Bind9 changes RCODE
Ondřej Surý
ondrej at isc.org
Wed Sep 29 08:02:34 UTC 2021
Hi,
you are trying to make BIND 9 something that it isn’t. BIND 9 is a full (validating) DNS resolver,
not a DNS proxy.
> But we want on dig/dnsperf error code should come RCODE=4 only. Bind9 should not translate the original error code.
> Bind 9 should send the original RCODE=4 to the requester.
BIND 9 is doing the right thing. Also RCODE=4 is not appropriate here and also for. You
should stop guessing what things might be and instead properly learn the DNS standards
to know what they are.
The approach you are taking where you hack something and then debug it with BIND 9
pointed at your incomplete DNS server implementation isn’t doing anyone a favor.
Also while we generally appreciate people trying to learn more about DNS, it’s clear
to me that you are using the list to develop a commercial application and using people
here to debug your business needs. While this doesn’t clearly violate any rules, it
doesn’t make me very happy - the topic of this is list is to help BIND 9 users, not
debug an application developed by a commercial company. I would suggest you
limit your post to this mailing list.
Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org
> On 29. 9. 2021, at 9:43, Sonal Pahuja <sonal.s.pahuja at oracle.com> wrote:
>
> Hi All,
>
> We have configured a forward zone in bind9 for e164.arpa, and we have our application to resolve e164 domain queries (NS, NAPTR, CNAME queries).
> But our application is sending RCODE=4 (NOT implemented) to bind9. But bind9 at their side, changing it to “ServerFail” Error.
>
> But we want on dig/dnsperf error code should come RCODE=4 only. Bind9 should not translate the original error code.
> Bind 9 should send the original RCODE=4 to the requester.
>
> Below are the snapshot of named/conf file. Wireshark is also attached with this mail.
>
>
> options {
> listen-on port 53 { any; };
> listen-on-v6 port 53 { any; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named.stats";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> allow-query { localhost; !blocked; allowed; };
> //allow-query { any; };
> recursion yes;
> zone-statistics yes;
> dnssec-enable yes;
> dnssec-validation no;
>
> // additional-from-auth no;
> // additional-from-cache no;
> /* Path to ISC DLV key */
> bindkeys-file "/etc/named.iscdlv.key";
>
> managed-keys-directory "/var/named/dynamic";
>
>
> };
>
> zone "e164.arpa" IN {
> type forward ;
> forwarders { 127.0.0.1 port 49153; 139.165.24.21 port 49153;};
> forward only;
> };
>
> Dig output:-
> [root at ukp2-so1mp1 admusr]# dig -t naptr 4.0.4.5.2.4.1.4.2.0.2.4.7.8.9.5.7.9.e164.arpa @localhost
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.0.2.el6_10.8 <<>> -t naptr 4.0.4.5.2.4.1.4.2.0.2.4.7.8.9.5.7.9.e164.arpa @localhost
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31801 //expecting RCODE=4 here
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;4.0.4.5.2.4.1.4.2.0.2.4.7.8.9.5.7.9.e164.arpa. IN NAPTR
>
> ;; Query time: 97 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Wed Sep 29 03:29:23 2021
> ;; MSG SIZE rcvd: 63
>
> Application Wireshark snapshot:
> <image003.jpg>
>
> Bind9 Wireshark:-
>
> <image004.jpg>
>
> Kindly share your views on this.
>
> Regards,
> Sonal
> <RCODE_query.pcap>_______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list