[External] : Re: NS query on bind9

Petr Menšík pemensik at redhat.com
Wed Sep 15 18:36:49 UTC 2021 

Is there any specific reason, why don't you use nsupdate to manage
updated dynamic zone within bind9? What are requirements of your
application? Why don't you include just NS, NAPTR and CNAME in existing
zone, where only top level SOA and NS records would be static?

Is speed of changes critical? How many records might your application
serve? Is it required to analyze incoming queries?

If you return Not implemented error to A query, what else should BIND9
forward? A record is just the basic record type defined by the very
first RFC. It did not receive positive nor negative response to it.
Please stop guessing what would make it work. Whatever you would create
this way would be broken. You would have to fix bugs in it for years.
Please accept tips from people working on DNS for years and use
something they already spent a lot of time on.

Please avoid developing any new project on RHEL/CentOS 6 too. It is
quite old, I do not think any new deployment with a new application
should start on it. Even RHEL 7 already receives critical updates only.

Regards,
Petr

On 9/15/21 9:40 AM, Sonal Pahuja wrote:
> Hi Mark,
>
> Thanks for the response. Now NS query is working fine!!
>
> But I have one more query-
>
> we have our application to resolve e164 domain queries i.e NS, NAPTR and CNAME queries only. If user give any other query type then application sends RCODE=4(NOT_IMPLEMENTED) in response.
> But bind9 is rejecting our response and sends SERVFAIL.
>
> Attached is the PCAP.
>
> Please share your views again on this. Thanks in advance!
>
> Regards,
> Sonal
>
>
>
> -----Original Message-----
> From: Mark Andrews [mailto:marka at isc.org] 
> Sent: Wednesday, September 15, 2021 1:51 AM
> To: Sonal Pahuja <sonal.s.pahuja at oracle.com>
> Cc: bind-users at lists.isc.org
> Subject: [External] : Re: NS query on bind9
>
> Named is very picky about returned SOA records in negative responses.  If it has followed/seen a delegation then the returned SOA record in the response needs to be at or below that point.
>
> I suspect that named has a cached NS RRset between e164.arpa and 4.0.4.5.2.4.1.4.2.0.2.4.e164.arpa which is causing the returned response to be rejected.
>
> Mark
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210915/92d470b8/attachment.htm>

More information about the bind-users mailing list