bind with qname min. fails to continue recursing on one specific query
jmurray at pdknox.org
jmurray at pdknox.org
Mon Mar 27 23:52:12 UTC 2023
* Mark Andrews <marka at isc.org> [230327 19:17]:
> The servers don’t respond to queries for names that don’t exist. The
> servers (or the firewall in front of them) are misconfigured. All it
> does it make it harder to determine if a server is working or not.
>
> Mark
This completely explains my experience. I hadn't guessed that was a
thing, but I can see it in this morning's tests now that I know what to
look for. Thank you.
J
>
> [ant-7149:~/git/bind9] marka% dig dns4.tn.gov @170.141.167.222
>
> ; <<>> DiG 9.19.11-dev <<>> dns4.tn.gov @170.141.167.222
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 319
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; COOKIE: 9865da3646edc9ff0100000064221bb3de1fbd7dc290cf93 (good)
> ;; QUESTION SECTION:
> ;dns4.tn.gov. IN A
>
> ;; ANSWER SECTION:
> dns4.tn.gov. 300 IN A 170.141.167.222
>
> ;; Query time: 250 msec
> ;; SERVER: 170.141.167.222#53(170.141.167.222) (UDP)
> ;; WHEN: Tue Mar 28 09:41:55 AEDT 2023
> ;; MSG SIZE rcvd: 84
>
> [ant-7149:~/git/bind9] marka% dig _.tn.gov @170.141.167.222
> ;; communications error to 170.141.167.222#53: timed out
> ;; communications error to 170.141.167.222#53: timed out
> ;; communications error to 170.141.167.222#53: timed out
>
> ; <<>> DiG 9.19.11-dev <<>> _.tn.gov @170.141.167.222
> ;; global options: +cmd
> ;; no servers could be reached
>
> [ant-7149:~/git/bind9] marka% dig lhlhgl.tn.gov @170.141.167.222
> ;; communications error to 170.141.167.222#53: timed out
> ;; communications error to 170.141.167.222#53: timed out
> ;; communications error to 170.141.167.222#53: timed out
>
> ; <<>> DiG 9.19.11-dev <<>> lhlhgl.tn.gov @170.141.167.222
> ;; global options: +cmd
> ;; no servers could be reached
>
> [ant-7149:~/git/bind9] marka%
>
> > On 28 Mar 2023, at 08:58, Greg Choules via bind-users <bind-users at lists.isc.org> wrote:
> >
> > Hi Jason.
> > I just tried this on my server (9.18.11) and it does indeed appear to be qname minimisation. The following servers (NS for tn.gov) just don't respond to the query "_.edison.tn.gov":
> >
> > dns4.tn.gov: type A, class IN, addr 170.141.167.222
> > dns5.tn.gov: type A, class IN, addr 170.141.168.22
> >
> > QM can't be disabled per destination server, only globally.
> > I would recommend you contact the NS administrators and inform them they have a problem. According to the SOA the RNAME is named-mgr at wannms.state.tn.us
> >
> > Cheers, Greg
> >
> > On Mon, 27 Mar 2023 at 18:54, <jmurray at pdknox.org> wrote:
> > Hi,
> >
> > Recursive queries to a pair of matching bind 9.16 servers on openbsd 7.0 are timing out unexpectedly for only two names: "www.edison.tn.gov" and "www.tn.gov". Both bind instances are otherwise working fine, and have been for some time.
> >
> > The query returns a CNAME, and there's a delegation to another set of nameservers on tn.gov, but as you can see below in the pcap and the named.run excerpt, bind never seems to follow up.
> >
> > If I disable qname minimization this is no longer an issue, but I'd rather not, and I don't understand the behavior at all.
> >
> > Queries for either tn.gov subdomain from other hosts on other networks to which I have access (all using Unbound for recursion unfortunately) are working as expected. And I'm seeing no other unexplained failures. I keep thinking I should be able to find some other domain which will trigger this behavior, but haven't yet.
> >
> > According to users this has been going on since last Wednesday or late last Friday. The domains were resolving week before last based on my own experience, but I don't have logs from more than a few days ago, so I can't demonstrate that conclusively.
> >
> > There's some relevant text from named.run below, also a bit of a packet capture, and I'm happy to supply whatever else may be helpful. Trimmed named.conf just a bit, marked where I've done so. All material is from before I thought to turn off qname minimisation.
> >
> > I'm totally lost, any thoughts or suggestions are very very welcome.
> >
> > Thanks,
> >
> > Jason
> >
> >
> > ### named.conf:
> >
> > acl internals {
> > 127.0.0.0/8;
> > 10.0.0.0/8;
> > 172.16.28.0/24;
> > 128.25.10.0/24;
> > 172.16.20.16/28;
> > };
> >
> > acl nameservers {
> > 172.16.20.23/32;
> > 172.16.20.22/32;
> > 172.16.20.30/32;
> > };
> >
> > logging {
> > channel rpz.log {
> > file "/var/log/rpz.log" versions 3 size 5m;
> > severity info;
> > print-time yes;
> > print-severity yes;
> > print-category yes;
> > };
> > channel updates.log {
> > file "/var/log/ddns.log" versions 3 size 5m;
> > severity info;
> > print-time yes;
> > print-severity yes;
> > print-category yes;
> > };
> > channel query.log {
> > file "/var/log/query.log" versions 1 size 5m;
> > severity debug 3;
> > print-time yes;
> > print-severity yes;
> > print-category yes;
> > };
> > category queries { query.log; };
> > category update { updates.log; };
> > category rpz { rpz.log; };
> > category lame-servers { null; };
> > category edns-disabled { null; };
> > };
> >
> > options {
> > directory "/tmp";
> > listen-on { 172.16.20.22; 172.16.20.30; };
> > check-names master warn ;
> > allow-transfer { nameservers; };
> > also-notify { 172.16.20.30; 172.16.20.23; };
> > allow-query { any; };
> > allow-recursion { internals; };
> > recursion 1;
> > dnssec-validation no;
> > #dnssec-validation auto;
> > #response-policy { zone rpz.local; };
> > #response-policy { zone rpz.local; } break-dnssec yes;
> > };
> >
> > key "example.org" {
> > # trimmed
> > };
> >
> > key "rndc-key" {
> > # trimmed
> > };
> >
> > key "external" {
> > # trimmed
> > };
> >
> > controls {
> > inet 127.0.0.1 port 953
> > allow { 127.0.0.1; } keys { "rndc-key"; };
> > };
> >
> > view "internal" {
> > match-clients { !key external; internals; };
> > allow-recursion { internals; };
> > allow-query { any; };
> > recursion yes;
> > zone "." {
> > type hint;
> > file "/etc/named.ca";
> > };
> > #zone "rpz.local" {
> > # type master;
> > # file "/master/rpz.local.hosts";
> > # allow-query { localhost; };
> > # allow-transfer { nameservers; };
> > # notify yes;
> > #};
> > zone "example.org" {
> > type master;
> > file "/master/example.org.internal.hosts";
> > allow-update { key "example.org"; };
> > allow-transfer { nameservers; };
> > notify yes;
> > };
> > #trimmed spare zones
> > };
> >
> > view "external" {
> > match-clients { key external; any; };
> > server 172.16.20.23 {
> > keys external;
> > provide-ixfr yes;
> > };
> > allow-transfer { nameservers; };
> > allow-query { any; };
> > allow-recursion { none; };
> > recursion no;
> > zone "." {
> > type hint;
> > file "/etc/named.ca";
> > };
> > zone "example.org" {
> > type master;
> > file "/master/example.org.external.hosts";
> > allow-transfer { nameservers; };
> > notify yes;
> > };
> > #trimmed spare zones
> > };
> >
> >
> > ### trace:
> >
> > ; <<>> dig 9.10.8-P1 <<>> +trace www.tn.gov
> > ;; global options: +cmd
> > . 518400 IN NS a.root-servers.net.
> > . 518400 IN NS b.root-servers.net.
> > . 518400 IN NS c.root-servers.net.
> > . 518400 IN NS d.root-servers.net.
> > . 518400 IN NS e.root-servers.net.
> > . 518400 IN NS f.root-servers.net.
> > . 518400 IN NS g.root-servers.net.
> > . 518400 IN NS h.root-servers.net.
> > . 518400 IN NS i.root-servers.net.
> > . 518400 IN NS j.root-servers.net.
> > . 518400 IN NS k.root-servers.net.
> > . 518400 IN NS l.root-servers.net.
> > . 518400 IN NS m.root-servers.net.
> > . 518400 IN RRSIG NS 8 0 518400 20230409050000 20230327040000 951 . t+KnpQ8krckGR1TKbbnXS0SpqIrkwc6BaloU5aYOAPTLKHIKUqIEF9Iy QmO6dRmqnc83gemskilawqXVZhVj7gxESBCUjagPGBiNIk4gviuUQRVN G+/RhghXu9hj/CXUNEBZOjPK4pqzSu6c16ke5Vqq08HNQ/BGLmKvqaeT Qbr4X90/Q4CUw96KsikR4CLnTE7cH4uVDMSiKCq0tffU0mpoNW9b7Tmu impzaelhnrQf8LFuoXjjZZYqh1wLvrA1idHIcNxGThlTjXEP0do//jx2 Lu+b6qg0DXhvKq9V13j/buoykYIUqQfwptaRE47A0tuYkxJ2vIdDcPBw WrwP7Q==
> > ;; Received 1097 bytes from 198.41.0.4#53(198.41.0.4) in 31 ms
> >
> > gov. 172800 IN NS a.gov-servers.net.
> > gov. 172800 IN NS b.gov-servers.net.
> > gov. 172800 IN NS c.gov-servers.net.
> > gov. 172800 IN NS d.gov-servers.net.
> > gov. 86400 IN DS 7698 8 2 6BC949E638442EAD0BDAF0935763C8D003760384FF15EBBD5CE86BB5 559561F0
> > gov. 86400 IN RRSIG DS 8 1 86400 20230409050000 20230327040000 951 . pG2IqTXzt6d59WSPYZhix1N+8+Ho1USjAkK0TLVNDxH/BWWm5KDO1gu+ Ncl2v4u3JAV/0rhzsHCuuEaNwE5yYpjQ4ZBwHAerM61RApO0M8Sll+yy s3Fv/5LtYq0Tga03CmcOYOhqq7XZY8hcsyZKzx9kBz71bWOspEQPhqBV 9KdqNBIhJUEB1+UvB3h+XMHHUNp+rXU9e2XoLdg+0XCWAeAuvSgF03X4 pLfW9n87u6rdVOPum3llk30OUcdmPksSejfNV6ql51Vb6+i5gzaiRfPo 8xmnnzCiznRRJinOIIRICWXPtVzzYzhHOMtyOfi7y5zFnEMrLgO4WvO4 n95HMw==
> > ;; Received 632 bytes from 192.36.148.17#53(i.root-servers.net) in 51 ms
> >
> > tn.gov. 86400 IN NS dns5.tn.gov.
> > tn.gov. 86400 IN NS dns4.tn.gov.
> > tn.gov. 3600 IN DS 57846 7 2 8090B0ABEFE816562BBEA62C42425B20508C9D686D9B61CE8A4A1D56 B29EC37C
> > tn.gov. 3600 IN DS 16161 7 2 688FB0A9319F5C0308CAA3F28DCC81C18B91B622626B7A626D5CCB5F 610B63F4
> > tn.gov. 3600 IN DS 16161 7 1 0C4B91101A1D20CE97068A63C7CD4E8864A4F2F1
> > tn.gov. 3600 IN DS 57846 7 1 85561664845E11764CC868182B2D683084E74365
> > tn.gov. 3600 IN RRSIG DS 8 2 3600 20230401044223 20230325044223 24250 gov. GkK/PcYR7uUkrai1Q3T4W9fulCEVDThEIzZsxrBzujmn0hcfKNB5LCTC SlbheJGtNxss7xGZ+cr44XWDXcL8URc2hc0pVz4zrCTsAgqpcqv0RNJC ZdNXFTKKtDacEnhi4l1JCOG6nWTUeofZFlD++W4TQibRLjTehnna31/V M0Ppx0w5z3BeICN4wnFPSng5hXce9aGSuzVnxBiw7l61IQ==
> > ;; Received 472 bytes from 69.36.153.30#53(c.gov-servers.net) in 38 ms
> >
> > www.tn.gov. 300 IN CNAME www.extglb.tn.gov.
> > www.tn.gov. 300 IN RRSIG CNAME 7 3 300 20230407012735 20230308002943 16643 tn.gov. DPr9spOSdQs/8zK2DlnGFFk0v8H+16o7g4l7yPcMns7U6txVpnclWrp8 UvLQiPCejVFhSZ0By7sM166vs8c0ar7VBfOzt84zW7cdtkGTZEvB2Nue KDw2gP00MRu7914b+4xawGyzhiuU0tcABn2nElhb2dIrwpF05InxUckq SL0=
> > extglb.tn.gov. 300 IN NS sdcgtm02.tn.gov.
> > extglb.tn.gov. 300 IN NS ndcgtm02.tn.gov.
> > extglb.tn.gov. 300 IN NS ndcgtm01.tn.gov.
> > extglb.tn.gov. 300 IN NS sdcgtm01.tn.gov.
> > 7VIFF5QRM0PHTVOHKKJ31SMHH09RAE81.tn.gov. 600 IN NSEC3 1 0 100 D317AC7ABABEF654 7VP1VJA5RP6KBKTVVS2IP1FCA30S4GF4 NS
> > 7VIFF5QRM0PHTVOHKKJ31SMHH09RAE81.tn.gov. 600 IN RRSIG NSEC3 7 3 600 20230416173711 20230317173148 16643 tn.gov. ZxWY7y+RLEifC89LyPAtq0TQIPFuH0mrSbSCb3K44IJfqIwM8z7BuKb/ aM7gtPmApI2zxw2XpKaN7AK+XtBXdHJ29IRJQgQTnatIc+v8rU/hws/g fW8C5uQkq0XOU/YAzUGjOmtNdnzSEQZVi9CCYSsw7AqhVlUYssvAMbXE M5I=
> > ;; Received 576 bytes from 170.141.168.22#53(dns5.tn.gov) in 49 ms
> >
> >
> > ### named.run:
> >
> > 27-Mar-2023 09:46:41.285 client @0x5c28fe12d0 10.0.2.3#26386: UDP request
> > 27-Mar-2023 09:46:41.285 client @0x5c28fe12d0 10.0.2.3#26386: view internal: using view 'internal'
> > 27-Mar-2023 09:46:41.285 client @0x5c28fe12d0 10.0.2.3#26386: view internal: request is not signed
> > 27-Mar-2023 09:46:41.285 client @0x5c28fe12d0 10.0.2.3#26386: view internal: recursion available
> > 27-Mar-2023 09:46:41.285 client @0x5c28fe12d0 10.0.2.3#26386 (www.tn.gov): view internal: query (cache) 'www.tn.gov/A/IN' approved
> > 27-Mar-2023 09:46:41.285 client @0x5c28fe12d0 10.0.2.3#26386 (www.tn.gov): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_DELEGATION, fname=0x5c37daf000(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0
> > 27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.285 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.349 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.349 fctx 0x5cc34ea000(www.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.488 client @0x5c28fe12d0 10.0.2.3#26386 (www.tn.gov): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_CNAME, fname=0x5c37daf000(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0
> > 27-Mar-2023 09:46:41.488 client @0x5c28fe12d0 10.0.2.3#26386 (www.tn.gov): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_DELEGATION, fname=0x5c37dae840(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0
> > 27-Mar-2023 09:46:41.488 fctx 0x5cc34cb800(www.extglb.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:41.488 fctx 0x5cc34cb800(www.extglb.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386: UDP request
> > 27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386: view internal: using view 'internal'
> > 27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386: view internal: request is not signed
> > 27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386: view internal: recursion available
> > 27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386 (www.tn.gov): view internal: query (cache) 'www.tn.gov/A/IN' approved
> > 27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386 (www.tn.gov): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_CNAME, fname=0x5c81007840(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0
> > 27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386 (www.tn.gov): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_DELEGATION, fname=0x5c81008000(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0
> > 27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386 (www.tn.gov): view internal: request failed: duplicate query
> > 27-Mar-2023 09:46:46.295 client @0x5c14ce92d0 10.0.2.3#26386 (www.tn.gov): view internal: reset client
> > 27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386: UDP request
> > 27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386: view internal: using view 'internal'
> > 27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386: view internal: request is not signed
> > 27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386: view internal: recursion available
> > 27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386 (www.tn.gov): view internal: query (cache) 'www.tn.gov/A/IN' approved
> > 27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386 (www.tn.gov): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_CNAME, fname=0x5c9a060c60(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0
> > 27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386 (www.tn.gov): view internal: rrl=0x0, HAVECOOKIE=0, result=DNS_R_DELEGATION, fname=0x5c9a060840(1), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0
> > 27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386 (www.tn.gov): view internal: request failed: duplicate query
> > 27-Mar-2023 09:46:51.305 client @0x5c14cd92d0 10.0.2.3#26386 (www.tn.gov): view internal: reset client
> > 27-Mar-2023 09:46:51.502 fctx 0x5cc34cb800(www.extglb.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:51.502 fctx 0x5cc34cb800(www.extglb.tn.gov/A): createfind for 10.0.2.3#26386/6215 - success
> > 27-Mar-2023 09:46:51.502 client @0x5c28fe12d0 10.0.2.3#26386 (www.tn.gov): view internal: rrl=0x0, HAVECOOKIE=0, result=ISC_R_TIMEDOUT, fname=0x5c37dae840(0), is_zone=0, RECURSIONOK=1, query.rpz_st=0x0(0), RRL_CHECKED=0
> > 27-Mar-2023 09:46:51.502 client @0x5c28fe12d0 10.0.2.3#26386 (www.tn.gov): view internal: query failed (timed out) for www.tn.gov/IN/A at query.c:7365
> > 27-Mar-2023 09:46:51.502 client @0x5c28fe12d0 10.0.2.3#26386 (www.tn.gov): view internal: reset client
> >
> > ### pcap from bind host:
> >
> > 10:01:29.932858 172.16.20.30.55396 > 170.141.167.222.53: [bad udp cksum e0f9! -> 1d95] 51443% [1au] A? _.extglb.tn.gov. ar: . OPT UDPsize=512 DO(56) (ttl 64, id 3035, len 84)
> > 0000: 4500 0054 0bdb 0000 4011 752f 6005 471e E..T.... at .u/`.G.
> > 0010: aa8d a7de d864 0035 0040 f9e0 c8f3 0010 .....d.5. at ......
> > 0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl
> > 0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)
> > 0040: 0200 0000 8000 000c 000a 0008 5971 94c0 ............Yq..
> > 0050: 9932 9282 .2..
> >
> > 10:01:30.734907 172.16.20.30.54357 > 170.141.168.22.53: [bad udp cksum 28fa! -> 6fbf] 26020% [1au] A? _.extglb.tn.gov. ar: . OPT UDPsize=512 DO(72) (ttl 64, id 31451, len 100)
> > 0000: 4500 0064 7adb 0000 4011 05e7 6005 471e E..dz... at ...`.G.
> > 0010: aa8d a816 d455 0035 0050 fa28 65a4 0010 .....U.5.P.(e...
> > 0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl
> > 0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)
> > 0040: 0200 0000 8000 001c 000a 0018 9958 916a .............X.j
> > 0050: a74b b667 0100 0000 6421 a18c e289 661d .K.g....d!....f.
> > 0060: bcb1 c1fd ....
> >
> > 10:01:31.544914 172.16.20.30.54313 > 170.141.167.222.53: [bad udp cksum e0f9! -> a0ef] 29355% [1au] A? _.extglb.tn.gov. ar: . OPT UDPsize=512 DO(56) (ttl 64, id 50399, len 84)
> > 0000: 4500 0054 c4df 0000 4011 bc2a 6005 471e E..T.... at ..*`.G.
> > 0010: aa8d a7de d429 0035 0040 f9e0 72ab 0010 .....).5. at ..r...
> > 0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl
> > 0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)
> > 0040: 0200 0000 8000 000c 000a 0008 5971 94c0 ............Yq..
> > 0050: 9932 9282 .2..
> >
> > 10:01:32.364921 172.16.20.30.53749 > 170.141.168.22.53: [bad udp cksum 28fa! -> 57a9] 32284% [1au] A? _.extglb.tn.gov. ar: . OPT UDPsize=512 DO(72) (ttl 64, id 11987, len 100)
> > 0000: 4500 0064 2ed3 0000 4011 51ef 6005 471e E..d.... at .Q.`.G.
> > 0010: aa8d a816 d1f5 0035 0050 fa28 7e1c 0010 .......5.P.(~...
> > 0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl
> > 0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)
> > 0040: 0200 0000 8000 001c 000a 0018 9958 916a .............X.j
> > 0050: a74b b667 0100 0000 6421 a18c e289 661d .K.g....d!....f.
> > 0060: bcb1 c1fd ....
> >
> > 10:01:33.184946 172.16.20.30.58249 > 170.141.167.222.53: [bad udp cksum e0f9! -> b0d8] 31291% [1au] A? _.extglb.tn.gov. ar: . OPT UDPsize=512 DO(56) (ttl 64, id 13338, len 84)
> > 0000: 4500 0054 341a 0000 4011 4cf0 6005 471e E..T4... at .L.`.G.
> > 0010: aa8d a7de e389 0035 0040 f9e0 7a3b 0010 .......5. at ..z;..
> > 0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl
> > 0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)
> > 0040: 0200 0000 8000 000c 000a 0008 5971 94c0 ............Yq..
> > 0050: 9932 9282 .2..
> >
> > 10:01:33.994938 172.16.20.30.52629 > 170.141.168.22.53: [bad udp cksum 28fa! -> df64] 50932% [1au] A? _.extglb.tn.gov. ar: . OPT UDPsize=512 DO(72) (ttl 64, id 42050, len 100)
> > 0000: 4500 0064 a442 0000 4011 dc7f 6005 471e E..d.B.. at ...`.G.
> > 0010: aa8d a816 cd95 0035 0050 fa28 c6f4 0010 .......5.P.(....
> > 0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl
> > 0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)
> > 0040: 0200 0000 8000 001c 000a 0018 9958 916a .............X.j
> > 0050: a74b b667 0100 0000 6421 a18c e289 661d .K.g....d!....f.
> > 0060: bcb1 c1fd ....
> >
> > 10:01:34.804940 172.16.20.30.63268 > 170.141.167.222.53: [bad udp cksum e0f9! -> a7a3] 39849% [1au] A? _.extglb.tn.gov. ar: . OPT UDPsize=512 DO(56) (ttl 64, id 34673, len 84)
> > 0000: 4500 0054 8771 0000 4011 f998 6005 471e E..T.q.. at ...`.G.
> > 0010: aa8d a7de f724 0035 0040 f9e0 9ba9 0010 .....$.5. at ......
> > 0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl
> > 0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)
> > 0040: 0200 0000 8000 000c 000a 0008 5971 94c0 ............Yq..
> > 0050: 9932 9282 .2..
> >
> > 10:01:36.424895 172.16.20.30.56217 > 170.141.168.22.53: [bad udp cksum 28fa! -> 8669] 46153% [1au] A? _.extglb.tn.gov. ar: . OPT UDPsize=512 DO(72) (ttl 64, id 945, len 100)
> > 0000: 4500 0064 03b1 0000 4011 7d11 6005 471e E..d.... at .}.`.G.
> > 0010: aa8d a816 db99 0035 0050 fa28 b449 0010 .......5.P.(.I..
> > 0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl
> > 0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)
> > 0040: 0200 0000 8000 001c 000a 0018 9958 916a .............X.j
> > 0050: a74b b667 0100 0000 6421 a18c e289 661d .K.g....d!....f.
> > 0060: bcb1 c1fd ....
> >
> > 10:01:38.035027 172.16.20.30.53192 > 170.141.167.222.53: [bad udp cksum e0f9! -> 0633] 13223% [1au] A? _.extglb.tn.gov. ar: . OPT UDPsize=512 DO(56) (ttl 64, id 33306, len 84)
> > 0000: 4500 0054 821a 0000 4011 feef 6005 471e E..T.... at ...`.G.
> > 0010: aa8d a7de cfc8 0035 0040 f9e0 33a7 0010 .......5. at ..3...
> > 0020: 0001 0000 0000 0001 015f 0665 7874 676c ........._.extgl
> > 0030: 6202 746e 0367 6f76 0000 0100 0100 0029 b.tn.gov.......)
> > 0040: 0200 0000 8000 000c 000a 0008 5971 94c0 ............Yq..
> > 0050: 9932 9282 .2..
> >
> > 10:01:39.945218 172.16.20.30.58268 > 170.141.167.222.53: [bad udp cksum e2f9! -> 7f9c] 15558% [1au] A? www.extglb.tn.gov. ar: . OPT UDPsize=512 DO(58) (ttl 64, id 46842, len 86)
> > 0000: 4500 0056 b6fa 0000 4011 ca0d 6005 471e E..V.... at ...`.G.
> > 0010: aa8d a7de e39c 0035 0042 f9e2 3cc6 0010 .......5.B..<...
> > 0020: 0001 0000 0000 0001 0377 7777 0665 7874 .........www.ext
> > 0030: 676c 6202 746e 0367 6f76 0000 0100 0100 glb.tn.gov......
> > 0040: 0029 0200 0000 8000 000c 000a 0008 5971 .)............Yq
> > 0050: 94c0 9932 9282 ...2..
> >
> > 10:01:39.992119 170.141.167.222.53 > 172.16.20.30.58268: 15558- q: A? www.extglb.tn.gov. 0/6/1 ns: extglb.tn.gov. [5m] NS ndcgtm01.tn.gov., extglb.tn.gov.[|domain] (DF) (ttl 43, id 35970, len 448)
> > 0000: 4500 01c0 8c82 4000 2b11 c81b aa8d a7de E..... at .+.......
> > 0010: 6005 471e 0035 e39c 01ac aa2f 3cc6 8010 `.G..5...../<...
> > 0020: 0001 0000 0006 0001 0377 7777 0665 7874 .........www.ext
> > 0030: 676c 6202 746e 0367 6f76 0000 0100 01c0 glb.tn.gov......
> > 0040: 1000 0200 0100 0001 2c00 1108 6e64 6367 ........,...ndcg
> > 0050: 746d 3031 0274 6e03 676f 7600 c010 0002 tm01.tn.gov.....
> > 0060: 0001 0000 012c .....,
> >
> > --
> > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> >
> > ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> >
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> > --
> > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> >
> > ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> >
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list