Facing issues while resolving only one record

John W. Blue john.blue at rrcic.com
Wed Aug 30 13:38:58 UTC 2023 

Recommend you turn off DNSSEC validation and see if it starts working.

If it does, then you know the issue is with how DNSSEC is configured on your server.

John

From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Blason R
Sent: Wednesday, August 30, 2023 8:20 AM
To: bind-users
Subject: Facing issues while resolving only one record

Hi all,

I have bind BIND 9.18.17-1+ubuntu22.04.1+isc+1-Ubuntu (Extended Support Version)
And I am facing this weird issue. Somehow eportal.incometax.gov.in<http://eportal.incometax.gov.in> site is not getting resolved through DNS.

I tried a lot but unfortunately the issue still persists.

Here are packet capture logs.

listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
18:47:19.569999 ens18 In  IP 192.168.1.162.61110 > 192.168.1.133.53: 20+ A? eportal.incometax.gov.in<http://eportal.incometax.gov.in>. (42)
18:47:19.587705 ens18 Out IP 192.168.1.133.40263 > 208.67.222.222.53: 30627+% [1au] A? eportal.incometax.gov.in<http://eportal.incometax.gov.in>. (65)
18:47:19.599214 ens18 Out IP 192.168.1.133.44299 > 1.1.1.1.53: 62952+% [1au] DNSKEY? incometax.gov.in<http://incometax.gov.in>. (57)
18:47:20.800736 ens18 Out IP 192.168.1.133.56154 > 8.8.8.8.53: 16152+% [1au] DNSKEY? incometax.gov.in<http://incometax.gov.in>. (57)
18:47:21.573628 ens18 In  IP 192.168.1.162.53536 > 192.168.1.133.53: 21+ AAAA? eportal.incometax.gov.in<http://eportal.incometax.gov.in>. (42)
18:47:21.576427 ens18 Out IP 192.168.1.133.55356 > 8.8.8.8.53: 57361+% [1au] AAAA? eportal.incometax.gov.in<http://eportal.incometax.gov.in>. (65)
18:47:22.002738 ens18 Out IP 192.168.1.133.33064 > 208.67.222.222.53: 16204+% [1au] DNSKEY? incometax.gov.in<http://incometax.gov.in>. (57)
18:47:22.777934 ens18 Out IP 192.168.1.133.58739 > 208.67.222.222.53: 34205+% [1au] AAAA? eportal.incometax.gov.in<http://eportal.incometax.gov.in>. (65)
18:47:23.203333 ens18 Out IP 192.168.1.133.60920 > 9.9.9.9.53: 46145+% [1au] DNSKEY? incometax.gov.in<http://incometax.gov.in>. (57)
18:47:23.584820 ens18 In  IP 192.168.1.162.53962 > 192.168.1.133.53: 22+ A? eportal.incometax.gov.in<http://eportal.incometax.gov.in>. (42)
18:47:24.405041 ens18 Out IP 192.168.1.133.56475 > 198.41.0.4.53: 12349 [1au] DNSKEY? incometax.gov.in<http://incometax.gov.in>. (57)
18:47:25.205136 ens18 Out IP 192.168.1.133.33517 > 192.36.148.17.53: 18768 [1au] DNSKEY? incometax.gov.in<http://incometax.gov.in>. (57)
18:47:25.237837 ens18 Out IP 192.168.1.133.43646 > 156.154.100.20.53: 28883 [1au] DNSKEY? incometax.gov.in<http://incometax.gov.in>. (57)
18:47:25.259888 ens18 Out IP 192.168.1.133.51762 > 59.160.103.171.53: 46716 [1au] DNSKEY? incometax.gov.in<http://incometax.gov.in>. (57)
18:47:25.597312 ens18 In  IP 192.168.1.162.53963 > 192.168.1.133.53: 23+ AAAA? eportal.incometax.gov.in<http://eportal.incometax.gov.in>. (42)
18:47:26.498891 ens18 Out IP 192.168.1.133.52631 > 125.16.225.122.53: 12762 [1au] DNSKEY? incometax.gov.in<http://incometax.gov.in>. (57)

I feel this is something related to DNS RRKEY Record size?

Plus then I dumbdb on my server and went through cache using command
#rndc dumpdb -all

And here is the output

incometax.gov.in<http://incometax.gov.in>.       3422    NS      ns01.incometax.gov.in<http://ns01.incometax.gov.in>.
                        3422    NS      ns02.incometax.gov.in<http://ns02.incometax.gov.in>.
ns01.incometax.gov.in<http://ns01.incometax.gov.in>.  131     \-AAAA  ;-$NXRRSET
; ns01.incometax.gov.in<http://ns01.incometax.gov.in>. RRSIG NSEC ...
; ns01.incometax.gov.in<http://ns01.incometax.gov.in>. NSEC ns02.incometax.gov.in<http://ns02.incometax.gov.in>. A RRSIG NSEC
; incometax.gov.in<http://incometax.gov.in>. SOA ns01.incometax.gov.in<http://ns01.incometax.gov.in>. ns-admin.cpc.incometax.gov.in<http://ns-admin.cpc.incometax.gov.in>. 2023060970 7200 3600 1209600 3600
; incometax.gov.in<http://incometax.gov.in>. RRSIG SOA ...
ns02.incometax.gov.in<http://ns02.incometax.gov.in>.  120     \-AAAA  ;-$NXRRSET
; ns02.incometax.gov.in<http://ns02.incometax.gov.in>. RRSIG NSEC ...
; ns02.incometax.gov.in<http://ns02.incometax.gov.in>. NSEC ns03.incometax.gov.in<http://ns03.incometax.gov.in>. A RRSIG NSEC
; incometax.gov.in<http://incometax.gov.in>. SOA ns02.incometax.gov.in<http://ns02.incometax.gov.in>. ns-admin.cpc.incometax.gov.in<http://ns-admin.cpc.incometax.gov.in>. 2023071447 7200 3600 1209600 3600
; incometax.gov.in<http://incometax.gov.in>. RRSIG SOA ...
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 131] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 120] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 131] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 120] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 131] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 120] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 131] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 120] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 131] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 120] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 130] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 119] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 128] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 117] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 128] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 117] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 128] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 117] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 128] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 117] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 128] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 117] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 125] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 125] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 125] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 125] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 125] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 125] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 125] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 125] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 114] [v4 unexpected] [v6 nxrrset]
; ns01.incometax.gov.in<http://ns01.incometax.gov.in> [v6 TTL 124] [v4 unexpected] [v6 nxrrset]
; ns02.incometax.gov.in<http://ns02.incometax.gov.in> [v6 TTL 113] [v4 unexpected] [v6 nxrrset]

Any idea what could be an issue?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230830/1beea120/attachment-0001.htm>

More information about the bind-users mailing list