
> 
> DNS format error from {IP}#53 resolving {XXXX}.bf.bf.node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org/AAAA for client 169.254.4.50#51099: Name epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org (SOA) not subdomain of zone node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org -- invalid response
> 
> The response related to the above log is as follows:
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50664 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;{XXXX}.bf.bf.node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org. IN AAAA
> 
> ;; AUTHORITY SECTION: ;epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org. 86400 IN SOA .mnc{AAA}.mcc{BBB}.gprs. dns-admin. ( ; 2020122704 ; serial ; 10800 ; refresh (3 hours) ; 3600 ; retry (1 hour) ; 604800 ; expire (1 week) ; 86400 ; minimum (1 day) ; )
> 
> ============================================
> 
> Normally, the FQDN should be cached as a NXRRSET record as follows:
> 
> {XXXX}.bf.bf.node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org. 8412 -AAAA ;-$NXRRSET
> 
> But when the issue happens, it cannot be cached, I guess it's related to the "invalid response" log.
> 
> From the error log, it mentions "zone node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org", but I'm wondering where the zone "node.epc.mnc{AAA}.mcc{BBB}.3gppnetwork.org" comes from? I cannot found the related SOA record in the dump file.
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210106/0ad885b5/attachment.htm>

More information about the bind-users mailing list