parental-agent, emtpy DS response ?

Mark Andrews marka at isc.org
Sat Jan 7 21:22:51 UTC 2023 

I suspect the problem is that the request does not have RD=1 and you are talking to
recursive servers.  The following should work except where the authoritative server
does not implement DNS properly and rejects recursive queries rather than just treating
the request as not recursive.

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index eab42bf8c0e..5b62fa8dc95 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -20704,6 +20704,7 @@ checkds_createmessage(dns_zone_t *zone, dns_message_t **messagep) {
 
        message->opcode = dns_opcode_query;
        message->rdclass = zone->rdclass;
+       message->flags |= DNS_MESSAGEFLAG_RD;
 
        dns_message_gettempname(message, &tempname);
 


> On 8 Jan 2023, at 07:11, Anders Löwinger <anders at abundo.se> wrote:
> 
> Hi
> 
> I have some trouble with the parental-agents. Anyone seen this before/can give me a clue to get this working?
> 
> Tried with my two recursive resolvers first, then localhost. No difference.
> 
> From the log
> 
> named[3420650]: zone lowinger.se/IN (signed): checkds: empty DS response from 2a00:f680:100:1501::32#53
> named[3420650]: zone lowinger.se/IN (signed): checkds: empty DS response from 2a00:f680:10:1501::33#53
> named[3428351]: zone lowinger.se/IN (signed): checkds: empty DS response from 127.0.0.1#53
> 
> zone "lowinger.se" {
> 
>     type primary;
>     file "lowinger.se";
>     dnssec-policy lowinger-policy;
>     inline-signing yes;
>     // parental-agents {
>     //     2a00:f680:100:1501::32;
>     //     2a00:f680:100:1501::33;
>     // };                                                                                              
>     parental-agents { 127.0.0.1; };
> };
> 
> BIND 9.18.10-1+ubuntu22.04.1+isc+1-Ubuntu (Stable Release) <id:>
> 
> 
> dig has no problem resolving the DS record.
> 
> # dig @127.0.0.1 lowinger.se ds +short
> 59647 14 2 825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4 BEB071CA
> 
> # dig @2a00:f680:100:1501::32 lowinger.se ds +short
> 59647 14 2 825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4 BEB071CA
> 
> # dig @2a00:f680:100:1501::33 lowinger.se ds +short
> 59647 14 2 825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4 BEB071CA
> 
> 
> 
> 
> -- 
> Regards / Med vänlig hälsning
> Anders Löwinger, CEO, Abundo AB, +46 72 206 0322
> 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the bind-users mailing list