De mon coté quand je passe a strict ça me repond pas: qname-minimization a strict:
dig @127.0.0.1 secure1.entreprises.bnpparibas.net ; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 secure1.entreprises.bnpparibas.net ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached dig @127.0.0.1 +trace secure1.entreprises.bnpparibas.net ; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 +trace secure1.entreprises.bnpparibas.net ; (1 server found) ;; global options: +cmd . 518369 IN NS i.root-servers.net. . 518369 IN NS m.root-servers.net. . 518369 IN NS j.root-servers.net. . 518369 IN NS e.root-servers.net. . 518369 IN NS c.root-servers.net. . 518369 IN NS a.root-servers.net. . 518369 IN NS h.root-servers.net. . 518369 IN NS b.root-servers.net. . 518369 IN NS d.root-servers.net. . 518369 IN NS g.root-servers.net. . 518369 IN NS f.root-servers.net. . 518369 IN NS k.root-servers.net. . 518369 IN NS l.root-servers.net. . 518369 IN RRSIG NS 8 0 518400 20220725050000 20220712040000 20826 . dpygLUQn3iomdBRiT7h6IzUwq2/FPvoWoTqc0MYjoeOGNiNrpio/1j/K FsZ1BJhD3dsHHKNmprBY91zguTheTPQpA6AIqzZZyGR2IqBZN8yrZWwB PlaGnWlIbDJkBpNMXLb579zAMzQJs4mUvEqf0PBWBh4anYc3OzLEKNCP zMt9qEw/y8G1Jg8IjTwX2Qnl7U9RwMfl/3qcEJWJ6CfBlsqezDnP7c+9 IrlfP/kSQxIe6g7DkFndG50Xp+OMtkVr9+ZQAgr3J5TJ0qeLNPO/219S JWus8wEEGRJDWFroj/cvWS8+vII5w/6mIV+wsDrhzxVIuCFMy8tFo2GL rhphWg== ;; Received 1137 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 86400 IN DS 35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8BD973EE net. 86400 IN RRSIG DS 8 1 86400 20220725050000 20220712040000 20826 . mZle8q/X7471+/Gau9gxqbTRJQDoc9hQsMkt9vQV0oO3Z+dwGI8PUxiN azCtkzSHEQ/pTGH5N2zshvMEjvWF979CTIWZY0kWDwuD3PNDTGL4eNVi kXtUupOs+DHqDn2kYMlFzOSXAGFh5z49t4W+dZQHwHERsoy5jyLoHJ40 P2MBz8IB7pAj7fCd18coU0NvhR45xqdmyuyv/oHw0ixs5My0mdKXgZc2 C6aPKXoR+Cf2X98j3fH6jIKtc8I2LkKZ5z1HpHCBeml7OzQhYDH9favv 7N4X/U3QGv9e6hjWwI2BvPt6xSNEbH8kpgvtaHDrU/1E5MmKluNggs1k UNc8Dg== ;; Received 1191 bytes from 192.5.5.241#53(f.root-servers.net) in 12 ms bnpparibas.net. 172800 IN NS ns1.bnpparibas.com. bnpparibas.net. 172800 IN NS ns2.bnpparibas.com. bnpparibas.net. 172800 IN NS ns3.domivesta.net. bnpparibas.net. 172800 IN NS ns4.domivesta.com. A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 - A1RTLNPGULOGN7B9A62SHJE1U3TTP8DR NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20220718060316 20220711045316 45728 net. Tt0buHwLN3KMVREYqK5EPSyImnIU5GvwF3bWhVvUSpJww+Om0tL9DlAn vp0bQKadcrsMug8jgtpnBlBjBZ8UKR06OS46E5gCl2JHK/1vz5i434jp 3PqIMVaS3jASoAH2XXEaJ3V3VVrO46iKUZKtc7itLoFyCyiZLoyAHTgy 3sWu575m9V+CsyGmKkfCu+TVKb/HrkSROSxR85yk0KohSw== 4E96OTLVH81V106ISLS0QJ4M5QCTRULN.net. 86400 IN NSEC3 1 1 0 - 4E97OE6AI9V97HGSCSGJROD2OKVAR7L1 NS DS RRSIG 4E96OTLVH81V106ISLS0QJ4M5QCTRULN.net. 86400 IN RRSIG NSEC3 8 2 86400 20220718055634 20220711044634 45728 net. RkoTaYl9xQX0wdVLMOWslX6LCX7fGJOCLEFAxmYlwgnimN6jSNbuNO6K 44GsMlQrHvp0dJYBI7uUkwSkOhp1ctciO1/9FkeFUfgEXiBBwMZfkUI9 lJA7s9zcAkDbJAPsc2onN9F+0M6QoGafg4RZdQfPUvmTvpZ9ix0YiesT rZWN1VeTsnCUXGVmrE7bKs2novEXBRXCZ46LXjR1V0cDWw== ;; Received 734 bytes from 192.41.162.30#53(l.gtld-servers.net) in 24 ms secure1.entreprises.bnpparibas.net. 14400 IN CNAME secure1.entreprises.net-srv2.bnpparibas.net. ;; Received 106 bytes from 96.7.50.66#53(ns3.domivesta.net) in 60 ms qname-minimization a off: dig @127.0.0.1 secure1.entreprises.bnpparibas.net ; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 secure1.entreprises.bnpparibas.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7604 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 925168ef2d02997b0100000062cd9276ba9d330e5f8bf06c (good) ;; QUESTION SECTION: ;secure1.entreprises.bnpparibas.net. IN A ;; ANSWER SECTION: secure1.entreprises.bnpparibas.net. 14400 IN CNAME secure1.entreprises.net-srv2.bnpparibas.net. secure1.entreprises.net-srv2.bnpparibas.net. 30 IN A 159.50.187.25 ;; Query time: 432 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jul 12 15:25:42 UTC 2022 ;; MSG SIZE rcvd: 164 dig @127.0.0.1 +trace secure1.entreprises.bnpparibas.net ; <<>> DiG 9.16.1-Ubuntu <<>> @127.0.0.1 +trace secure1.entreprises.bnpparibas.net ; (1 server found) ;; global options: +cmd . 518300 IN NS i.root-servers.net. . 518300 IN NS a.root-servers.net. . 518300 IN NS l.root-servers.net. . 518300 IN NS m.root-servers.net. . 518300 IN NS b.root-servers.net. . 518300 IN NS e.root-servers.net. . 518300 IN NS d.root-servers.net. . 518300 IN NS f.root-servers.net. . 518300 IN NS g.root-servers.net. . 518300 IN NS h.root-servers.net. . 518300 IN NS c.root-servers.net. . 518300 IN NS j.root-servers.net. . 518300 IN NS k.root-servers.net. . 518300 IN RRSIG NS 8 0 518400 20220725050000 20220712040000 20826 . dpygLUQn3iomdBRiT7h6IzUwq2/FPvoWoTqc0MYjoeOGNiNrpio/1j/K FsZ1BJhD3dsHHKNmprBY91zguTheTPQpA6AIqzZZyGR2IqBZN8yrZWwB PlaGnWlIbDJkBpNMXLb579zAMzQJs4mUvEqf0PBWBh4anYc3OzLEKNCP zMt9qEw/y8G1Jg8IjTwX2Qnl7U9RwMfl/3qcEJWJ6CfBlsqezDnP7c+9 IrlfP/kSQxIe6g7DkFndG50Xp+OMtkVr9+ZQAgr3J5TJ0qeLNPO/219S JWus8wEEGRJDWFroj/cvWS8+vII5w/6mIV+wsDrhzxVIuCFMy8tFo2GL rhphWg== ;; Received 1137 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 86400 IN DS 35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8BD973EE net. 86400 IN RRSIG DS 8 1 86400 20220725050000 20220712040000 20826 . mZle8q/X7471+/Gau9gxqbTRJQDoc9hQsMkt9vQV0oO3Z+dwGI8PUxiN azCtkzSHEQ/pTGH5N2zshvMEjvWF979CTIWZY0kWDwuD3PNDTGL4eNVi kXtUupOs+DHqDn2kYMlFzOSXAGFh5z49t4W+dZQHwHERsoy5jyLoHJ40 P2MBz8IB7pAj7fCd18coU0NvhR45xqdmyuyv/oHw0ixs5My0mdKXgZc2 C6aPKXoR+Cf2X98j3fH6jIKtc8I2LkKZ5z1HpHCBeml7OzQhYDH9favv 7N4X/U3QGv9e6hjWwI2BvPt6xSNEbH8kpgvtaHDrU/1E5MmKluNggs1k UNc8Dg== ;; Received 1191 bytes from 199.7.83.42#53(l.root-servers.net) in 20 ms bnpparibas.net. 172800 IN NS ns1.bnpparibas.com. bnpparibas.net. 172800 IN NS ns2.bnpparibas.com. bnpparibas.net. 172800 IN NS ns3.domivesta.net. bnpparibas.net. 172800 IN NS ns4.domivesta.com. A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 - A1RTLNPGULOGN7B9A62SHJE1U3TTP8DR NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20220718060316 20220711045316 45728 net. Tt0buHwLN3KMVREYqK5EPSyImnIU5GvwF3bWhVvUSpJww+Om0tL9DlAn vp0bQKadcrsMug8jgtpnBlBjBZ8UKR06OS46E5gCl2JHK/1vz5i434jp 3PqIMVaS3jASoAH2XXEaJ3V3VVrO46iKUZKtc7itLoFyCyiZLoyAHTgy 3sWu575m9V+CsyGmKkfCu+TVKb/HrkSROSxR85yk0KohSw== 4E96OTLVH81V106ISLS0QJ4M5QCTRULN.net. 86400 IN NSEC3 1 1 0 - 4E97OE6AI9V97HGSCSGJROD2OKVAR7L1 NS DS RRSIG 4E96OTLVH81V106ISLS0QJ4M5QCTRULN.net. 86400 IN RRSIG NSEC3 8 2 86400 20220718055634 20220711044634 45728 net. RkoTaYl9xQX0wdVLMOWslX6LCX7fGJOCLEFAxmYlwgnimN6jSNbuNO6K 44GsMlQrHvp0dJYBI7uUkwSkOhp1ctciO1/9FkeFUfgEXiBBwMZfkUI9 lJA7s9zcAkDbJAPsc2onN9F+0M6QoGafg4RZdQfPUvmTvpZ9ix0YiesT rZWN1VeTsnCUXGVmrE7bKs2novEXBRXCZ46LXjR1V0cDWw== ;; Received 734 bytes from 192.12.94.30#53(e.gtld-servers.net) in 32 ms secure1.entreprises.bnpparibas.net. 14400 IN CNAME secure1.entreprises.net-srv2.bnpparibas.net. ;; Received 106 bytes from 23.74.25.65#53(ns4.domivesta.com) in 24 ms -----Message d'origine----- De : frnog-requ...@frnog.org <frnog-requ...@frnog.org> De la part de Daniel via frnog Envoyé : mardi 12 juillet 2022 17:18 À : frnog@frnog.org Objet : Re: [FRnOG] [TECH] Problème de résolution DNS BNP PARIBAS Le 12/07/2022 à 16:55, Jérôme Descoux via frnog a écrit : > Yop, > >> Depuis que nous avons mis a jour nos serveurs bind en 9.16 nous ne pouvons >> plus résoudre des adresses chez BNP PARIBAS. >> Exemple : secure1.entreprises.bnpparibas.net >> >> Avec un bind en 9.11 ça resoud pourtant bien et avec unbound aussi. >> >> Ça serait en lien avec https://dnsflagday.net/2020/ et l'EDNS >> workaround >> >> On arrive pas trop a voir ce qui bloque et si on doit corriger quelque chose >> de notre coté. > Les coupables sont les NS (sns6.bnpparibas.fr ; sns5.bnpparibas.net) gérant > la zone net-srv2.bnpparibas.net. > > Désactive le 'qname minimization', ça devrait résoudre ton problème. Ici il est à strict -- Daniel --------------------------- Liste de diffusion du FRnOG http://www.frnog.org/ --------------------------- Liste de diffusion du FRnOG http://www.frnog.org/
