Observation: BIND 9.18 qname-minimization strict vs dig +trace
Fred Morris
m3047 at m3047.net
Wed Apr 24 21:06:14 UTC 2024
They've got a number of problems. click-network.com is one of them.
https://dnsviz.net/d/click-network.com/dnssec/
There is some backstory. The City of Tacoma used to run broadband,
and that was Click! Network. The origin story is that this had something
to do with SCADA or power distribution, but who knows? They have a /16,
and it appears half of it is available to broadband customers. Anyway they
privatized it and subsequently sole-sourced that.
Like many businesses today, IT appears to be outsourced and the suppliers
for various services do strange things sometimes.
Here's the verbose log that 9.18.21 spits out in conjunction with the
SERVFAIL:
24-Apr-2024 08:43:35.587 resolver: notice: DNS format error from
131.191.7.194#53 resolving 85.191.131.in-addr.arpa/NS for <unknown>: Name
191.131.in-addr.arpa (SOA) not subdomain of zone 85.191.131.in-addr.arpa
-- invalid response
24-Apr-2024 08:43:35.587 lame-servers: info: FORMERR resolving
'85.191.131.in-addr.arpa/NS/IN': 131.191.7.194#53
24-Apr-2024 08:43:35.603 resolver: notice: DNS format error from
131.191.7.12#53 resolving 85.191.131.in-addr.arpa/NS for <unknown>: Name
191.131.in-addr.arpa (SOA) not subdomain of zone 85.191.131.in-addr.arpa
-- invalid response
24-Apr-2024 08:43:35.603 lame-servers: info: FORMERR resolving
'85.191.131.in-addr.arpa/NS/IN': 131.191.7.12#53
I'm not saying it's the wrong thing to do, although to borrow someone
else's line that may be like arguing over the particular weasels chosen
rather than the decision to stuff rabid weasels down your pants in the
first place.
--
Fred Morris
On Wed, 24 Apr 2024, tale wrote:
>
> Hmm, I wonder if qname-minimisation is at issue here.
More information about the bind-users
mailing list