resolver: DNS format errors
Alex
mysqlstudent at gmail.com
Mon Sep 18 16:14:43 UTC 2023
On Thu, Sep 7, 2023 at 4:06 PM Mark Andrews <marka at isc.org> wrote:
> Spamhaus’s servers are sending back responses that do not answer the
> question. Named is doing QNAME minimisation using NS queries and rather
> than the servers sending back a NODATA response for the empty non-terminal
> names they are sending back the NS records for the top of the zone.
>
> I suggest that you ask them to fix their DNS servers to correctly answer
> NS queries. They appear to need to look at the query name as well as the
> query type.
>
> This is what often happens when you write custom DNS servers. You fail to
> handle some query you weren’t planning for.
>
They have just recommended disabling qname-minimization altogether. Is that
the right solution? It doesn't seem to be complete for me. It prints
hundreds of these (presumably one for each DNS request necessary to process
the email?):
18-Sep-2023 12:07:25.561 lame-servers: FORMERR resolving '
pc5eqyfskhlh55qut433gdq2gq.zrd.dq.spamhaus.net/NS/IN': 209.222.201.139#53
18-Sep-2023 12:07:25.584 resolver: DNS format error from 50.31.133.59#53
resolving mykey.zrd.dq.spamhaus.net/NS for <unknown>: reply has no answer
... then a strange line like this:
18-Sep-2023 12:13:31.606 lame-servers: success resolving
'um27qfow2knpuwx56o4otvovib2zbomydtlkuo4sktbo34cmjqvq._
file.mykey.hbl.dq.spamhaus.net/A' after disabling qname minimization due to
'failure'
btw, their support really sucks.
Thanks,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230918/e9771191/attachment.htm>
More information about the bind-users
mailing list