Hi On 24.05.19 12:41, Witold Krecicki wrote: > Could you try the attached patch (instead of the one you provided) and > see what happens? It stops trying to do qname minimization earlier if it > sees any failures in resolution (e.g. lame servers, as with the domains > you provided), it should work in even more cases than yours does.
Thank you for the provided patch. With the examples I provided before I get the following result: a) if it hits an unexpected RCODE (e.g. REFUSED) then qmin is disabled now and resolution succeeds e.g. federation.exostar.com. bind9 log: lame-servers: info: lame server resolving 'glb.exostarsvcs.com' (in 'glb.exostarsvcs.com'?): 192.73.18.6#53 lame-servers: info: REFUSED unexpected RCODE resolving 'glb.exostarsvcs.com/NS/IN': 173.245.96.6#53 lame-servers: info: success resolving 'federate.prd.glb.exostarsvcs.com/A' after disabling qname minimization due to 'failure' b) if it hits a lame server name with nxdomain then it is still unable to recover/disable qmin e.g. nouveau.europresse.com, clients.eurest.ch. there is no bind9 log entry for nouveau.europresse.com anymore. The original 9.14.2 has logged that qmin got disabled which was not true: lame-servers: info: success resolving 'nouveau.europresse.com,/A' after disabling qname minimization due to 'ncache nxdomain' for clients.eurest.ch. no bind9 log entry is shown with or without the patch. Daniel _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users