bind with qname min. fails to continue recursing on one specific query
jmurray at pdknox.org
jmurray at pdknox.org
Mon Mar 27 23:26:34 UTC 2023
* Greg Choules <gregchoules+bindusers at googlemail.com> [230327 17:59]:
> Hi Jason.
> I just tried this on my server (9.18.11) and it does indeed appear to be qname
> minimisation. The following servers (NS for [1]tn.gov) just don't respond to
> the query "_.[2]edison.tn.gov":
>
> [3]dns4.tn.gov: type A, class IN, addr 170.141.167.222
> [4]dns5.tn.gov: type A, class IN, addr 170.141.168.22
>
> QM can't be disabled per destination server, only globally.
> I would recommend you contact the NS administrators and inform them they have a
> problem. According to the SOA the RNAME is [5]named-mgr at wannms.state.tn.us
>
> Cheers, Greg
Thank you, that's very helpful and I feel much more sane for hearing it. I've let them know.
> On Mon, 27 Mar 2023 at 18:54, <[6]jmurray at pdknox.org> wrote:
>
> Hi,
>
> Recursive queries to a pair of matching bind 9.16 servers on openbsd 7.0
> are timing out unexpectedly for only two names: "[7]www.edison.tn.gov" and
> "[8]www.tn.gov". Both bind instances are otherwise working fine, and have
> been for some time.
>
> The query returns a CNAME, and there's a delegation to another set of
> nameservers on [9]tn.gov, but as you can see below in the pcap and the
> named.run excerpt, bind never seems to follow up.
>
> If I disable qname minimization this is no longer an issue, but I'd rather
> not, and I don't understand the behavior at all.
More information about the bind-users
mailing list